Project assurance
Learn about assurance and oversight for your project with the Digital Investment Assurance and Support framework.
Last updated on
Understanding project assurance
Project assurance is key to ensuring your project’s success. It offers independent and objective oversight, checking that your project is on track and meeting its goals. The strength of project assurance lies in its early detection of potential issues, allowing for quick fixes and adjustments.
In April 2024, the Deputy Ministers’ Committee on Digital and Data (DMCDD) implemented the Digital Investment Assurance and Support framework. The framework applies to Information Management and Information Technology (IM/IT) projects from the time they receive approval for capital funding to project close-out, and describes:
- Key meetings between the Digital Investment Office (DIO) and ministry staff
- Requirements for performance measurement
- Assurance activities based on a project’s complexity and risk
- Escalation protocols, in case the project experiences issues that threaten successful delivery
The framework has 6 stages:
Business case review
Project assurance starts when the DIO receives your business case. A digital analyst will evaluate your business case and provide an overview and recommendations to the DMCDD or delegate decision maker. The analyst also identifies the project’s tier and assurance activities.
Initial briefing
The initial briefing is a short meeting between the DIO, Responsible Executive Director and Ministry IT/IMB that takes place soon after the project is approved for capital funding. Its purpose is to establish a working relationship, review your funding letter and Assurance and Support Plan, and initiate performance measurement. Following this meeting, the DIO will schedule project health checks and other assurance activities so you’ll know when to expect them.
KPI development and measurement
Within 3 months of capital funding, you will have developed Key Performance Indicators (KPIs) to assess how well your project is achieving its intended outcomes.
Project health checks and ongoing assurance
Your project’s Assurance and Support Plan will describe the assurance activities you can expect on your project. Project health checks are status meetings with the DIO to discuss the project’s progress, financial status and future plans. Lower risk projects will not have health checks.
Escalation
The DIO may escalate projects experiencing persistent, unresolved issues that threaten successful delivery. This means they are subject to specific assurance activities designed to address delivery risk.
Capital completion and close-out
Once the capital portion of your project is complete, you’ll need to close it out.
Key features of the assurance framework
Key features of the project assurance and support framework include:
Proportional assurance
Projects are categorized into one of 3 tier designations based on complexity, strategic significance and risk assessment. Each tier has associated minimum assurance activities, and additional assurance can be applied as needed.
Program area accountability
The DIO’s primary contact for your digital project is the Responsible Executive Director. This person is the Executive Director in the ministry program area who is responsible for the project’s successful implementation.
Support for projects
We know digital project delivery is highly uncertain, challenging and at times complex. The framework emphasizes meaningful support for projects and is intended to support digital teams.
The lightest assurance possible
The DIO acknowledges that assurance activities can be a burden for digital teams. We aim for the lightest assurance necessary, balancing thorough oversight with minimal administrative impact. Our goal is to make these processes efficient and supportive, not obstructive, to your project’s progress.
Escalation protocols
Projects experiencing continuing, unresolved issues or at risk of not delivering outcomes may be escalated. Escalated projects are subject to specific interventions designed to improve project performance.
Transparent assurance and advice
DIO advice to the DMCDD and delegated decision makers on your project is shared with ministries through a Project Assurance and Support Plan (ASP), which is used by all parties to coordinate assurance activities.
Roles and responsibilities
Various roles, such as the DIO, Deputy Minister (DM), Ministry Chief Information Officer (MCIO) and Responsible Executive Director, have distinct responsibilities to ensure project success and align with government and ministry mandates.
- IM/IT Capital Investment Management Framework (PDF, 646KB)
- Guidance for the Responsible Executive Director on IM/IT investments
Project tiers
Projects are categorized into 3 tiers based on complexity, strategic significance and risk profile. Each tier describes specific assurance activities matching the project’s needs.
Category
Description
Examples
Tier 1: Flagship Digital Investments
B.C. government’s most complex and strategically significant digital investments. Responsible for transforming the experience of people and business and realizing whole-of-government or whole-of-sector benefits
Examples include Health Gateway and OneHealthID
Tier 2: Strategically Significant Digital Investments
Significant digital investments that may have whole-of-sector or whole-of-ministry emphasis. They may have a similar importance as Tier 1 investments but with lower cost or delivery risk
Examples include Court Administration Transformation, BC Address Geocoder and most common components
Tier 3: Ministry Priority Digital Investments
Focused on meeting the needs of one ministry, or sometimes a small group of ministries. They generally represent lower risk
Examples are ministry-specific. This tier excludes common components and critical or legacy systems
Your project’s tier
After you’ve submitted your business case to your MCIO for approval, they will propose a tier classification for the project. The DIO will take your MCIO’s assessment into account when recommending a tier classification and associated assurance activities to decision-makers.
A Tier Categorization Rubric (XLSX, 32KB) assists in assigning projects to tiers and considers factors such as impact, readiness, criticality of services, dependencies, solution complexity, external scrutiny, cost and timeframe. The project’s overall score assigns the project to its appropriate tier designation, and the designation usually remains consistent throughout the project’s lifecycle. You may request a copy of the tier categorization rubric for your project at any time from your DIO contact.
Assurance activities
The assurance framework specifies a range of assurance activities that may be applied to a project given its specific tier and circumstances. Some activities are associated with the project’s tier, others may be initiated only if the project is experiencing persistent issues, and still others may be scheduled as needed.
The assurance activities specified in the framework are not intended to replace oversight activities coordinated by individual ministries.
