Infrastructure Investor Assurance Framework

Infrastructure Investor Assurance Framework

Gateway Coordination Agency Framework

for Capital Projects under the NSW Gateway Policy

September 2022
(original December 2016)

i
 Infrastructure Investor Assurance Framework

1
 Infrastructure Investor Assurance Framework

Summary
Project Name Infrastructure Investor Assurance Framework
Responsible Minister Minister for Infrastructure
Cluster Transport & Infrastructure
Gateway Coordination Agency Infrastructure NSW
Sponsor contact details Head of Investor Assurance
Infrastructure NSW
P+612 8016 0100
E: [email protected]
W: www.insw.com
Priority High
Objectives The application of an independent risk-based assurance process for the State’s
capital projects to identify the level of confidence that can be provided to the
nominated sub-committees of Cabinet that the State’s capital projects are being
effectively developed and delivered in accordance with the Government’s objectives.
Strategic benefits ▪ Increasing transparency regarding project development/delivery risks and progress
▪ Improving public confidence in the timely provision of value for money infrastructure
▪ Contributing to jobs growth and the State’s competitiveness through the delivery of
productive infrastructure.
Relationship with NSW Gateway Policy
Government policies NSW Treasury Guidelines for Capital Business Cases
NSW Framework for Establishing Effective Project Oversight
Proposed commencement Ongoing
Addendum 1 Issued October 2018, original text replaced by new text in the following sections:
▪ Glossary – Cluster Assurance Plans
▪ Section 2.6 – Confidentiality
▪ Table 1: Distribution of regular project reports and Gateway, Health Check and
Deep Dive Reviews
▪ Table 2: IIAF Responsibilities
▪ Table 8: Regular project reporting requirements
▪ Table 9: Performance reporting
Addendum 2 Issued March 2019, updates to text throughout the document to align with
content in the new Gateway review workbooks. In addition, the following non-
material updates were made:
▪ Acronyms section deleted and definitions added/amended in the Glossary
▪ Figure 2: Framework Governance updated
▪ Tables 5, 6 and 7 of previous version consolidated into Table 5
▪ Attachment C: Protocols for finalisation and distribution of Gateway, Health
Check and Deep Dive Review Reports
▪ Attachment G: Tier 1 – HPHR Project Report Template.
Addendum 3 Issued February 2020, updates to text throughout the document to reflect new
Governance arrangements post the 2019 election as well as changes resulting from
the launch of the new NSW Assurance Portal (including projects risk criteria, scores
and weightings).
Addendum 4 Issued March 2021, consolidating the IIAF performance reporting by incorporating
the scope of the IIAF Expert Reviewer Panel and the IIAF Close-Out Plan
Performance Reports into the IIAF Overall Performance Report (Table 7).
Introducing the Capital Portfolio Health Check Review. Permitting the registration of
capital projects valued at under $10 million (as Tier 5 Projects) through the
Assurance Portal. Altering arrangement for Gate 0 Reviews. Updating the Glossary,
definitions and processes as appropriate to the above changes.
Addendum 5 Issued September 2022 to clarify assurance requirements for complex projects that
are split into stages and registered separately for assurance and programs that have
multiple projects as part of the program. These complex projects or programs are to

2
 Infrastructure Investor Assurance Framework

be registered separately for assurance and reviews will be undertaken annually for
complex projects that are rated Tier 1 and determined on an as needed basis for
complex projects or programs rated Tier 2 and 3. This is in response to the findings
of the Audit Office report on WestConnex ‘WestConnex: Changes since 2014’
released 17 June 2021.

3
 Infrastructure Investor Assurance Framework

Contents
1 INTRODUCTION 9
1.1 Capital performance review 9
1.2 Auditor General’s report 10
1.3 Addition of Tier 5 Projects 11
2 FRAMEWORK PRINCIPLES 13
2.1 Infrastructure investor assurance 13
2.2 Benefits 14
2.3 Application 14
2.4 Threshold 15
2.5 Project Tier and IIAF Project Registration report 15
2.6 Confidentiality 16
2.7 Ownership 17
2.8 Governance 18
2.9 Responsibilities 19
2.10 Infrastructure NSW delegation authority 23
3 FRAMEWORK ARRANGEMENTS 24
3.1 Framework outline 24
3.2 Risk-based approach to investor assurance 25
3.3 Assurance requirements 27
3.4 Treatment of projects and programs 36
3.5 The NSW Assurance Portal (Portal) 37
3.6 Performance Reporting 39

Attachments

Attachment A Project registration and risk-profiling process

Attachment B Role of the SRO in the IIAF
Attachment C Protocols for finalisation and distribution of Gateway, Health Check and Deep Dive
Reviews
Attachment D Regular Project Reporting Rating System
Attachment E Project profile/risk criteria, criteria scores and weightings
Attachment F Typical Gateway, Health Check and Deep Dive Review process
Attachment G Tier 1 – High Profile/High Risk Project Report Template
Attachment H Complex projects and programs
Attachment I Examples of typical Modified IIAF Project Registration report for complex projects and
programs

4
 Infrastructure Investor Assurance Framework

Glossary
Term Definition

Assurance Reviews Refers to Gateway, Health Check, Deep Dive and Capital Portfolio Reviews.

Cabinet For the purposes of this document, Cabinet refers to the full Cabinet of the NSW
Government and any relevant standing sub-committees of Cabinet.

Capital Portfolio Health A Review of an agency’s (or relevant part of an agency’s) capital portfolio of
Check Review projects/programs by an independent team of experienced practitioners. Conducted at
the portfolio level to provide insight of portfolio level issues and risks that potentially
impact the successful development, procurement and delivery of projects within the
agency’s capital portfolio.

Capital project A project primarily comprised of one or more of the following elements:
▪ Infrastructure
▪ Equipment
▪ Property developments
▪ Operational technology that forms a component of a capital project

Clearance of gate Notification to a delivery agency by Infrastructure NSW that a Gateway, Health Check or
Deep Dive Review (Assurance Reviews) for a project has been cleared and an
appropriate Close-out Plan is in place to assist with project development or delivery. It
does not constitute approval or an endorsement of a Gateway, Health Check or Deep
Dive Review.

Close-out Plan A document outlining actions, responsibilities, accountabilities and timeframes that
respond to recommendations identified in Gateway, Health Check, Deep Dive and
Capital Portfolio Review Final Reports.

Cluster Assurance Plan A document prepared by Infrastructure NSW in collaboration with delivery agencies
outlining assurance requirements for delivering projects/programs over the financial
year. These plans will be produced annually and updated through the NSW Assurance
Portal every 6-months.

Complex project A project delivered in multiple stages and potentially across varying time periods. This
could also be across a large (but connected) geography. Individual project stages may
be identified during the development phase or during the procurement and delivery
phases. This occurs when individual project stages are being procured and delivered
under different contracts and potentially over different time periods.
In some cases, these individual project stages may have a different Project Tier to the
overall complex project.

Deep Dive Reviews Deep Dive Reviews are similar to a Health Check Review but focus on a particular issue
or limited terms of reference rather than the full range of issues normally considered at a
Health Check Review. These Reviews are generally undertaken in response to issues
being raised by key stakeholders to the project or at the direction of the relevant
Government Minister.

Delivery Agency The Government agency tasked with developing and / or delivering a project applicable
under this Framework and the NSW Gateway Policy.

Equipment The necessary assets used on or to support an infrastructure system and can include
fleet and rolling stock.

Estimated Total Cost The total capital cost of a project or program from inception (strategic planning, strategic
(ETC) business case) to completion of all project development (Final Business Case),
procurement and physical delivery of works, including design, consulting and

5
 Infrastructure Investor Assurance Framework

construction contract award values and internal capitalised costs to government. Does
not include operational costs.

Expert Reviewer Panel An advisory group providing advice on Expert Reviewer capability, gaps and
Advisory Group requirements to support a high performing Expert Reviewer Panel.

Expert Reviewer Panel The Panel comprising independent highly qualified Expert Reviewers established to
cover all aspects of Gateway Review needs.

Gate Particular decision point(s) in a project/program’s lifecycle when a Gateway Review may
be undertaken.

Gate 0 Review The committee performing Gate 0 Reviews which involves providing advice and
Committee recommendations on delivery agency submissions on project need, strategic alignment
and planning to advance a project to strategic and final business cases.

Gateway Review A Review of a project/program by an independent team of experienced practitioners at a

specific key decision point (gate) in the project/program’s lifecycle.
A Gateway Review is a short, focused, independent expert appraisal of the
project/program that highlights risks and issues, which if not addressed may threaten
successful delivery. It provides a view of the current progress of a project/program and
assurance that it can proceed successfully to the next stage if any critical
recommendations are addressed.

Gateway Review The Gateway Review Manager guides the implementation of the Gateway, Health Check
Manager or Deep Dive Review. The Manager facilitates the Review but does not participate in the
Review.

Gateway Review A series of Gateway Reviews held at key decision points in a project/program’s lifecycle.
Process
GCA Framework A framework, designed and operated by a GCA, that assesses the risks associated with
a project or program of a particular nature in order to determine the application of
Gateway. A GCA Framework defines the roles and responsibilities to deliver Gateway
and should align with the Gateway review process outlined in the NSW Gateway Policy.

Health Check Reviews Independent Reviews carried out by a team of experienced practitioners seeking to
identify issues in a project/program which may arise between Gateway Reviews.

ICT project Resources required to acquire, process, store and disseminate information. This
includes stand-alone operational technology projects and programs.

Infrastructure The basic services, facilities and installations to support society and can include water,
wastewater, transport, sport and culture, power, policy, justice, health education and
family and community services.

Infrastructure NSW The dedicated team within Infrastructure NSW responsible for implementing and
Assurance Team administering the IIAF including organising Reviews.

Investor The Government, representing the State of NSW.

Mixed project A project or program that contain a material combination of elements relating to multiple
GCA frameworks.

Modified IIAF Project A document prepared by delivery agencies and lodged with Infrastructure NSW for
Registration report endorsement after completion of a particular Gateway Review, after which a program or
complex project may be considered in its component parts. For complex projects this
would be individual stages, for programs this would be individual projects or
subprograms.
The Modified IIAF Project Registration report outlines the proposed delivery agency
assurance arrangements for future Gateway Reviews for each individual component of
work initiated (stage/project/sub-program).

6
 Infrastructure Investor Assurance Framework

NSW Assurance Portal The online portal administered by Infrastructure NSW for the management of assurance
activities for the Government’s infrastructure program and major recurrent program.

Operational technology Can include systems that relate to service delivery, such as tolling systems, rail signaling
or technology to support a new school or hospital.

Policy Owner For the purpose of the NSW Gateway Policy, the Policy owner is NSW Treasury.

Portfolio The totality of an organisation’s capital investment program.

Program A temporary, flexible organisation created to coordinate, direct and oversee the
implementation of a set of related projects and activities to deliver outcomes and benefits
related to the organisation’s strategic objectives. A program is likely to be longer term
and have a life that spans several years. Programs typically deal with outcomes;
whereas projects deal with outputs.
Projects that form part of a program may be grouped together for a variety of reasons
including spatial co-location (e.g. Western Sydney Infrastructure Program), the similar
nature of the projects (e.g. Bridges for the Bush) or projects collectively achieving an
outcome (e.g. 2018 Rail Timetable). Programs provide an umbrella under which these
projects can be coordinated.
The component parts of a program are usually individual projects or smaller groups of
projects (sub-programs). In some cases, these individual projects or sub-programs may
have a different Project Tier to the overall program.

Project A temporary organisation, usually existing for a much shorter duration than a program,
which will deliver one or more outputs in accordance with an agreed business case.
Under the IIAF a capital project is defined as infrastructure, equipment, property
developments or operational technology that forms a component of a capital project.
Projects are typically delivered in a defined time period on a defined site. Projects have
a clear start and finish. Projects may be restricted to one geographic site or cover a
large geographical area, however, will be linked and not be geographically diverse. A
particular project may or may not be part of a program.
Where a project is delivered in multiple stages and potentially across varying time
periods it is considered a ‘complex project’. Refer to the definition for ‘complex project’.

IIAF Project A document generated in the NSW Assurance Portal with data from the delivery
Registration report agencies and reviewed by Infrastructure NSW for endorsement when registering projects
via the Portal. IIAF Project Registration reports detail proposed delivery agency initiated
project assurance arrangements in line with the IIAF requirements.

Project Tier Tier-based classification of project profile and risk potential based on the project’s
estimated total cost and qualitative risk profile criteria (level of government priority,
interface complexity, procurement complexity, agency capability and whether it is
deemed as an essential service). For projects with an ETC over $10 million, the Project
Tier classification is comprised of four Project Tiers, where Tier 1 encompasses projects
deemed as being the highest risk and profile (Tier 1 – High Profile/High Risk projects),
and Tier 4 with the lowest risk profile. Any project registered in the Assurance Portal with
an ETC of less than $10 million is a Tier 5 project.

Property developments Wholesale and/or retail urban renewal or Greenfield developments managed by the
Government where a capital investment over $10 million has been made to facilitate
those developments.

Commercial Off-set Alternative funding towards optimising the whole of life cost of delivering core
infrastructure within the state through the delivery of commercial opportunities to off-set
the level of Government investment required.

Recurrent proposal Proposals that require funding for additional staff, outsourced service provision,
legislative or regulatory changes including taxes and revenue or grants, as a result of
new Government policies or programs or where there is a significant change in the

7
 Infrastructure Investor Assurance Framework

current funding for an existing policy/program (outside the scope of an agreed parameter
and technical adjustment).

Regular project Routine reporting of projects (based on Project Tier) prepared by Infrastructure NSW
reporting and provided to bodies including the Infrastructure Investor Assurance Committee and
Cabinet.

Review Team A team of expert independent reviewers, sourced from the Expert Reviewer Panel
engaged to undertake a Gateway, Health Check, Deep Dive and Capital Portfolio
Reviews.

Risk Review Advisory An advisory group providing advice to Infrastructure Investor Assurance Committee on
Group proposed Project Tier and IIAF Project Registration reports provided by delivery
agencies and reviewed by Infrastructure NSW.

Senior Responsible The agency executive with strategic responsibility and the single point of overall
Officer accountability for a project/program. Refer to Attachment B for further detail.

8
 Infrastructure Investor Assurance Framework

1 INTRODUCTION
The NSW Government has agreed to establish the Infrastructure Investor Assurance
Framework (IIAF) to better apply the level of external independent assurance through the
NSW Gateway Review System based on risk. This document outlines the IIAF, a Gateway
Coordination Agency (GCA) framework for capital projects as an element of NSW Gateway
Policy. The IIAF is structured in two parts:
• Framework principles
• Framework arrangements.
The objective of the IIAF is to ensure the Government’s key infrastructure projects across
NSW are delivered on time and on budget through the implementation of this risk-based
external assurance framework. The purpose of the IIAF is also to ensure that Cabinet is
supported by effective tools to monitor the NSW Government’s infrastructure program,
receive early warning of any emerging issues, and to act ahead of time to prevent projects
from failing.

1.1 Capital performance review

In November 2013, the NSW Government undertook a Capital Performance Review aimed
at lifting the quality of oversight and the effectiveness of decision-making across government
for major capital investments. The review set out to define good practice principles,
undertake a gap analysis of current frameworks, review practice in NSW and elsewhere, and
identify ways to improve assurance for major projects in NSW.

The Review, sponsored by Infrastructure NSW and NSW Treasury, was assisted by an
Executive Steering Group comprising the CEO of Infrastructure NSW, Secretary of NSW
Treasury, and senior executives of Transport for NSW (TfNSW), Ministry of Health, Sydney
Water and Ausgrid.

The Capital Performance Review sought to understand the outcomes government

infrastructure expenditure is achieving, and to identify ways that government can improve
value for money outcomes and mitigate risk across the infrastructure lifecycle, from early
stage planning and prioritisation through to delivery and procurement and managing the use
of its assets. Specifically, the review sought to:
• identify what drives capital decision-making and how well agencies make these
decisions, comparing regulated with non-regulated agencies, and consider how well
existing assets are being used
• identify best practice in asset management, project procurement, project delivery and
apply learnings across agencies.
The principal finding of the Review was that there is a need for stronger investor oversight
and assurance. In practice, it is too often the case that assurance protocols follow rather
than precede project commitments. The implication of this is that the Government as an
investor is playing ‘catch-up’ with the Government as a deliverer.

9
 Infrastructure Investor Assurance Framework

The Review found that the most critical opportunity to improve capital performance lies in
improving the processes used at the centre of government, with a specific focus on the
“investor perspective” and the role of the investor at all stages of the capital investment
lifecycle. The role of the investor is to ensure that scarce capital is used as effectively as
possible to deliver defined social, economic and other outcomes. It is a broader perspective
than that of a project team, which is generally focused on outputs such as the delivery of
scope as specified, on time and within budget. Strengthening the investor oversight and
assurance function provides a foundation for enhancing agency practices and improving
investment outcomes.

To ensure “whole of government” investor oversight of major capital projects over $100
million, in December 2014 the NSW Government endorsed the outline of the Infrastructure
Investor Assurance Framework (IIAF) proposed by Infrastructure NSW as the GCA. This
also included approval to establish the Infrastructure Investor Assurance Committee (IIAC)
convened, chaired and managed by Infrastructure NSW.

1.2 Auditor General’s report

In May 2015, the Audit Office of NSW released the New South Wales Auditor-General’s
Report Performance Audit Large construction projects: Independent assurance.1
This Audit Report tested the effectiveness of the NSW capital project assurance processes,
and compliance with these in the case studies evaluated. The Auditor-General made several
observations around the investor assurance framework including:

• NSW has “adopted a relatively low monetary threshold for mandatory Gateway reviews
for preliminary and final business cases compared to other jurisdictions. There is scope
for New South Wales to focus its Gateway efforts more towards larger, more complex
projects.”
• NSW was “the only jurisdiction requiring mandatory Gateway reviews at the preliminary
and final business case stages for projects not assessed as high risk and costing as low
as $10 million.”
• Current NSW guidance on Gateway reviews “has no requirement to tailor the duration of
a review or the composition of the review panel in terms of skills or size to the value, risk
or complexity of the project. We consider this is a deficiency in the guidance material,
which could take greater account of risk.”
• “In view of these disparities, there is an argument that aspects of the capital project
assurance system, including Gateway reviews, could have a greater focus on larger,
more complex projects.”

1
Auditor-General of NSW (2015), Performance Audit Large construction projects: Independent assurance, Sydney, 7 May
2015.
http://www.audit.nsw.gov.au/ArticleDocuments/362/01_Large_Construction_Projects_Independent_Assurance_Complete_Full_
Report.pdf.aspx

10
 Infrastructure Investor Assurance Framework

The recommendations of this Audit Report included:

• “The Treasury should: review the capital project assurance system for capital projects
costing less than $100 million, including the Gateway review process and its monetary
thresholds to introduce a greater focus on project risk, noting that cost is only one
component of risk (by December 2015); enhance assurance processes surrounding
major scope variations (by December 2015).”
• “Infrastructure NSW should: report publicly on implementation of, and compliance with,
the Investor Assurance Framework (by December 2015).”
In June 2015, the NSW Government decided to further enhance the governance and
oversight of capital projects by:
• moving responsibility for all independent assurance of capital projects valued at
$10 million or greater to Infrastructure NSW, being supported by IIAC
• requiring project assurance reports to be routinely examined by Cabinet.
Infrastructure NSW began transitioning all independent assurance for capital projects in June
2015. At the same time as these transition arrangements were put in place, development of
the full policy framework to support its new role began. The final IIAF policy document was
endorsed by Government in June 2016.

In July 2016, NSW Treasury issued a Treasury Circular (TC16-09)2 advising all relevant
delivery agencies that they are required to adhere to the protocols as outlined in the IIAF
policy document administered by Infrastructure NSW.

Infrastructure NSW reported on key metrics for the first year of investor assurance activities
under the IIAF for the first time in its 2015-16 Annual Report3.

1.3 Addition of Tier 5 Projects

In July 2020, IIAC endorsed the registration in the NSW Assurance Portal of projects with
Estimated Total Cost (ETC) under $10 million to facilitate Government Commitment
(Delivery and Performance Master List (D&PML)) reporting and improved monitoring and
reporting of programs and precincts.

It is important to note that the requirement to register projects with ETC under $10 million is
only for where it has been determined by Department of Premier and Cabinet (DPC) the
project is a Government Commitment for inclusion in the D&PML.

NSW Cabinet requires regular reporting on Government Commitments, which is coordinated

through the DPC using the Delivery and Performance Master List (D&PML) process.
Infrastructure NSW, in combination with agencies, currently provides available information to
DPC on Tier 1, 2, 3 and 4 projects to reduce duplication in reporting.

2
http://www.treasury.nsw.gov.au/__data/assets/pdf_file/0009/128907/TC16-
09_Infrastructure_Investor_Assurance_Framework_IIAF_-_pdf.pdf
3
http://www.infrastructure.nsw.gov.au/media/57057/infrastructure_nsw_annual_report_2015-2016.pdf

11
 Infrastructure Investor Assurance Framework

Infrastructure NSW has developed a module within the NSW Assurance Portal to assist in
D&PML reporting. This module includes:
• Functionality to incorporate a new tier for infrastructure projects below $10 million (which
are automatically classified as Tier 5)
• Migrated project information of some of the corresponding data fields contained in the
D&PML
This enhancement to enable reporting of Government Commitments for infrastructure
projects through the NSW Assurance Portal has the benefits of:
• Streamlining reporting and reducing the administrative burden on delivery agencies
• Improving the quality and integrity of data
• Maintaining the confidentiality of cabinet sensitive data through the secure NSW
Assurance Portal
• Enabling improved insights on projects, precincts and the infrastructure program

12
 Infrastructure Investor Assurance Framework

2 FRAMEWORK PRINCIPLES

2.1 Infrastructure investor assurance

The NSW Infrastructure Investor Assurance Framework (IIAF) is an independent4 risk-based
assurance process for the State’s capital projects. It identifies the level of confidence that
can be provided to Cabinet that the State’s capital projects are being effectively developed
and delivered in accordance with the Government’s objectives.

The key features of the framework are:

• a single point of accountability for independent assurance across all capital
projects/programs vested in Infrastructure NSW, reporting to the Premier of NSW and
Cabinet
• a focus on what matters by taking a tiered approach based on risk assessment
• ensuring collective accountability among delivery agency Secretaries / CEOs for best-
for-Government outcomes through the IIAC, reporting through the Premier of NSW and
Cabinet
• escalating the levels of scrutiny and/or interventions applied to projects as and when
emerging risks are reported/detected
• improved reporting and data collection through the development of a single fit-for
purpose reporting tool.
Infrastructure investor assurance is applied through a range of tools including:
• a series of short, focused, independent peer Reviews at key project milestones. The
peer reviews are independent of delivery agencies and projects and include Gateway
Reviews and periodic Health Check and Deep Dive Reviews (Assurance Reviews)5
• Capital Portfolio Health Check Reviews6
• risk-based project reporting provided by delivery agencies
• risk-based project monitoring conducted by Infrastructure NSW.
Infrastructure investor assurance is not an audit, approval or an endorsement process.
Rather, it is a process to complement project development and delivery to aid prevention of
project failure.

The IIAF does not take away from:

• delivery agency project management or assurance requirements to meet internal
governance arrangements
• the need to prepare business cases to support funding decisions in the event that a
project does not require a Gateway Review under the IIAF.

4
Independent refers to independent of a delivery agency and a project team.
5
Refer to detailed definition of Gateway, Health Checks and Deep Dive Reviews in Section 3.3.1
6
Refer to detailed definition of Gateway, Health Checks and Deep Dive Reviews in Section 3.3.1

13
 Infrastructure Investor Assurance Framework

2.2 Benefits
Moving to a risk-based approach, managed by a centralised independent body, will achieve
the following benefits for the Government and the public:
• a consistent whole-of-government approach to investor assurance
• a focus on the outcomes or benefits delivered as a result of the investment in
infrastructure, and not just the outputs (built form)
• a regular level of due diligence that reflects the level of budget risk and complexity for
each project, focusing investor assurance resources towards high risk complex projects;
• increasing transparency for Government regarding project development/delivery risks
and progress
• contributing to improved levels of compliance with the Gateway Review process applied
from the commencement of project development to project implementation
• fostering the sharing of skills, resources, experience and lessons learned within and
across the government sector
• more systematic and transparent metrics for Government
• greater analytic support for the Government as an investor, before and after an
investment decision has been made, rather than project-level assurance only
• improving public confidence in the timely provision of value for money infrastructure
• contributing to jobs growth and the State’s competitiveness through the delivery of
productive infrastructure.

2.3 Application
The IIAF applies7 to all capital projects being developed and/or delivered by General
Government agencies and Government Businesses as well as capital projects being
developed or delivered by State Owned Corporations as required by NSW Treasury
including projects with commercial offsets.

Secretaries and Chief Executives are accountable for ensuring all capital projects meet the
requirements of the IIAF. Capital projects include:
• Infrastructure8
• Equipment7
• Property developments7
• Operational technology that forms a component of a capital project7
• Other projects or programs as directed by Cabinet9.

7
http://www.treasury.nsw.gov.au/__data/assets/pdf_file/0009/128907/TC16-
09_Infrastructure_Investor_Assurance_Framework_IIAF_-_pdf.pdf
8 Refer to definitions in Glossary
9
Or as directed by the Premier.

14
 Infrastructure Investor Assurance Framework

Projects will fall within the scope of the IIAF if they meet the following criteria:
• new projects
• projects yet to submit a business case to NSW Treasury, unless excluded by the GCA
• projects currently in procurement or in delivery, unless excluded by the GCA
• projects otherwise nominated by the Policy Owner.

2.4 Threshold
All capital projects valued at an Estimated Total Cost (ETC) of $10 million and above are to
be registered with Infrastructure NSW using the NSW Assurance Portal (the Portal). It is
mandatory for these projects to be registered to consider the Project Tier. This is to
determine the applicability of Assurance Reviews and level of project reporting and
monitoring required.

In addition, capital projects with an ETC of under $10 million and determined by DPC to be
Government Commitments, for inclusion in the D&PML for reporting to Cabinet, must be
registered by the responsible agency in the Assurance Portal. These registrations are
automatically assessed as Tier 5 projects.

It is the responsibility of agencies to ensure data and information on projects registered

through the Portal remains up-to-date and accurate.

2.5 Project Tier and IIAF Project Registration report

Initial Project Tier assessments are made by delivery agencies in the Portal. Delivery
agencies also lodge an initial IIAF Project Registration report for endorsement when
registering. The IIAF Project Registration report must meet the minimum requirement for
Gateway Reviews outlined in this Framework.

Following review of the initial tier and IIAF Project Registration report by the Infrastructure
NSW Assurance Team and advice from the Risk Review Advisory Group, Infrastructure
NSW will make recommendations to the IIAC seeking endorsement of the Project Tier.10

Where the Risk Review Advisory Group advice in relation to the Project Tier is contrary to
that nominated by the delivery agency, the delivery agency will be offered a ‘right of reply’.
The ‘right of reply’ provides the agency with an opportunity to contest the nomination with
justification before the advice is provided to IIAC for endorsement.

The Project Tier will be reported to Cabinet for noting. Delivery agencies will then be notified
of the endorsed Project Tier for each project. This process is detailed in Attachment A.

Delivery agencies are required to update the Project Tier in the Portal, in consultation with
Infrastructure NSW, for all projects:

10
Refer to 2.9 Responsibilities.

15
 Infrastructure Investor Assurance Framework

• where there are material changes to project risk/profile criteria, scope, procurement or
budget
• upon request by Infrastructure NSW.
Project Tiers will be routinely reviewed by the Infrastructure NSW Assurance Team. If a
change is considered to be required, advice from the Risk Review Advisory Group will be
sought before Infrastructure NSW will make recommendations to the IIAC seeking
endorsement of the amended Project Tier

2.6 Confidentiality
It is in the public interest that project
confidentiality is retained so that issues can be
openly identified and ‘best for project’
mitigations can be developed and actioned
immediately. Government as the investor also
needs transparency to take decisions. Figure 1 Confidentiality balance

Infrastructure investor assurance is a confidential process seeking to provide value to both

the project and the investor whilst balancing the project confidentiality and government
transparency requirements.

Assurance Review reports are confidential between the nominated delivery agency Senior
Responsible Officer11 (SRO) and Infrastructure NSW. Regular project reporting and
Assurance Review reports12 are prepared for examination by Government. These are also
provided to Cabinet and are therefore classified ‘Sensitive: NSW Cabinet’.

11
Refer to discussion on the role of SRO in Attachment B
12
Final Assurance Review reports refers to reports that have been reviewed by the nominated delivery agency SRO and
include a Close-out Plan responding to the report recommendations.

16
 Infrastructure Investor Assurance Framework

In addition to the delivery agency and Cabinet, Infrastructure NSW will only distribute reports
for the following as indicated in Table 1:
• Final regular project reports
• Summary of the outcomes of Assurance Reviews
• Full final Assurance Review reports11.

Table 1 Distribution of regular project reports and Gateway, Health Check and Deep Dive Review reports

Party Final regular project Summary of outcomes Assurance Review

reports of Assurance Reviews reports

NSW Treasury Routinely Routinely To support investment or

financing decisions made
by ERC

Department of Premier Routinely Routinely Routinely

and Cabinet

Delivery agency Routinely Routinely Routinely14

Secretaries / CEOs13

Premier and Treasurer Routinely Routinely Routinely

2.7 Ownership
All project data and information is owned by the agency supplying the data and information
to Infrastructure NSW. Agencies are required to ensure that accurate, current, consistent
and complete information is provided and maintained in the Assurance Portal and that this
information is consistent with other relevant government platforms, including Treasury,
Department of Premier and Cabinet and the agency’s own internal project and reporting
systems.

Expert Reviewers, engaged by Infrastructure NSW, prepare Assurance Review reports on

behalf of Infrastructure NSW. These reports are ‘Sensitive NSW Cabinet’ documents and
remain the property of Infrastructure NSW until finalised. Once finalised, reports become the
property of the relevant delivery agencies to take actions as required. The data and reports
remain ‘Sensitive NSW Cabinet’ documents and delivery agency SROs (as owners of
reports) can distribute reports within Government at their discretion, having regard to the
confidential nature of the data and reports. Attachment C details distribution protocols for
this information.

13
Only for projects within the cluster
14
Copies are initially provided to the nominated delivery agency SRO

17
 Infrastructure Investor Assurance Framework

2.8 Governance
The Framework is supported by governance arrangements to guide high performing
assurance, which is illustrated broadly in Figure 2 below. The functions of the key
governance groups are outlined, along with other responsibilities, in Table 2 below.

Figure 2 Framework Governance

An Assurance Team has been established within Infrastructure NSW to conduct the
assurance functions required under the IIAF. Senior staff within the Assurance Team have
been assigned to particular sectors to provide a single point of contact for delivery agencies
and central government. The Assurance Team will be responsible for:
• regularly meeting with delivery agency capital program managers and project directors
• liaising with delivery agencies in the preparation of Cluster Assurance Plans
• organising Assurance Reviews as required
• preparing overview reports post-Assurance Reviews
• overseeing close-out plan sign-off and reporting
• overseeing regular project reporting
• providing insights and perspective on the capital program
• providing a single point of contact for delivery agencies and central government.

18
 Infrastructure Investor Assurance Framework

2.9 Responsibilities
The responsibilities of the various bodies involved in the IIAF are described in Table 2.
Table 2 IIAF Responsibilities

Group Responsibilities

Infrastructure NSW Responsible for IIAF administration, performance and reporting to Cabinet, including:
▪ Provides a dedicated Assurance Team including Gateway Review Managers to
coordinate Reviews.
▪ Establishes and maintains an appropriate Expert Reviewer Panel.
▪ Monitors the performance of individual expert reviewers.
▪ Determines appropriate expert reviewers, and manages scheduling,
commissioning and administration of Assurance Review reports.
Infrastructure NSW is independent of the Expert Review Team.
▪ Monitors Tier 1 – High Profile/High Risk projects, Tier 2 and Tier 3 (if required)
project performance through independent Assurance Reviews.
▪ Provides independent analysis and advice on key risks and any corrective actions
recommended for Tier 1 – High Profile/High Risk, Tier 2 and Tier 3 projects.
▪ Escalates projects to IIAC and Cabinet where projects present ‘red flag
issues’15and where corrective action is needed.
▪ Works with delivery agencies to register all capital projects with an ETC greater
than $10 million and ensures they are risk profiled and assigned a risk-based
project tier with an endorsed IIAF Project Registration report.
▪ Works with DPC and delivery agencies to register all capital projects with ETCs of
under $10 million as Tier 5 projects, where it has been determined by DPC the
project is a Government Commitment for inclusion in the D&PML
▪ Prepares forward looking annual Cluster Assurance Plans.
▪ Maintains and continuously improves the IIAF process.
▪ Reports to the IIAC, Cabinet and Infrastructure NSW Board on
- IIAF Overall Performance Report.
▪ Reports to the IIAC and Cabinet:
- IIAF Cluster Assurance Plans
-
- IIAF Trends and Insights Report
- Proposed Project Tier and corresponding IIAF Project Registration report
- Project status reports for Tier 1 - High Profile/High Risk projects (monthly) and
Tier 2 and Tier 3 projects (quarterly)
- Assurance Reviews and Close-out Plans16 for Tier 1 - High Profile/High Risk
projects (monthly) and Tier 2 and Tier 3 projects (quarterly)
- Mitigation plans for projects presenting a red flag for any of the status areas.
▪ Reports to Infrastructure NSW Board:
- Operational management of assurance with a focus towards systems and
controls and not project-specific data; and.
- Red or deteriorating status for Tier 1 – High Profile/High Risk projects, by
exception.
▪ Regularly report to NSW Treasury on the performance of the IIAF.

15
Issues which trigger a shift in project traffic light ratings to Red (refer to Attachment D for regular project reporting rating
systems).
16
Refer to detailed explanation of close-out plans Section 3.3.1

19
 Infrastructure Investor Assurance Framework

Group Responsibilities

Infrastructure NSW Board The primary role for the Infrastructure NSW Board is to ensure the adequacy of
Infrastructure NSW’s operational management of assurance. This means that the
Board’s focus is towards systems and controls, and not project-specific data.
For the Board to discharge these functions, its assessment and assurance of
Infrastructure NSW’s functions should be guided by the reports available to it, as
outlined later in this report.
By exception, the Board also considers red or deteriorating status for Tier 1 – High
Profile/High Risk projects and may provide advice to Cabinet through the Board Chair.

Infrastructure Investor The remit and provenance of the IIAC is to support the achievement of best-for
Assurance Committee Government outcomes from the development and delivery of capital projects. In carrying
out its functions the Committee:
▪ Endorses recommendations for Project Tier and corresponding IIAF Project
Registration report for noting of Cabinet;
▪ Endorses Tier 1 – High Profile/High Risk project reports for scrutiny by Cabinet;
▪ Monitors capital projects endorsed for scrutiny by Cabinet to avoid project failure
and support success; and
▪ Provides Cabinet high-level guidance and/or advising the need to escalate the
levels of scrutiny and/or interventions.
The Committee ensures all capital projects being considered by Cabinet are
accompanied by investor-level assurance advice and risk mitigation strategies.
Decisions, informed by the IIAC’s advice, would remain with Cabinet as at present.
Accountability for the development and delivery of projects would remain with delivery
agencies as at present.
Additional functions of the Committee include:
▪ Ensuring that strategic infrastructure planning and project development/delivery are
being appropriately coordinated; and
▪ Promoting consistency and good practice in relation to economic appraisals, whole
of life asset management and governance.

NSW Treasury Overarching policy responsibility for NSW Gateway Policy, Economic Appraisals and
Business Cases. As Policy Owner, the role includes:
▪ monitoring the application of the NSW Gateway Policy;
▪ confirming the applicable GCA Framework and informing the concerned parties
where there is dispute or confusion as to the appropriate GCA to deliver Gateway
▪ determining the appropriate GCA Framework a mixed project should follow (i.e.
where it contains a material combination of more than one element of different
frameworks).
▪ reporting on the performance of the NSW Gateway Policy, including the
performance of the GCA Frameworks, after one year of operation and annually.
For projects being delivered by Infrastructure NSW (Projects NSW), the Policy Owner
(NSW Treasury) will allocate the responsibility to the appropriate GCA. This GCA will
undertake the following elements of the IIAF17:
▪ Determines appropriate expert reviewers, and manages scheduling, commissioning
and administration of Assurance Reviews. NSW Treasury is independent of the
Expert Review Team.

17
As Infrastructure NSW would be performing both the role of delivery/ sponsor agency and GCA, for assurance requirements
of Projects NSW projects, all references to responsibilities or roles for:
• Infrastructure NSW should be interpreted as the nominated GCA
• Chief Executive Officer of Infrastructure NSW should be interpreted as Secretary or Chief Executive Officer of the
nominated GCA
• Infrastructure NSW Assurance Team should be interpreted as relevant nominated GCA officers.

20
 Infrastructure Investor Assurance Framework

Group Responsibilities

▪ Monitors project performance through independent Assurance Reviews.

▪ Provides independent analysis and advice on key risks and any corrective actions
recommended for projects.
▪ Escalates projects to the IIAC and Cabinet where projects are at risk and where
corrective action is needed.
▪ Reports to the IIAC and Cabinet on:
- Assurance Reviews and Close-out Plans
- Project status and mitigation strategies for red flag issues.

Department of Premier Coordinates and manages reporting to NSW Cabinet on capital infrastructure
and Cabinet Government Commitments using the Delivery and Performance Master List (D&PML)
process. Works with Infrastructure NSW to ensure delivery agencies register all relevant
capital projects with ETCs of under $10 million as Tier 5 projects, where it has been
determined by DPC the project is a Government Commitment for inclusion in the
D&PML.
Expert Reviewer Panel; The Panel comprises independent highly qualified Expert Reviewers established to
Expert Review Teams cover all aspects of Gateway Review needs. A Review Team, for Gates 1 through 6, is
drawn from the panel. A Review Team conducts high performing Assurance Reviews.
Panel members can also be drawn upon to provide advice to Infrastructure NSW on
projects and to the various assurance committees on an as needs basis. Panel member
performance is to be reviewed regularly and membership updated.

Expert Reviewer Panel The Group provides advice on the Expert Reviewer Panel capability, gaps and
Advisory Group requirements to support a high performing Expert Reviewer Panel. The Group also
considers Expert Reviewer Panel member nominations and recommendations as well
as the performance of individual panel members.
Risk Review Advisory The Group provides advice to the IIAC on the Project Risk Profiles and IIAF Project
Group Registration reports provided by delivery agencies and reviewed by Infrastructure NSW.
Gate 0 Review Committee The Committee performs Gate 0 Reviews which includes providing advice and
recommendations on delivery agency submissions on the project need, strategic
alignment and the planning to take the project to strategic and final business cases.
Department of Finance, May be called upon to provide guidance and expertise on capital projects/programs with
Services and Innovation major ICT elements as part of the assurance process within the IIAF.
Delivery Agency The delivery agency must identify the appropriate GCA Framework for a project/
program and to adhere to the approach in the relevant GCA.
The delivery agency is responsible for meeting IIAF requirements, including:
▪ Registration and risk profiling of projects:
- Registers all capital projects over $10 million (ETC). This applies to new projects
and existing projects not yet operational;
- Registers all capital projects under $10 million (ETC), where that project has
been identified by DPC as a Government Commitment for inclusion in the
D&PML.
- Self-assesses Project Tier and prepares corresponding IIAF Project Registration
report.
- Updates Infrastructure NSW on changes of project risk criteria that may affect
the Project Tier; and
- Updates Infrastructure NSW on proposed changes to IIAF Project Registration
report requirements.

21
 Infrastructure Investor Assurance Framework

Group Responsibilities

▪ IIAF Gateway, Health Check and Deep Dive Reviews (Assurance Reviews)18:
- Registers in a timely manner for Assurance Reviews
- Provides in a timely manner all relevant information to support Assurance
Reviews
- Ensures SRO participation in Assurance Reviews
- Responds to requests for fact checks of the draft Reports in a timely manner
- Provides a delivery agency endorsed response to recommendations in a timely
manner
- Prepares formal Close-out Plan, for endorsement by Infrastructure NSW, for
each Assurance Review
- Provides regular updates to Infrastructure NSW on status of Close-out Plans.
▪ Capital Portfolio Health Check Reviews (Assurance Review)
- Complete any required registration process in the Assurance Portal
- Agree the timeframe with Infrastructure NSW for the Review
- Prepare and provide, in a timely manner, all relevant information to support the
Review
- Ensure Delivery Agency Head and other relevant agency executive participate in
the Review
- Respond to requests for a fact check of the draft Report in a timely manner
- Provide a delivery agency endorsed response to recommendations in a timely
manner
- Prepare formal Close-out Plan, for endorsement by Infrastructure NSW, for each
Review
- Provide regular updates to Infrastructure NSW on status of Close-out Plans.
▪ Regular reporting:
- Provides timely and comprehensive project reports consistent with Project Tier
frequency reporting requirements and agreed format.
The delivery agency is responsible for paying19 any direct costs of Assurance Reviews.
This includes time and expenses relating to the engagement of independent reviewers,
as well as disbursements relating to a Review such as venue hire, catering and
administrative support services (e.g. scribe).
The delivery agency is accountable for ensuring the quality of all project data, information
and reports including completeness, correctness, currency, correlation across all relevant
government platforms and compliance with all relevant data standards.

18
This relates to the Infrastructure NSW conducted reviews and checks; and does not relate to reviews and checks that are
conducted under the delivery agencies protocols.
19
Infrastructure NSW will initially pay for any direct costs; these will then be recovered in full by invoicing the delivery agency at
the completion of an Assurance Review.

22
 Infrastructure Investor Assurance Framework

2.10 Infrastructure NSW delegation authority

The NSW Government has given Infrastructure NSW the authority to delegate assurance for
non- High Profile/High Risk projects to Treasury on agreed terms.20 Infrastructure NSW has
been also given the authority to delegate existing independent assurance boards for major
projects to oversee assurance functions consistent with the IIAF, and under the following
terms:
• The assurance board will be responsible for assurance including Gateway Reviews for
delivery gates only.
• The Chair of an assurance board will provide independent assurance advice directly to
the IIAC via Infrastructure NSW (which in turn is provided to Cabinet) following Gateway
Reviews conducted by the Board at the direction of Infrastructure NSW; or at any time
requested by IIAC or Cabinet.
• Infrastructure NSW will be advised of any proposed changes to membership of boards. If
Infrastructure NSW considers the Board integrity is compromised by such changes it may
advise Cabinet accordingly.
• A call-in right will enable Infrastructure NSW to take over some or all assurance
responsibilities at the direction of Cabinet.

20
This excludes projects sponsored or delivered by Infrastructure NSW (Projects NSW), as Treasury already has responsibility
for the assurance functions related to these projects.

23
 Infrastructure Investor Assurance Framework

3 FRAMEWORK ARRANGEMENTS

3.1 Framework outline

The IIAF incorporates a risk-based approach to infrastructure investment assurance and is in
line with recommendations made by the Auditor General in the performance audit report
entitled Audit Large construction projects: Independent assurance (May 2015)21.

Assurance arrangements for the state’s infrastructure program support the Premier, the
Treasurer and Cabinet in ensuring that this program is delivered effectively. The IIAF is
designed to support both the delivery agencies’ own decision-making and assurance
processes and to support Budget processes throughout the project lifecycle as shown in
Figure 3.

Figure 3 Project Lifecycle Assurance 22

21
http://www.audit.nsw.gov.au/publications/performance-audit-reports/2015-reports/large-construction-projects--
independentassurance-/large-construction-project-independent-assurance
22
Not all Gateway, Health Check and Deep Dive Reviews are required for all projects as indicated in Table 5, Section 3.3.1

24
 Infrastructure Investor Assurance Framework

A key component of the IIAF has been the establishment of an IIAC, convened, chaired and
managed by Infrastructure NSW. Membership of the IIAC consists of the Chief Executive of
Infrastructure NSW and the Secretaries of several of the NSW Government infrastructure
delivery agencies.

