DPMC - Cabinet Office - Circulars, Monitoring Regime for Major Information Technology (IT) Projects

Note: This site's content is accessible to all versions of every browser. However, this browser may not support basic Web standards, preventing the display of our site's design details. We support the mission of the Web Standards Project in the campaign encouraging users to upgrade their browsers.

Cabinet Office Circulars

CO (01) 4

10 April 2001

Monitoring Regime for Major Information Technology (IT) Projects

Summary of Key Points

Cabinet has agreed that the public sector IT Monitoring Regime be updated and consolidated, as set out in this circular.
The SSC and Treasury, as the "monitoring agencies", monitor major IT projects to provide assurance to Ministers that chief executives are managing such IT projects effectively.
This circular provides criteria for defining major IT projects, and sets out chief executive responsibilities and requirements of departments regarding business cases and reporting to the monitoring agencies.
Guidance material on developing and managing projects with a major IT component is being updated to take into account developments since it was previously released in 1998, and will be released mid-2001.

Introduction

1

Cabinet has agreed that the public sector IT Monitoring Regime be consolidated and updated to incorporate the recommendations from the INCIS inquiry that reported to Ministers in November 2000. This circular sets out the IT Monitoring Regime recently confirmed by Cabinet [CAB Min (01) 10/2B].

2

The IT Monitoring Regime applies to all public service departments and to the New Zealand Defence Force, the New Zealand Police, the Office of the Clerk of the House of Representatives, the Parliamentary Counsel Office and the Parliamentary Service. It takes effect from the date of issue of this circular.

3

The requirements set out in this circular should be read in conjunction with the guidelines on principles, processes, standards and practices for developing and managing IT projects published from time to time by the State Services Commission and the Treasury.

4

Chief executives are asked to ensure that all staff involved in information technology and information management are familiar with the requirements of this circular.

5

Chief executives are also asked to draw to the attention of Crown entities for which their Minister is responsible, both the regime and Cabinet's recent decision that responsible Ministers may consider directing that the IT monitoring regime apply to specific projects undertaken by Crown entities.

6

Cabinet also agreed that the relevant responsible Minister may also consider directing that the regime apply to specific projects undertaken by the Government Communications Security Bureau or the New Zealand Security Intelligence Service.

The IT Monitoring Regime

7

All major IT projects should comply with the monitoring regime outlined below, and any further requirements that may be reasonable to facilitate effective project monitoring:

Goal

8

The goal of the State Services Commission and Treasury (the monitoring agencies) monitoring major IT projects is to provide second opinion assurance to Ministers on whether chief executives will:

deliver projects on time and within budget, and deliver the promised benefits;
ensure that major IT projects support the delivery of government policy;
ensure that there is sufficient departmental capability for the development and management of IT projects;
minimise risks through effective project management.

Roles

9

The role of the monitoring agencies is to:

provide advice to Ministers on the business case;
monitor progress as the project proceeds;
operate the chief executive accountability regime.

10

For IT projects, the chief executive of the responsible department is accountable for:

ensuring that the business case is sound and the department's risk management, project management, and monitoring structures follow best practice;
delivery of the project and associated benefits, as outlined in the business case; and
ensuring processes are put in place to manage off-track projects, if this becomes necessary;

" Major IT project": defining criteria

11

A major IT project is a new initiative, an ongoing development or acquisition project, an operational system, or other type of IT project that meets any one or more of the following criteria:

the project is not an existing operational system and its projected total life cycle costs are $15 million or more (GST inclusive). Costs include all equipment, software, contractor services, supplies, staff compensation and related staff costs, and inter/intra agency payments;
the project includes a projected IT capital investment totalling $7 million or more (GST inclusive) in any one year;
failure to deliver the project in line with the projected functionality requirements, cost, and timelines, would expose the department to significant risk of impaired operational capability, or expose the Government to significant fiscal or ownership risk;
the project will impact significantly on more than one department or agency;
the responsible Minister has requested that the project be monitored.

Business Case

12

Unless otherwise agreed by the department and Treasury, a two-stage approval process applies to major IT business cases for new capital resources. This two stage process consists of:

Stage 1: on the basis of indicative costs and benefits, seek approval for developing detailed scoping and finalisation of the costs and benefits associated with the project;
Stage 2: final consideration of the business case, based on more fully developed costs and benefits;

13

Irrespective of whether or not a major IT project requires new capital resources, it should be consistent with the department's information systems strategic plan, and should be supported by a business case [Annex 1 to CO (02) 17 Guidelines for Changes to Baselines refers] and a comprehensive project plan.

14

Major IT projects should be broken down into modules, with each module considered as an independent business case within the department's overall IT strategy, unless monitoring agencies and the department agree there are compelling reasons to retain a single large project.

15

Quantitative risk analysis should be used as the basis for appropriations, access to contingency funding, and cash draw-downs for major IT projects, unless relevant Ministers agree that the size and nature of the project do not warrant this approach.

Reporting

16

The monitoring agencies will report regularly to the Minister of State Services and Minister for Information Technology on the risks associated with IT projects across the Public Service, and also report as required on any material adverse developments they become aware of.

17

The monitoring agencies and the department will establish an agreed programme for reporting on risk, including, but not limited to, financial risks, capability risks, technical risks and business risks.

18

Any significant change to the criteria, governance and structure of the project, or any material change in functionality shall be referenced to the business case and reported to the monitoring agencies.

19

The project must have or put in place a formal risk management process that specifies criteria against which internal reporting should be made and includes risk mitigation strategies and contingency plans to deal with risks.

20

On all major IT projects, departments will be required to provide regular independent quality assurance (IQA) reports to the chief executive on key issues and risks arising from the project.

21

Departments will be required to forward copies of IQA reports, and their responses to any IQA recommendations, to the monitoring agencies for monitoring purposes.

22

The monitoring agencies will make provision for external IQA of off-track projects, reporting to the monitoring team but charged to the department.

Guidelines

23

The monitoring agencies will maintain guidelines on principles, processes, standards and practices for developing and managing projects with a major IT component.

24

In consultation with departments and the IT industry, the monitoring agencies are updating the current guidance material to take account of developments since 1998, including the relevant recommendations of the INCIS Inquiry.

25

The new guidance will cover, in particular:

effective and comprehensive planning that takes account of business strategy;
risk management, especially in the case of new technology;
governance and project management;
human resources and capability, including the use of peer review and external experts; and
contract issues, including relationships with contractors.

Further Advice and Information

26

If you require further advice, please contact:

Grant Avery,
State Services Commission Ph: 495 6772
Email: Grant.Avery@ssc.govt.nz

Iain Cossar,
Treasury Ph: 971 6275
Email: Iain.Cossar@treasury.govt.nz

Marie Shroff
Secretary of the Cabinet

‹ Back to Circulars

Top Site Map | Privacy Statement | Copyright | Disclaimer | About this site