ICT Technical Assurance will provide specific technical assurance as ICT projects progress through their lifecycle. It provides evidence-based technical findings upon which relevant governance bodies can make key decisions at investment, development and implementation milestones and can be used to support other independent assurance e.g. Gateway or can be stand-alone.
It supports Accountable Officers (AOs) and Senior Responsible Owners (SROs) to ensure that proposed investment in ICT is strategically aligned with Scotland’s Digital Future: Delivery of Public Services.
Why is ICT Technical Assurance Required?
It is designed to ensure proposed technical solutions will meet user and business needs. It complements the Scottish Government’s Independent Assurance (IA) review process and provides a framework to drill down into technical aspects of projects to a greater depth than would typically be done by IA project reviews. It ensures on‑going strategic alignment and informs the technical wisdom of ICT investments in an ever-changing risk environment.
ICT Technical Assurance recognises that a Delivery Strategy may be to contract with a supplier(s) or to build in house – and a number of variants in between. It recognises that an Investment Decision is not necessarily the signing of a contract(s) but may legitimately be the decision to invest internal resources on the development of an ICT solution to a business requirement.
Timing of ICT Technical Assurance
Central Government ICT Projects and Programmes Assurance Framework gives guidance for the fit of ICT Assurance with the Scottish Government's Independent Assurance Review Process.
Role and Responsibilities
SRO and AO - governance and assurance processes for the management of IT investments remains the responsibility of the SRO and AO. It is necessary as part of this role to ensure that the technical solution will meet the business need and fits with the ambitions of the DPS strategies.
Programme & Project Centre of Expertise (PPM-CoE) - support is provided by Scottish Government’s PPM-CoE to AOs and SROs who obtain suitable reviewers as part of Independent Assurance.
ICT Assurance Review Team - there will be IA reviewers, with appropriate ICT technical knowledge and experience. The Team will uphold the same brand values as IA:
- perform against an agreed Code of Conduct
- deliver a quality short report in real time based on evidence from interviews and documentation
- maintain the principle of no surprises by keeping the SRO/AO or ICT lead engaged throughout
The review will typically be a two person team for two days, preceded by a planning day and pre-reading. This may vary according to complexity and risk profile.