Skip to main content

GCDO assurance services guide

The GCDO Assurance Services Guide provides a common definition of the different types of Independent Quality Assurance (IQA) and Technical Quality Assurance (TQA) services provided under GCDO Assurance Services Panel and can be used to define the scope of an assurance engagement.

GCDO Assurance Services Panel

Assurance versus advisory services

Our definition of assurance is:

An independent and objective assessment that provides credible information to support decision-making.

The key words in our definition are ‘independent and objective’. This means that providers must maintain their independence and objectivity when delivering assurance services. The independence and objectivity of providers may be threatened if they are also providing advisory services to a digital investment. A good test is to ask the question ‘Is a provider able to return in the future and still feel comfortable criticising the scope or quality of any of the deliverables they are reviewing?’

To help illustrate the difference, the following advisory services are not within the scope of the GCDO Panel:

  • Performing portfolio, programme or project management activities
  • Performing technical design or implementation activities, including privacy impact assessments and security certification of new systems
  • Fixing issues identified during the course of an assurance review.

Conflicts of interest such as those above must be assessed prior to selecting a provider and should be continuously re-assessed throughout the lifecycle of an ongoing assurance review.

GCDO assurance services categories

GCDO assurance services for digital investments fall into two broad categories:

  • Independent Quality Assurance (IQA) – Portfolio assurance, Programme assurance and Project assurance
  • Technical Quality Assurance (TQA) – Technical design assurance and Technical implementation assurance

The following tables provide a high level service description of each of the GCDO assurance services categories that can be used as guide to define the scope of an independent assurance review.

Always insist on a tailored and insightful review that assesses the risks to successful delivery and their potential impact on outcomes.

Table 1: IQA for digital investments

Assurance Services Category Provides the SRO with confidence that… High Level Service Description
Project Assurance The project is well positioned to deliver the expected outputs
  • Alignment to and adoption of the agency’s project management framework and public sector best practice guidelines (for example, PRINCE2)
  • Project governance enables timely and effective decision making
  • Project is supported by a robust and viable business case
  • Planning and delivery processes ensure project activities are well controlled
  • Financial management and control of budgets are effective
  • Benefits definition, realisation planning and monitoring are sufficiently controlled
  • Risk and issue management processes are effective
  • Stakeholder engagement and communication processes are effective
  • Controls over the management of vendors / sub-contractors are effective
  • Quality management and assurance processes are effective
  • Change management plan is robust and the business is well positioned to receive the project outputs
Programme Assurance The programme is well positioned to deliver the expected outcomes and benefits related to the organisation’s strategic objectives
  • Alignment to and adoption of the agency’s programme management framework and public sector best practice guidelines (for example, Managing Successful Programmes)
  • Alignment of the programme to organisational strategic objectives
  • Programme is supported by a robust and viable business case
  • The future organisation design will deliver the expected outcomes and benefits
  • Programme governance enables timely and effective decision making
  • Programme planning and control processes are effective
  • Benefits definition, realisation planning and monitoring are sufficiently controlled
  • Risk and issue management processes are effective
  • Stakeholder engagement, communication and change management processes are effective
  • Quality management and assurance processes are effective
Portfolio Assurance The organisation has a robust approach to ‘doing the right things at the right time’
  • Alignment to and adoption of the agency’s portfolio management framework and public sector best practice guidelines (for example, Management of Portfolios)
  • Alignment of the portfolio to strategic objectives
  • Portfolio definition processes are robust
  • Portfolio governance and management processes are effective
  • Benefits definition, realisation planning and monitoring are sufficiently controlled
  • Portfolio risk management processes are effective

Table 2: TQA for digital investments

Assurance Services Category Provides the SRO with confidence that… High Level Service Description
Technical Design Assurance The technical solution design is fit for purpose and will meet business requirements
  • Alignment to and adoption of the agency’s and government enterprise architecture frameworks, technical design standards and best practice guidelines
  • Assessment of the quality of the technical solution design, including the following:
    • Functional suitability – Extent to which the design will meet the stated business needs
    • Performance efficiency – Extent to which the design will meet non-functional requirements in terms of responsiveness and capacity
    • Compatibility – Extent to which the design enables information exchange and interoperability
    • Usability – Degree to which the design enables ease-of-use
    • Reliability – Extent to which the design will meet non-functional requirements in terms of availability and recoverability  
    • Security – Degree to which the design protects information and data
    • Maintainability – Extent to which the design ensures the system can be maintained
    • Portability – Degree to which the design enables the system to be transferred from one platform to another
    • Completeness of technical design documentation set, including traceability of functional and non-functional requirements against the solution design and vice versa
    • Identification of any risks inherent in the design such as extent of customisation, future modification / upgrade capability  and software licensing costs
Technical Implementation Assurance The technical build is fit for purpose and ICT is well positioned to receive the new system
  • Assessment of code and configuration quality against the technical solution design requirements
  • Test strategy and management processes are effective
  • Data migration and master data management is sufficiently controlled
  • ICT transition plan is robust
  • Solution is operable and supportable

Utility links and page information

Did you find what you are looking for?

Your feedback will help us improve this website.

Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Page last updated: