Lifting risk management and assurance capability

The System Assurance team helps to lift risk management and assurance capability by:

• publishing government’s formal assurance frameworks and guidance
• providing independent assurance oversight over high-risk digital investments — see our AoG Portfolio, Programme and Project Assurance Framework
• providing independent assurance oversight over how government organisations are managing their information and communications technology (ICT) risks — see our AoG ICT Operations Assurance Framework
• managing a panel of third party assurance providers, giving government organisations access to highly qualified providers of assurance services — read about the GCDO Assurance Services panel
• sharing lessons learned and examples of best practice to help government organisations work smarter — see Lessons learned and case studies
• managing the government online Self-Assessment Tool which enables government organisations to assess their current level of risk maturity and identify ways they can improve — to read more about this, visit: Enterprise risk maturity
• providing strategic advice on system-wide risks, capabilities and settings.

The system of assurance

The system of assurance is made up of the frameworks, processes, monitoring, capability and culture that, when operating effectively, give stakeholders confidence (assurance) that digital government investments will deliver the right things in the right way to realise the expected benefits.

The system of assurance includes:

• government organisations and their delivery partners
• central agencies and functional leaders, including the Government Chief Digital Officer (GCDO)
• third party assurance providers.

Outcomes

The work of the System Assurance team contributes to the following outcomes:

• Improved governance and decision-making as a result of high-quality assurance information provided at the right time
• Improved confidence that digital investments and ICT risks are well managed and will deliver the expected outcomes and benefits
• Improved business resilience and management of risk as a result of greater visibility of system-wide risks.

Stakeholders

Our work involves the following stakeholders.

Citizens — we contribute to the high levels of trust and confidence that people have in New Zealand's digital public services.

Ministers — we provide Ministers with confidence that digital investments and ICT risks are being managed effectively and will deliver the expected benefits.

Government organisations — we help government organisations to lift their risk management and assurance capability so that they have high-quality assurance information to make informed decisions about their digital investments and ICT risks.

Central agencies and functional leaders — we provide independent oversight over the quality of assurance for digital investments to support central agency investment monitoring.

Assurance providers — we help third-party assurance providers deliver high-quality independent assurance services to government organisations.

Background

In June 2013, Cabinet agreed that, as part of the ICT functional leadership role, the Government Chief Digital Officer (GCDO) is responsible for coordinated oversight and delivery of system-wide ICT assurance.

This was in response to Ministers’ concerns about a succession of problems with information and technology management, including privacy and security breaches, and ICT-enabled project delays, cost escalations and failures. This resulted in reduced public trust and confidence in government ICT. As a result, the System Assurance team was established to support the GCDO in their function.

Cabinet papers

Minutes: Cabinet Meeting: Improving Government Information and Communication Technology Assurance [CAB Min (13) 20/13] — 17 June 2013

Full paper: Improving Government Information and Communication Technology Assurance — 5 June 2013 (PDF 1.5MB)

More information

Email: systemassurance@dia.govt.nz