3.2 Risk-based approach to investor assurance

Risk-based assurance means that different levels of assurance and reporting are applied
proportionate to a potential risk profile. The qualitative risk profile criteria are outlined in
Table 3.
Table 3 Qualitative risk profile criteria

Criteria Definition

Government The degree of criticality in timing of the project or program due to potential adverse
Priority impacts on an existing community or the growth of a new community.
The level of project or program priority, where:

▪ the project is mandated through documents such as the NSW Budget, Premier’s
Priorities, State Infrastructure Strategy, Cabinet endorsed infrastructure plan,
Election Commitment; or;
▪ mandated through Ministerial authority or statement that has been made
regarding the priority of the project; or;
▪ the project is assigned priority through an agency endorsed strategic document or
funded forward capital program; or;
▪ the project is assigned priority as an enabler of a mandated project.

Interface Complexity The extent to which the success of the project or program will depend on the
management of complex technical or commercial dependencies with other:

▪ agencies, SOCs, non-government sector organisations or other third parties –

providing approvals, contributing to the funding of the project, or being given
operational responsibility, and/or
▪ projects or services where there are fundamental interdependencies that will
directly influence the scope and cost of either project.

Procurement Risk The extent to which a project or program requires, sophisticated, customised or
complex procurement methods, thereby increasing the need for a careful assessment
of the procurement strategy, management of the procurement task and management
of the associated delivery risk.

Agency Capability and The extent to which the sponsor agency has clear governance arrangements,
Capacity demonstrated capability (experience) and capacity (available skilled resources) or can
access these through recruitment or procurement of capability in the development
and / or delivery of the type of project or program proposed.

A weighted score for the above criteria is determined based on the weightings and scores
outlined in Attachment E. This weighted score is compared against the ETC to determine a
preliminary Project Tier based on the matrix shown in Table 4.

25
 Infrastructure Investor Assurance Framework

Tier 5 projects are not subject to the qualitative risk profile criteria. Tier 5 is assigned to a
project automatically if it has an ETC of under $10 million. Tier 5 projects are not subject to
the qualitative risk profile criteria or assigned a weighted score.
Table 4 Project-tier weighted risk score matrix

ETC Range
Weighted
Risk Score $10M – 50M $50-$100M $100M - $500M $500M - $1B >$1B

0.0 – 2.0 Tier 4 Tier 3 Tier 3 Tier 3 Tier 2

2.1 – 2.2 Tier 4 Tier 3 Tier 3 Tier 2 Tier 2

2.3 – 2.4 Tier 4 Tier 3 Tier 2 Tier 2 Tier 2

2.5 – 2.9 Tier 3 Tier 2 Tier 2 Tier 2 Tier 1 – HPHR

3.0 – 3.9 Tier 2 Tier 2 Tier 2 Tier 2 Tier 1 – HPHR

4.0 – 5.0 Tier 1 – HPHR Tier 1 – HPHR Tier 1 – HPHR Tier 1 – HPHR Tier 1 – HPHR

The initial risk profiling self-assessment process is undertaken by delivery agencies. The
process involves giving each project a risk-based score against these criteria, and
undertaking further qualitative analysis, enabling projects to be grouped into risk-based tiers
to which different levels of project assurance can be applied. The risk-based tiers are as
follows:
• Tier 1 - High Profile/High Risk
• Tier 2
• Tier 3
• Tier 4
Level of
This tiered approach is designed to ensure Intensity

that the right balance is struck between a

robust approach correctly focused on
highest risks and achieving value for money.
More intensity / scrutiny is placed on
projects that need it most e.g. Tier 1 - High
Profile/High Risk projects. This is
represented in Figure 4.

Figure 4 Tiered approach

26
 Infrastructure Investor Assurance Framework

Throughout their lifecycle, projects may move between tiers depending on changing risk
profiles.

The project tiering is endorsed as outlined in Section 2.5. For a project to be endorsed by the
IIAC as a Tier 1 – High Profile/High Risk project, it must be nominated as such by the:
• Cabinet
• Premier
• Treasurer
• Responsible Minister
• Relevant delivery agency Secretary or Chief Executive Officer
• Chief Executive Officer of Infrastructure NSW.
For a project to be removed off the Tier 1 – High Profile/High Risk list, before it is
operational, the relevant delivery agency Secretary or Chief Executive Officer must request
the removal in writing to the Chief Executive Officer of Infrastructure NSW. The Infrastructure
NSW Assurance Team will consider the request and make a recommendation in relation to
the request to be endorsed by the IIAC. The request may also be referred to the Risk
Review Advisory Group23 for advice. Any recommended change in a Tier 1 - High
Profile/High Risk project rating is reviewed by Cabinet.

3.3 Assurance requirements

The investor assurance process is designed to ensure the Government’s key infrastructure
projects across NSW are delivered on time, on budget and in accordance with government
objectives. This is achieved by providing independent advice to delivery agencies and
reporting to Cabinet, so they can receive early warning of any emerging issues, and to act
ahead of time to prevent projects from failing.

There are four main components to the

independent investor assurance process:
• Assurance Reviews
• Project reporting based on inputs provided
by delivery agencies
• Monitoring conducted by Infrastructure
NSW
• Improving infrastructure outcomes through
sharing insights and developing capability.

Figure 5 Elements of investor assurance

23
Refer to 2.9 Responsibilities

27
 Infrastructure Investor Assurance Framework

3.3.1 Improving Outcomes for Capital Infrastructure Projects and Programs

Insights gained and lessons learned through the Assurance role are shared across
government to acknowledge key challenges, foster continuous improvement and contribute
to the development of capability in infrastructure planning, procurement and delivery.

In December 2020, Cabinet approved the ‘Framework for Establishing Effective Project
Oversight for the NSW Infrastructure Program’. The Framework includes minimum
requirements and best practice guidance for establishing effective processes and
appropriate resourcing to oversee Tier 1 - High Profile High Risk (HPHR) projects.

The Framework assists Cluster Secretaries to improve accountability and transparency in

project oversight and decision making. The Framework includes guidance on how to foster a
culture of collaboration and continuous improvement, while also establishing effective
practices to monitor, learn and evaluate project development, procurement and delivery
performance.

The Framework is supported by a Guideline, which provides more detail on the key success
factors, minimum requirements and recommended practices for resourcing project teams
and establishing processes.

3.3.2 Gateway, Health Check, Deep Dive and Capital Portfolio Reviews
(Assurance Reviews)

The IIAF Assurance Review process provides for a series of short, focused, independent
expert reviews, held at key decision points in a project’s lifecycle (as depicted in Figure 3).
The Assurance Reviews are appraisals of infrastructure projects and programs, that highlight
risks and issues, which if not addressed may threaten successful delivery.

The Assurance Review process is in place to strengthen governance and assurance

practices and to assist delivery agencies to successfully deliver major projects and
programs. Reviews are part of an assurance process which provides confidence to
Government in the information supporting their investment decisions; the strategic options
under consideration; and the delivery agency’s capability and capacity to manage and
deliver the project.

Gateway Reviews are supported by periodic Health Checks and Deep Dive Reviews which
assist in identifying issues which may emerge between decision points. These reviews will
be carried out, when required, by an independent team of experienced practitioners (industry
experts including from the private sector), appointed by Infrastructure NSW. While Health
Check Reviews for Tier 1 - HPHR projects are mandatory during the Delivery Phase, all
other Health Check and Deep Dive Reviews are by agreement between Infrastructure NSW
and the agency.

The risk-based application of Assurance Reviews conducted by Infrastructure NSW is

detailed in Table 5.

28
 Infrastructure Investor Assurance Framework

Delivery agencies can nominate additional assurance reviews beyond those mandated by
the IIAF.

After each Assurance Review, 360-degree feedback is obtained by means of a series of

surveys. These surveys are sent to the review team, the agency and the GCA review
manager with the aim of identifying areas where improvements can be made to the review
process. Infrastructure NSW also relies on the feedback to manage the performance of the
Expert Reviewer Panel (ERP) and the success of the IIAF.

Table 5 Application of Assurance Reviews by Infrastructure NSW

GATEWAY REVIEWS Tier 1 - HPHR Tier 2 Tier 3 Tier 4 Tier 5

Gate 0 Go/No Go Mandatory^ Mandatory^ Mandatory^

Gate 1 Strategic Options Mandatory Mandatory Optional

Gate 2 Business Case Mandatory Mandatory Optional

Gate 3 Readiness for Market Mandatory Optional Optional Not required Not required

Gate 4 Tender Evaluation Mandatory Optional Optional

Gate 5 Readiness for Service Mandatory Optional Optional

Gate 6 Benefits Realisation Mandatory Optional Optional

HEALTH CHECKS Tier 1 - HPHR Tier 2 Tier 3 Tier 4 Tier 5

Development Optional Optional Optional

Procurement Optional Optional Optional Not required Not required

Delivery Mandatory24 Optional Optional

DEEP DIVES Tier 1 - HPHR Tier 2 Tier 3 Tier 4 Tier 5

Any Phase Optional Optional Optional Not required Not required

^ Gate 0 Reviews are not required when Infrastructure NSW’s Risk Review Advisory Group (RRAG) decides
the Review would not add value.

Delivery agency assurance

The IIAF Assurance Reviews relate to those conducted by Infrastructure NSW and do not
relate to reviews and checks conducted under individual delivery agency protocols.

24
Health Checks for Tier 1 - High Profile/High Risk projects are mandatory during the Delivery Phase if this phase exceeds 6
months.

29
 Infrastructure Investor Assurance Framework

Gate 0 Reviews

Gate 0 Reviews will be conducted by the Gate 0 Review Committee. Gate 0 Reviews are not
required when Infrastructure NSW’s Risk Review Advisory Group (RRAG) decides they will
not add value.

Gate 1 – 6 Reviews

Assurance Reviews include interviews with significant project stakeholders and the
examination of project documents. Review Teams assess the progress of projects against
seven Key Focus Areas:
• Service need
• Value for money and affordability
• Social, economic and environmental sustainability
• Governance
• Risk management
• Stakeholder management
• Asset owner’s needs and change management.
Reviews are conducted in accordance with the Gateway Review Toolkit and Reviewer
Workbooks. An overview of the typical Assurance Review process is at Attachment F.

Infrastructure NSW will develop Terms of Reference for a Review in consultation with the
responsible delivery agency and key stakeholders. The Terms of Reference are used to
guide the selection of appropriate reviewers and will be provided to reviewers in advance of
the Review.

The governance and oversight of a project/program ordinarily includes three major parties: a
‘sponsor’, ‘deliverer’ and ‘asset owner/manager or operator’. These parties may come from
within the same organisation.

Good governance and project/program assurance calls for the need to have an individual as
the single point of accountability and strategic responsibility; the Senior Responsible Officer
(SRO). The SRO may come from within the ‘sponsor’, ‘deliverer’ or ‘asset manager/owner or
operator’ organisation. This is further outlined in Attachment B.

To enable a successful Review to take place, the delivery agency must identify each of the
parties performing the role of ‘sponsor’, ‘deliverer’ and ‘asset owner/manager or operator’, as
well as the individual SRO. It is essential that the delivery agency’s SRO participates in the
Gateway Review process.

Independent reviewers

Reviews are to be conducted by a highly experienced independent Review Team where

independent refers to the individuals being independent of a delivery agency and a project
team. The review team should be selected so that it possesses the skills, capability and
experience to enable it to provide relevant assessment and advice.

30
 Infrastructure Investor Assurance Framework

For Tier 1 – High Profile/High Risk projects, independent reviewers forming the Review
Team should not include individuals that are currently employed by the NSW Government25
and should include high profile industry experts.

For Tier 2 and 3 projects, independent reviewers forming the Review Team can include
individuals currently employed with the NSW Government if they are independent of the
delivery agency and project team.

