Governance

Minimum you need to do

Set up good governance from the start. Enable clear decision-making authority and accountability throughout your project.

Set up a governance structure

Enlist the help of existing governance forums to get senior leadership buy-in and build support for what you’re working on. Or set up a governance group to be involved in your product from the start. Identify and involve people with the most influence. Use them as mentors to help identify risks or concerns.

They could be a project sponsoring group made up of senior people responsible for the service, and others who represent stakeholder and user needs. Consult with them to get strategic direction, resolve any blockers, raise awareness and find the resources that can help you.

For example, you could engage an existing senior ICT, customer or digital group early on. They would be making whole of government decisions about customer and digital initiatives.

Plan for governance

When you plan for good governance at the outset you are putting in place the structure and process to:

  • align everyone with a common vision
  • make clear your expectations for people’s roles and their responsibilities
  • minimise risk
  • enable good decision making.

Establishing governance arrangements for your project can help you:

  • raise the profile of your project with senior leaders. They can then raise awareness in their own teams
  • get buy in and collaborate with agencies
  • be transparent with decision-making
  • avoid the pitfalls of poor planning
  • comply with any policy or legal requirements.

Know your requirements

Every project has a unique context. You may need to comply with various requirements during the design, build and implementation phase.

Speak to the governance support functions in your agency early on to understand:

  • any requirements and standards you need to comply with and the actions you need to take
  • how to identify, plan for and manage the level of risk specific to your project
  • the tools and resources you need to support your governance arrangements.

You should plan to address any requirements in your design and build. This will avoid the time and cost of fixing problems that could arise down the track.

For example, when your service collects personal information from your customers. You will need to design data collection processes early on. This will ensure you meet privacy legislation. It will determine how you will store and manage the data so that it is secure.

Plan and manage risk

Determine the level of risk at the outset so you can plan to manage it.

In the planning phase, you should:

  • know what your risks are
  • prioritise those risks
  • consider the impact they will have (on your project and users)
  • know what actions you need to take to address the risks
  • put a process in place to monitor the risks including seeking support where relevant.

Establish a risk management process. Use it throughout your project to:

  • identify the risks
  • know how you will mitigate them
  • build in controls early to help you do this.

Your risk management should be scalable to support you in managing your project. If you determine your project has significant risk, you may need to consider extra governance arrangements and support. This might include seeking more resources or discussing the scope of the project with executives (including project sponsors) and/or the projects steering committee. 

Work with your governance and risk experts to consider the risk management disciplines and mitigations that may be relevant to your project: 

  • disaster recovery and business continuity arrangements 
  • insurance and liability coverage. 
  • procurement and appropriate digital sourcing practices 
  • workplace, health and safety 
  • information security requirements and arrangements 
  • information management and privacy requirements. 

Use agency tools and templates

Ask your agency’s governance and support teams for tools and templates. For example, use a risk register when identifying and managing risk. Otherwise you can access NSW Treasury’s risk management toolkit.

Confirm your assurance mechanisms

Assurance refers to the level of comfort that you have with the support and management of the project. In some instances, you must comply with assurance requirements.  

Identify what assurance mechanisms you need for your project. Assurance processes help you track that your project is running to scope and budget.

You may need to:

  • comply with mandatory assurance reporting
  • have your program evaluated
  • arrange for an audit.

Comply with mandatory assurance reporting

The ICT Assurance Framework is a mandatory, whole of government framework. It applies to ICT and digital projects valued at over $5 million. If this applies to you, you must register your project. Find out more about the ICT Assurance framework and policy to know what to do.arrange for an audit.

Map who’s involved

Define the network of people that will govern, manage, support, deliver, monitor and track how your project is performing.

One of the key pillars of governance is ensuring clarity. Be clear about the roles and responsibilities of your core team and network of stakeholders and their support functions.

Set parameters for your team’s roles. Confirm and document who is responsible for:

  • delegations and decision-making
  • risk management including resolving blockers and managing issues
  • compliance, procurement and reporting functions
  • finances and spending money appropriately
  • disseminating information and promoting success to a wider audience.

Communicating to senior leaders

Communicate relevant information to your senior leaders and any governance forums you report to. The information they receive can impact on decisions they make about your project and its outcomes.

Arrange regular 1:1 meetings and bring them along to your showcases or demos. Show them how you use evidence-based decision making in your project. Highlight the value this has in creating efficiencies and solving problems for government and users. This will continue to bring them along on the journey, and help them to champion your work to other executives.

Establish team processes

Everyone in your team has a role to play in making decisions within their remit. This includes identifying and enabling the reporting of risks and blockers to delivery. Put in place regular communication processes between the team and stakeholders to enable this.

Establish team processes like regular meetings, daily stand ups and retrospectives. This ensures the project team has access to information that can impact their work. Make sure you communicate things such as:

  • blockers or risks
  • changes to scope or direction
  • any decisions made by the executive.

Maintain a decision log so as you pivot, and people come and go in the project, they know what decisions have been made and why. This will ensure your teams can be accountable for their decisions as they build capability and knowledge about the project and your users. Whichever framework you adopt to run your project be clear about:

  • roles and responsibilities
  • resource allocation
  • time and process management.

Talk to the project management experts in your agency. Find out about project management approaches and tools.

Keep a record

You must document and maintain a current record of:

  • stakeholders involved
  • governance controls and processes
  • risks and issues.

Track the time it takes (and any challenges) to report on your project, resolve issues, and get decisions made. This will help you know what processes are working well and what you can improve.

How to show you’ve met the need

You will have:

  • identified the key risks specific to your project. Document how you will manage them during the life of your project and after go-live.

  • documented your governance processes for decision-making and risk management. Include the roles and responsibilities of your core team, support functions and stakeholders.

  • complied with agency and mandatory whole of government reporting, compliance and assurance requirements.

  • registered your ICT and digital project with NSW Government ICT Assurance team - if it is valued at $5 million or over or is of strategic importance or high risk.

Last updated