Name
Description
Application
Meeting between program area, ministry IT/IMB and DIO. A lightweight assessment of the overall status and well-being of the project. Agenda includes financial status, achievements to date, current status and next steps
Mandatory for Tier 1 (twice per year) and Tier 2 (once per year). DIO may request project health checks for Tier 3 projects, or more frequent project health checks for Tier 1 and 2
Subject matter expert connections
DIO-recommended consultation with subject matter experts who have experience in similar investments and can provide support to projects
DIO may request a subject matter expert consultation to support you to resolve a specific issue. DIO maintains awareness of SMEs across government and will facilitate the connection
Integrated assurance
DIO presence as observer on project governance and/or sprint review meetings
DIO may request integrated assurance on any project. This activity is used by the DIO to avoid the need for separate stand-alone meetings or paper-based report backs
Information request
DIO request for information pertaining to project delivery (Product roadmap, solution architecture diagram, etc.)
DIO may request information on any project
Status meetings with DIO
Informal check-in meetings between the project team and the DIO for the purposes of assurance, progress tracking and issue resolution
DIO may request status meetings on any project. The agenda is usually targeted to a specific topic (or topics) and is not broad like a project health check
Conditioned (gated) funding
The DMCDD or delegate decision maker may approve funding for your project but withhold a portion of it until a certain condition is met
The DIO usually specifies gated funding:
- For some waterfall projects that have set project milestones
- To support ministries with whole-of-ministry issues
Report back
A formal, written report or document in response to an ongoing risk or issue. This may include a requirement to present the report back to the DMCDD
Sometimes used along with a funding condition (known as gated funding), requiring the ministry to undertake specific actions and provide updates on project status to unlock project funding
DMCDD presentation
A presentation to the DMCDD on project progress, financial status and future work
- Required for funding requests over $1.5M (new projects and change requests)
- Can be an information update in response to a funding condition
- Can be required as an escalation for at risk projects
DIO-initiated project review
Slowing or stopping project velocity to investigate issues and recalibrate scope, resources, delivery approach
and/or
A detailed, independent, third-party assessment of project performance that results in a report and written recommendations
Projects with persistent, unresolved issues that threaten successful delivery
Assurance and Support Plan
The DIO develops an Assurance and Support Plan (ASP) for your project in collaboration with the Responsible Executive Director and Ministry CIO or delegate when the project is first approved for capital funding. The ASP outlines the mandatory level of assurance according to the project’s tier, along with any extra assurance measures requested by the DIO and the rationale behind them.
The ASP template includes project details, funding conditions (if relevant), assurance activities, escalation status, remarks from both the DIO and the ministry, DIO recommendations and action items.
If the DIO wants to add or remove assurance activities on your project, we will discuss these changes with you before they’re made. We will also record the changes in your project’s ASP and ensure you are aware of them.
Escalation
If your project experiences persistent, unresolved issues that threaten successful delivery, the DIO may initiate escalation protocols. This means your project is subject to specific assurance activities designed to address delivery risk. Escalation protocols are only enacted after the DIO has:
- Fully informed your ministry (Responsible Executive Director, MCIO and other relevant contacts) of its concerns as they developed
- Given ample opportunity for the ministry/project team to address risks by other means
- Discussed proposed escalation assurance activities with the ministry and taken ministry concerns into account, and
- Communicated escalation and related assurance activities formally to the Responsible Executive Director through a memorandum from the DCMDD or delegate
The DIO makes its decision to escalate a project in response to the outcomes of various assurance triggers, including project health checks, financial reports, and KPI reports. Escalation can also be requested by the ministry CIO or Responsible Executive Director. If your project is escalated, the DIO will change your Assurance and Support plan to identify specific assurance activities and let you know what to expect.
Possible outcomes of the escalation process include increased assurance, new funding condition(s), a pause on the project or (in very rare cases) project cancellation.
Escalation assurance activities
An escalated project is subject to additional assurance activities. The exact activities will depend on the project’s specific circumstances. Possible escalation assurance activities include:
Additional project health checks
The DIO will specify a new cadence for project health checks.
Report back
The project team may be required to address a specific issue and provide a written report back to the DIO or to the DMCDD.
Project review
Project velocity can be slowed or stopped to investigate project issues and recalibrate the scope, resources and delivery approach. On behalf of the DMCDD, the DIO may request an independent, external (to government) assessment of project performance that results in a report and written recommendations.
If your project is subject to external review, you will work with a vendor to complete it. The DIO will procure the vendor and your ministry will be required to pay the associated costs. We may ask the project team for a report back some time later to understand how you are implementing the recommendations.
DMCDD presentation
Escalated projects may be required to present requests for additional capital to the DMCDD, even if the request is less than $1.5M (the usual threshold for DMCDD decision-making).
Authority for assurance
The DIO coordinates assurance activities on projects funded through the IM/IT capital envelope on behalf of the DMCDD. The DMCDD has delegated authority, including governance and oversight, for the IM/IT minor capital envelope. The DMCDD’s authority to conduct assurance activities is described in 2 key documents:
- The Deputy Minister’s Committee on Digital and Data Terms of Reference
- The Capital Investment Management Framework, section 3.2.2
Reporting
The DIO prepares reports and updates on the overall IM/IT minor capital envelope for each DMCDD meeting. These reports highlight the investment status across digital investment categories and provide insight into the government’s highest risk projects.
Status indicators
The DIO uses status indicators to prepare reports and updates to the DMCDD. This includes tagging escalated projects with an ‘at-risk’ indicator and reporting them as such to the DMCDD. All other projects are reported as ‘in-flight’.