Health Check and Deep Dive Reviews

Health Checks should be conducted at regular intervals (minimum 6 months) for Tier 1 –
High Profile/High Risk projects when in the delivery phase of the project lifecycle. Health
Checks during other phases of Tier 1 – High Profile/High Risk projects and at any time for
Tier 2 or Tier 3 projects are considered optional and should be undertaken as needed.

Triggers for optional Health Checks may include:

• where a Gateway Review Team recommends a Health Check to be completed before
the next Gateway Review
• between a Strategic Assessment Gate Review and a Business Case Gate Review:
- if a Strategic Business Case (SBC) is reviewed at the Strategic Assessment Gate
Review and a Preliminary Business Case (PBC) is produced; or
- if there are significant options developed and are still available for consideration at
the Strategic Assessment Gate Review, a Health Check Review may be required at
the options selection point rather than waiting until Final Business Case (FBC)
• if there is overall low or medium delivery confidence and there are a significant number of
critical and essential recommendations raised at an Assurance Review. The Health
Check Review would focus on ensuring recommendations have been closed effectively
• if insufficient progress is being demonstrated in closing out recommendations from a
previous Assurance Review
• if there is a major incident or major event or major change in the project, including
change of governance or change in delivery agency responsibility (e.g. handover to
Projects NSW for delivery)
• if a delivery agency self-nominates.
Optional Health Check Reviews can be called for at the direction of any of the following:
• Chief Executive Officer of Infrastructure NSW
• IIAC
• Cabinet
• Treasurer
• Premier.
Deep Dive Reviews are similar to a Health Check Review but focus on a particular issue or
limited terms of reference rather than the full range of issues normally considered at a Health

25
This refers to individuals who are current permanent employees of the NSW Government and does not include former
employees of the NSW Government or those contracted on a non-permanent basis.

31
 Infrastructure Investor Assurance Framework

Check. These are generally undertaken in response to issues being raised by key
stakeholders to the project or at the direction of the relevant Government Minister.

Capital Portfolio Health Check Reviews

Capital Portfolio Health Checks are independent peer reviews undertaken by a Review
Team, selected by the GCA, comprising experienced practitioners who can provide expert
advice on the program management approach, capability, capacity, governance and
financial supervision of an agency’s capital infrastructure portfolio.

A Capital Portfolio Health Check Review adds value by providing ‘point in time’ insight of
portfolio level issues and risks that potentially impact the successful development,
procurement and delivery of projects within an agency’s capital portfolio.

In consultation with the Infrastructure NSW Risk Review Advisory Group (RRAG),
Infrastructure NSW will nominate a list of agencies (or relevant part of an agency) for a
Capital Portfolio Health Check Reviews. Agencies will have a ‘right of reply’ within the RRAG
process if they do not believe they should be subject to, or could undertake, a Capital
Portfolio Health Check Review in the coming calendar year.

The list of agencies (or relevant part of an agency) endorsed by RRAG will be provided
annually to IIAC in the first quarter of each calendar year. IIAC will then determine the list of
agencies to be reviewed in that calendar year.

Outside of this nomination process, Cabinet, the responsible Minister, the relevant Cluster
Secretary or the Chief Executive of Infrastructure NSW may determine that a Capital
Portfolio Health Check Review is to take place.

In all cases agencies will be given sufficient time (at least 3 months) to prepare and
coordinate for the Review.

Capital Portfolio Health Check Reviews are conducted in accordance with the relevant
Review Workbook. To reflect the portfolio level focus of the Review, Review Teams assess
the agency’s capability and capacity to successfully deliver their capital infrastructure
portfolio against six Key Focus Areas:
• Program Management
• Financial Responsibility
• Organisational Capability and Capacity
• Governance and Decision Making
• Risk Management
• Asset Owner’s Needs and Change Management
Like other Gateway Reviews, for Capital Portfolio Reviews there is the need for the agency
to nominate an individual as the single point of accountability and strategic responsibility.

32
 Infrastructure Investor Assurance Framework

Gateway Review / Project Health Check Review / Deep Dive Review / Capital Portfolio
Health Check Review

The results of each Assurance Review are presented in a report that provides a snapshot of
the project’s progress for the purposes of reporting to Cabinet and with recommendations to
strengthen the project.

Close-out Plans

Close-out Plans form part of the final Review reports and are required to be prepared in
response to the recommendations set out in each Assurance Review report.

Close-out Plans are supplied by delivery agencies as approved by the delivery agency
Secretary, Chief Executive Officer or nominated SRO26, these Plans will detail specific
actions, timelines and accountabilities that respond to the recommendations provided in
these reviews. Infrastructure NSW will:
• endorse the Close-out Plans and the closing out of recommendations
• monitor the progress towards closing out these actions and recommendations
• report on this activity to the IIAC and Cabinet.

Presentation of Review findings to Cabinet

All final Assurance Review reports are provided to Cabinet for the purpose of seeking
approval for Infrastructure NSW to take reasonable and necessary steps in working with
delivery agencies to facilitate the closing out of the recommendations contained in the
reviews. This may include reporting to Cabinet on any cases where ‘critical’ and ‘essential’
recommendations are not being addressed as evidenced by the delivery agency’s’ reporting
on the closing out of review recommendations.

In addition:
• For Tier 1 – High Profile/High Risk projects, summaries of the key review outcomes are
routinely provided to Cabinet.
• For Tier 1 – High Profile/High Risk projects, the CEO of Infrastructure NSW may present
the outcomes of Gate 1 Strategic Options Gateway Review, Gate 2 Business Case
Review and Health Check in Delivery reviews to the Cabinet.
• For non-High Profile/High Risk reviews, the outcomes of these reviews may be reported
to Cabinet in more detail by exception where significant risks or issues are deemed
relevant to Cabinet by the IIAC.
In the case of projects being delivered by Infrastructure NSW, presentations are made by the
Secretary or Chief Executive of the nominated GCA or their delegate.

26
And /or in accordance with individual delivery agency policy

33
 Infrastructure Investor Assurance Framework

Confirmation of Clearance of Gate

Following the conclusion of the review and the finalisation of the Review Report, the delivery
agency can request a ‘Clearance of Gate’ Certificate from the GCA. The ‘Clearance of Gate’
will be determined by the GCA.

The Certificate confirms the review has been completed and that an appropriate Close-out
Plan is in place to assist with the project development or delivery.

Irrespective of whether a Certificate is requested and issued, or not, to achieve a ‘Clearance

of Gate’ the delivery agency must:
• respond appropriately to the review recommendations (to the satisfaction of the GCA)
• resolve all critical review recommendations (to the satisfaction of the GCA)
• respond to the Close-out Plan prepared by the GCA.
The Certificate is not an Assurance Review approval or an endorsement of the project, nor
does it negate the mandatory requirement on a delivery agency to respond to and act upon
the review recommendations.

3.3.3 Regular project reporting

Reporting will be conducted for projects and programs, with data gathered and maintained
by Infrastructure NSW in a central repository. These reports will record and assess
implementation against time, cost, quality, risks and impediments to project
development/delivery. Alerts for management attention and/or intervention will be based on
analysis of data as well as the Assurance Review reports. Reporting will reflect the tiered
approach with greater analysis and strategic advice provided for Tier 1 – High Profile/High
Risk projects. Project Tier Risk-based reporting is detailed in Table 6.
Table 6 Regular project reporting requirements

Project Tier Frequency Lodged By Reviewed By Endorsed for Audience

reporting to
Cabinet by

Tier 1 - Monthly Delivery agency Infrastructure IIAC ▪ IIAC

HPHR NSW ▪ Infrastructure NSW
Board
▪ Cabinet

Tier 2 Quarterly Delivery agency Infrastructure IIAC ▪ IIAC

NSW ▪ Cabinet

Tier 3 Quarterly Delivery agency Infrastructure IIAC ▪ IIAC

NSW ▪ Cabinet

Tier 4 Nil or as Nil or by Nil or DPC and Nil or DPC ▪ Cabinet where project is
determined by Delivery Agency Infrastructure where project is on D&PML
DPC where where project is NSW where on D&PML
project is on on D&PML project is on
D&PML D&PML

34
 Infrastructure Investor Assurance Framework

Tier 5 As determined Delivery Agency DPC DPC ▪ Cabinet

by DPC Infrastructure
NSW

To support these reporting arrangements, delivery agencies will be required to provide:

• Timely and quality project data and information defined as complete, correct, and, as far
as practicable, consistent across all relevant government information management
platforms. This includes regularly reviewing and validating project data previously
provided.
• Timely and comprehensive project reporting in the agreed format. Refer to
Attachment G for the Tier 1 – High Profile/High Risk regular project report template
• Close-out Plans which document actions and accountabilities that respond to
recommendations identified in the Assurance Reviews
• Mitigation Plans for red flag issues identified in Tier 1 - High Profile/High Risk project
status reports or Tier 2 reports.
A key feature of the Tier 1 - High Profile/High Risk project reports is an indication of the
status of project or program using a traffic light system (RED / AMBER / GREEN) in terms of
overall project status, time and cost. The definitions for the traffic light system for overall
project status, project time status and cost status are shown in Attachment D.

3.3.4 Monitoring

Monitoring of projects, programs and agency capital portfolios will be conducted in

accordance with the Infrastructure Investor Assurance Monitoring Framework. Infrastructure
NSW will monitor project status (including mitigation plans) and the findings of the
Assurance Reviews (including Close-out Plans). Infrastructure NSW will provide regular
project reports and summary findings of Assurance Reviews for Tier 1 - High Profile/High
Risk projects to the:
• IIAC for endorsement of regular project reports; and noting of the findings of project
Assurance Reviews
• Infrastructure NSW Board by exception for projects with red status or deteriorating status
• Cabinet.
Regular project reports as well as Assurance Review summary findings provided to the
IIAC and Cabinet will be owned by Infrastructure NSW. In providing this reporting,
Infrastructure NSW will undertake the necessary steps to verify the information provided by
delivery agencies or prepared by Review Teams. This may include:
• detailed assessment of each Tier 1 – High Profile/High Risk project with direct input from
Panel experts (this will include Health Checks and the results of Deep Dive Reviews)
• independent analysis and advice on key risks, recommended corrective actions and
mitigation strategies.

35
 Infrastructure Investor Assurance Framework

3.4 Treatment of projects and programs

New capital projects must be registered under the IIAF as either a project or a program. After
a project or program is risk-profiled and assigned a Project Tier it is required to comply with
the assurance and reporting requirements outlined in Section 3.3 according to its Project
Tier. Definitions of, and how various projects and programs may be comprised and operate
in practice are detailed at Attachment H.

3.4.1 Modified IIAF Project Registration report for complex projects and
programs and agency Capital Portfolios

Complex Projects and Programs

Under the IIAF, the assurance process for complex projects and programs begins with
registration and risk profiling of the project/program in its entirety to establish its Project Tier.
For assurance purposes (Reviews, regular reporting and monitoring), a complex project or a
program may need to be considered both as a single project or program and in its
component parts (project stages, individual projects or sub-programs) at various stages in
the program lifecycle.

In some cases, these project stages, individual projects or sub-programs may have a
different Project Tier to the overall complex project or program. This may result in the need
for a Modified IIAF Project Registration report.

As the different component parts (project stages, individual projects or sub-programs) are
typically developed and/or delivered over varying timeframes, they may not be able to be
considered in a single Gateway Review. It may therefore be necessary to have multiple
Reviews to accommodate a program/project’s needs. In some cases, a smaller stage of
work or individual project may not warrant the application of these separate Gates.

For complex projects, the application of separate tiering for certain identified stages allows
the delivery agency to access Reviews for a distinct stage (dependent on the risk-profiling of
that stage) to accommodate a project’s specific needs. For example, larger stages of work
within a complex project may warrant the application of certain Gates, particularly at the
procurement and delivery stages of a project’s lifecycle, whereas a smaller stage of work
may not require a Review. This adaptation provides for greater assurance and efficiency
across a complex project.

When stages of a complex project are identified as needing separate tiering for assurance
purposes, the stages are split off and undergo risk profiling, where each stage is assigned a
Project Tier, and subsequently included as such in a Modified IIAF Project Registration
report. Importantly, a stage’s tiering is assessed on its own merits, and therefore may be
tiered at any level. Splitting off a stage of a complex project for risk profiling may occur at
any time. Typically, this would be after the complex project’s strategic or final business case.
A complex project should only be considered as a linear program of staged outputs in
accordance with an agreed business case.

36
 Infrastructure Investor Assurance Framework

This process is similar for programs needing to be considered as separate projects or

subprograms. For instance, a large program that is considered in its entirety during the
development of strategic business cases, may require the development of a series of
separate final business cases for individual projects and sub-programs due to these being
progressed and delivered at different times.

Examples of typical Modified IIAF Project Registration report for complex projects and
programs are provided at Attachment I.

Whole of Program Review

Where a complex project has been split into stages or a program into individual projects or
sub-programs, and those component parts have their own tier assessment, it is important, to
return to a review of the complex project or program in its entirety to support delivery of
benefits across the complex project and within the original budget. Infrastructure NSW will
complete an assurance review every 12 months of a complex project that has been split into
stages or programs, that is rated Tier 1. Reviews of complex projects or programs that are
rated Tier 2 and 3 will be on an ‘as required’ basis as determined by Infrastructure NSW.
These reviews may be done at the same time as an assurance review of a particular stage
or project within a program. Infrastructure NSW will undertake the Gate 6 Benefits
Realisation Review for the complex project to assess the benefits realisation for the entire
complex project.

Agency Capital Portfolios

Agencies required by IIAC to undertake a Capital Portfolio Health Check Review must
complete an Agency Capital Portfolio Registration through the Assurance Portal. This
registration is not subject to a risk profiling or evaluation of Project Tier. An agency’s Capital
Portfolio will not be subject to regular reporting, but will be subject to monitoring and action
by Infrastructure NSW in line with the outcomes of a Capital Portfolio Health Check Review.
IIAC and Cabinet will be informed for noting when agencies register their Capital Portfolio.

3.4.2 Endorsement of a Modified IIAF Project Registration report

Determining the extent or need to apply the mandatory gates for complex projects or
programs to the project stages, individual projects or sub-programs will require:
• delivery agencies to provide a Modified IIAF Project Registration report with self-
nominated assurance arrangements for each project stage, individual project or sub-
program as relevant
• Infrastructure NSW to assess the Modified IIAF Project Registration report and make
recommendations to the IIAC
• IIAC to endorse the Modified IIAF Project Registration report.

3.5 The NSW Assurance Portal (Portal)

The NSW Assurance Portal (Portal) provides the NSW Government with the first statewide
online environment to securely manage assurance information and activities for projects that

37
 Infrastructure Investor Assurance Framework

meet the threshold of the IIAF and the Recurrent Expenditure Assurance Framework (REAF)
as part of the NSW Gateway Policy.

The Portal enables Infrastructure NSW, NSW Treasury and the government Clusters to
actively and efficiently manage project registrations (including risk profiling and risk review
assessment), capture review information and provide enhanced data collection for capital
project reporting to Cabinet.

The Portal also captures Expert Reviewer information to assist with the selection of Expert
Reviewers for Gateway, Health Check and Deep Dive Reviews.

38
 Infrastructure Investor Assurance Framework

3.6 Performance Reporting

3.6.1 Annual framework performance

A crucial part of the IIAF will be to regularly evaluate the performance of the IIAF itself and
contribute to the analysis of project and assurance issues and trends. To this end, the key
aspects of the performance management approach are outlined in Table 7.
Table 7 Performance reporting

Report Description Frequency Audience

IIAF Cluster The IIAF Cluster Assurance Plans are forward Annual plan at the ▪ Cabinet
Assurance Plans looking plans to identify the assurance requirements beginning of each ▪ IIAC
of a Cluster over the next 12 to 15 months. financial year.

Plans will be prepared by Infrastructure NSW in Updated six

collaboration with delivery agencies. monthly.

IIAF Trends and The IIAF Trends and Insights Report will feature an Annual ▪ Cabinet
Insights Report analysis of Assurance Reviews to identify systemic ▪ IIAC
issues and trends facing delivery agencies, as well ▪ NSW
as provide Lessons Learnt across projects. The Treasury
report will be prepared by Infrastructure NSW.

IIAF overall The IIAF Overall Performance Report is a report Annual ▪ Cabinet
Performance card on Infrastructure NSW’s performance in key ▪ IIAC
Report areas such as project registration, risk profiling, ▪ NSW
development of Cluster Assurance Plans, Assurance Treasury
Reviews and project reporting. ▪ Infrastructure
NSW Board
The report will also include an analysis of agency
performance in closing out (or addressing) Review
recommendations and an assessment of the
composition of the Expert Review Panel in terms of
experience and skill set required to provide high
performing advice as well as meet future whole-of-
government project assurance needs.

It will also include a report on monitoring the

robustness and timeliness of individual expert
reviewer performance. 360o feedback will be
obtained for each expert reviewer at the conclusion
of an Assurance Review.
The report will be prepared by Infrastructure NSW.

39
 Infrastructure Investor Assurance Framework

Attachment A Project registration and risk-profiling process

Delivery agency registers All capital projects valued at an estimated total cost (ETC) of $10
Project/Program million and above are to be registered by delivery agencies with
Infrastructure NSW via at the Portal.

Delivery agency undertakes Using the assessment tool in the Portal, delivery agencies
risk self-assessment to determine the preliminary Project Tier based on the ETC and the
Program/Project

determine preliminary evaluation of the four criteria. An IIAF Project Registration report can
Registration

then be generated.
Project Tier

Agency approval and Delivery agencies ‘submit’ the registration following approval from
the delivery agency ‘approver’. Once submitted, the project is
submission eligible for review by Infrastructure NSW’s Risk Review Advisory
Group (RRAG).

Infrastructure NSW review Prior to submitting the IIAF Project Registration report to RRAG,
Infrastructure NSW reviews the report and confirms that the
project is ready for review by the RRAG.

Risk Review Advisory group The preliminary Project Tier and IIAF Projects Registration report
(RRAG) recommendation are considered by the RRAG at the Group’s monthly meeting. The
RRAG either supports the preliminary tier or recommends another
tier.
Assessment
Risk Profile

Agency provided 'right of Infrastructure NSW provides agencies with a 'right of reply' when
reply' where RRAG tiering the RRAG recommends a Project Tier that differs from that provided
differs from agency tier by the agency.

Infrastructure NSW submits the Project Tier recommended by

Recommendation to IIAC for
RRAG to the IIAC for endorsement.
endorsement

Cabinet Noted Once endorsed by the IIAC, the Project Tier is submitted to Cabinet
Program/Project

for noting.
FInalisation

Agency advised Delivery Agency is advised of endorsed Project Tier.

40
 Infrastructure Investor Assurance Framework

Attachment B Role of the SRO in the IIAF

The governance and oversight of an infrastructure project/program ordinarily includes three
major parties: a ‘sponsor’, ‘deliverer’ and ‘asset owner/manager or operator’. The typical
responsibilities/functions of these parties are described in Table B1.
Table B1 Typical responsibilities of major parties to a project/program

Party Typical responsibilities and functions of parties to a project

▪ Secures the funding

▪ Owns the business case
Sponsor ▪ Responsible for specifying the asset requirements
▪ Ensures the project remains strategically aligned and viable
▪ Ensures benefits are on track

▪ Responsible for procurement of asset from investment decision to commissioning

▪ Delivering the benefits
Deliverer
▪ Translates requirements from the sponsor and manages delivery outcomes
▪ Selects the most appropriate supplier/s to meet project objectives

▪ Responsible for day to day operations and maintenance of asset once commissioned
Asset
▪ May be a part of the sponsor or delivery organisation or a separate entity
manager/
▪ Operator and maintainer of the assets might be separate entities
owner or
▪ Asset management is the coordinated activity of organisations to realise value from their
operator
assets

The role performed by each of these parties may be emphasised depending on the particular
project life cycle point a project/program is in. Further, the roles performed by each party
often have necessary interdependencies with each other to enable the successful delivery of
a project/program. This is depicted in Figure B1.

Figure B1 Interaction of the responsibilities and functions of key parties to a project/program

 Infrastructure Investor Assurance Framework

While there are typically three major parties to a project, good governance and
project/program assurance calls for the need to have a single point of accountability and
strategic responsibility. The Senior Responsible Officer (SRO) of a project/program occupies
this position. The SRO may come from the ‘sponsor’, ‘deliverer’ or ‘asset manager/owner or
operator’ agency, depending on the stage of the project/program within its lifecycle.
Notwithstanding this, the officer holding the position of SRO must be identifiable at any
particular point in time.

Table B2 outlines the typical responsibilities of these officers when occupying the position of
SRO in relation to the IIAF.

During the assurance and Gateway Review process the SRO is expected to be available,
support, and ensure that all necessary information is made available to the Review Team.
Table B2 Typical holder of SRO position during project lifecycle

Project Gateway Review Sponsor Deliverer Asset

Lifecycle manager/owner or
Stage operator

Gate 0: Go/No Go  SRO  SRO

Develop Gate 1: Strategic Options  SRO

Gate 2: Business Case  SRO

Gate 3: Readiness for Market  SRO

Procure
Gate 4: Tender Evaluation  SRO

Deliver Gate 5: Readiness for Service  SRO  SRO

Operate Gate 6: Benefits Realisation  SRO

 Infrastructure Investor Assurance Framework

Attachment C Protocols for finalisation and distribution of Gateway,

Health Check,Deep Dive and Capital Portfolio Review
Reports*

Draft Review • Review Team prepares Draft Review Report and issues to
Infrastructure NSW
Report • Infrastructure NSW provides comments, in relation to quality
(for quality control) of documentation, to Review Team, if required

• Review Team prepares Final Draft Review Report and issues to

Infrastructure NSW
• Infrastructure NSW distributes Final Draft Review Report and
Final Draft Recommendations Table to the Project Team (cc to the SRO) for fact
Review Report checking and response
(for fact checking) • Delivery agency provides comments on the Final Draft Review Report and
responses to Recommendations Table to Infrastructure NSW
• Infrastructure NSW considers agency comments and seeks the Review
Team perspective, if required

• Infrastructure NSW finalises the Final Review Report (including the

Final Review agency responses)
Report - • Infrastructure NSW issues Final Review Report (including agency
responses) to delivery agency nominated SRO or delivery agency
including Secretary or Chief Executive Officer (or delegated accountable parties as
response per delivery agency policy)
(for release) • Infrastructure NSW reports the outcomes of Review to IIAC and Cabinet,
as relevant, and provides Cabinet with the Final Review Report.

* Gateway, Health Check, Deep Dive and Capital Portfolio Review Reports are classified as ‘Sensitive NSW Cabinet’
documents
 Infrastructure Investor Assurance Framework

Protocols
Topic Details

Document control All Review Reports are to include a document control page – noting the version of the report
page and date of issue
Confidential All Review Reports are classified as ‘Sensitive NSW Cabinet’ documents and are to include
“Sensitive NSW Cabinet” on the footer
Distribution ▪ No review team member is to distribute copies of any versions of reports directly to
delivery agencies, project teams or any other party
▪ Review Team leader is to send versions of reports to Infrastructure NSW Assurance
Team for distribution
▪ No reports are to be distributed outside of the responsible delivery agency (including to
central government agencies) until the report is finalise and includes a delivery agency
response to recommendations unless directed to by the CEO Infrastructure NSW or
Deputy CEO Infrastructure NSW
▪ Copies of the Final Review Reports with delivery agency responses are only distributed
by Infrastructure NSW as follows:
- To responsible delivery agency SRO / Secretary or Chief Executive Officer (and
delivery agency delegated staff)
- To Treasury officials where the project is being consider by ERC (e.g. for SBC, FBC
and pre- tender and post tender Gateway Reviews for private financing deals etc.)
- To Infrastructure NSW Restart team where the project is to be considered for funding
in part or full by Restart NSW and only for SBC or FBC Gateway Reviews
- To Cabinet, the Premier’s Office, and the Treasurer’s Office upon request only
▪ Final Review Reports with delivery agency responses are not to be distributed to any
other parties (other than those specified above) unless directed by the CEO Infrastructure
NSW or Deputy CEO Infrastructure NSW. If other parties (including responsible Ministers)
request a copy they should be directed to the responsible delivery agency SRO /
Secretary or Chief Executive Officer to request a copy
▪ SROs (as owners of the final report) are able to distribute the final report, which remain
‘Sensitive NSW Cabinet’ documents, at their discretion, having regard to the confidential
nature of the report

Watermarks ▪ Draft Review reports to include Watermark: “DRAFT for delivery agency XXX checking”
▪ Final Review reports (excluding delivery agency responses to recommendations) to
include Watermark: “FINAL for delivery agency XXX Response”
▪ Final Review reports (including delivery agency responses to recommendations) to
include watermark: “FINAL issued to XXX” (where XXX is name of recipient delivery
agency or organisation report is issued to)

Format ▪ All versions of reports issued by the Review Team to Infrastructure NSW to be in Word
format or other mandated digital format.
▪ Draft Review reports issued to delivery agency for fact-checking in Word format
▪ Final Review reports (excluding delivery agency responses to recommendations) issued
to delivery agency for response to recommendations in PDF format with table of
recommendations issued to delivery agency in Word format
▪ Final Review reports (including delivery agency responses to recommendations) issued in
PDF format
Transmittal Infrastructure NSW to keep a record of all parties (including the versions) to whom reports are
issued
 Infrastructure Investor Assurance Framework

Attachment D Regular Project Reporting Rating System

The definitions for the traffic light system for overall project status are shown in Table D1.
Table D1 Regular project reporting - Overall project status definitions

Status Legend on HPHR report Detailed description in Portal

Green ◼ No major unmitigated risks No major unmitigated risks identified

Amber ◼ Major risks appropriately

mitigated
Major risks identified but appropriate mitigating actions being
taken

Red ◼ Further action required to

mitigate major risks
Major unmitigated risks identified - further action required

The definitions for the traffic light system for project time and cost status are shown in
Table D2 and Table D3.

Table D2 Regular project reporting - Project time status definitions

Status Legend on HPHR report Detailed description in Portal

Project/program is on track and is expected to be delivered

Green ◼ On-track within approved timeframes. No major unmitigated risks
identified.

Project/program is at risk of not being delivered within

Amber ◼ At risk approved timeframes. Appropriate mitigating actions are being
taken that address major risks to time.

Project/program is not on-track and is not expected to be

Red ◼ Not on-track delivered within approved timeframes. Further actions are
required to address unmitigated major risks to time.

Table D3 Regular project reporting - Project cost status definitions

Status Legend on HPHR report Detailed description in Portal

Green ◼ On-track
Project/program is on track and is expected to be delivered
within approved budget. No major unmitigated risks identified.

Project/program is at risk of not being delivered within

Amber ◼ At risk approved budget. Appropriate mitigating actions are being
taken that address major risks to budget.

Project/program is not on-track and is not expected to be

Red ◼ Not on-track delivered within approved budget. Further actions are required
to address unmitigated major risks budget.
 Infrastructure Investor Assurance Framework

Attachment E Project profile/risk criteria, criteria scores and weightings

 Infrastructure Investor Assurance Framework

Criteria and Weighting Priority and Risk level Score

Government priority: 25% Very high Government Priority 5

Mandated priority project with funding reserved in the forward estimates
The degree of criticality in timing of and has been publicly announced; and
the project or program due to - Construction to commence within the next two years; or
potential adverse impacts on an - Addresses an urgent and critical service need for the community.
existing community or the growth of
High Government Priority 4
a new community.
Mandated priority project with funding reserved in the forward estimates
and has been publicly announced; and
The level of project or program - Final Business Case to be completed within the next two years; or
priority, where: - Addresses a serious deficiency with a high service need for the
▪ the project is mandated community.
through documents such as
Medium Government Priority 3
the NSW Budget, Premier’s
▪ Mandated priority project in an endorsed strategic plan with
Priorities, State Infrastructure construction planned to commence within the forward estimates, but
Strategy, Cabinet endorsed not yet publicly announced; and
infrastructure plan, Election ▪ Addresses an important service need for the community.
Commitment; or;
Lower Government Priority 2
▪ mandated through Ministerial
▪ Priority project in an agency endorsed strategic plan; and
authority or statement that has
▪ Construction to commence within the forward estimates; and
been made regarding the
▪ Addresses some service need with a low impact on a community.
priority of the project; or;
▪ the project is assigned priority Very low Government Priority 1
through an agency endorsed ▪ Agency priority project/program indicated in a forward capital program;
and
strategic document or funded
▪ Construction to commence beyond the forward estimates; and
forward capital program; or;
▪ Addresses a minor deficiency with a low impact on a community.
▪ the project is assigned priority
as an enabler of a mandated Extremely low Government Priority 0
project. ▪ Neither a mandated or agency priority project/program; or
. ▪ Not included in an agency endorsed forward capital planning / strategy
document; or
▪ No or minimal impact on the community.
Interface complexity: 25% Very high interface complexity risk 5
▪ Complex institutional or technical interface with Federal, local and
The extent to which the success of
private entities; or
the project or program will depend ▪ Fully interdependent on other projects or services.
on the management of complex
technical or commercial High interface complexity risk 4
dependencies with other: ▪ Significant institutional or technical interface with at least 2 entities
(Federal, local or private); or
▪ agencies, SOCs, non-
▪ Important technical or service interdependencies with other projects.
government sector
organisations or other third
parties – providing approvals, Medium interface complexity risk 3
contributing to the funding of ▪ Institutional interface with at least 1 entity (Federal, local or private);
the project, or being given and
▪ Some interdependencies with other projects or services.
operational responsibility,
and/or Low interface complexity risk 2
▪ projects or services where ▪ Institutional interface with 1 entity; or
there are fundamental ▪ Minor interdependence with other projects or service.
interdependencies that will Very low interface complexity risk 1
directly influence the scope and ▪ Very little or infrequent interface with entities; or
cost of either project. ▪ Very little interdependence on other projects or service.
Extremely low interface complexity risk 0
▪ No interface complexity.
 Infrastructure Investor Assurance Framework

Criteria and Weighting Priority and Risk level Score

Procurement Risk: 20% Very high procurement complexity risk 5

The extent to which a project or Highly complex procurement including financing. For example, Public
Private Partnership (PPP); project finance with periodic availability
program requires, sophisticated,
payments or other hybrid financing structure.
customised or complex
procurement methods, thereby High procurement complexity risk 4
increasing the need for a careful Complex procurement. For example, a Design, Build, Maintain, with or
assessment of the procurement without operations.
strategy, management of the Medium procurement complexity risk 3
procurement task and management Some procurement complexity. For example, Design and Construct,
of the associated delivery risk. hybrid Early Contractor Involvement (ECI), hybrid alliance or Engineer,
Procure, Construct (EPC).
Lower procurement complexity risk 2
Minor procurement complexity. For example, Managing Contractor,
Construct Only, Design finalisation.
Very low procurement complexity risk 1
Collaborative contracting with design and cost jointly developed and risk
allocation agreed. For example, conventional ECI, or alliance.
Extremely low procurement complexity risk 0
No procurement complexity. For example, procurement of a study,
strategy or planning activity.
Agency Capability and Capacity: Very high agency capability and capacity risk 5
30% ▪ No projects of this type previously procured and delivered over the last
The extent to which the sponsor 10 years; or
agency has clear governance ▪ Resourcing capacity potentially severely limited in government or
arrangements, demonstrated industry within the delivery timeframes.
capability (experience) and capacity High agency capability and capacity risk 4
(available skilled resources) or can
▪ Less than 5 projects of this type previously procured and delivered
access these through recruitment over the last 10 years; or
or procurement of capability in the ▪ Resourcing capacity potentially very limited within government or
development and / or delivery of the industry to deliver within the intended delivery timeframes.
type of project or program proposed
Medium agency capability and capacity risk 3
▪ At least 5 projects of this type procured and delivered over the last 10
years; and
▪ A record of successful procurement and delivery of these projects; and
▪ Resourcing capacity potentially limited within government or industry,
requiring early planning and attention.
Lower agency capability and capacity risk 2
▪ Multiple recurring projects; and
▪ A record of successful procurement and delivery of these projects; and
▪ Resourcing capacity may be limited within government or industry but
is manageable.
Very low agency capability and capacity risk 1
▪ Business as usual type projects; and;
▪ A record of successful procurement and delivery of these projects; and
▪ Resourcing capacity within government and industry is established and
adequate.
Extremely low agency capability and capacity risk 0
▪ No agency capability risk as routine projects; and
▪ A record of successful procurement and delivery of these projects;
and
▪ No agency or industry resource capacity risk.
 Infrastructure Investor Assurance Framework

Attachment F Typical Gateway Review, Health Check and Deep Dive

Process

outstanding
recommendations from a previous Review will be considered and where necessary will be included in the
latest Review recommendations).
 Infrastructure Investor Assurance Framework

Attachment G Tier 1 – High Profile/High Risk Project Report Template

 Infrastructure Investor Assurance Framework

Attachment H Complex Projects and Programs

Program
A program is a temporary, flexible organisation created to coordinate, direct and oversee the
implementation of a set of related projects and activities in order to deliver outcomes and
benefits related to the organisation’s strategic objectives. A program is likely to be longer
term and have a life that spans several years. Programs typically deal with outcomes;
whereas projects deal with outputs.

Projects that form part of a program may be grouped together for a variety of reasons
including spatial co-location (e.g. Western Sydney Infrastructure Program), the similar nature
of the projects (e.g. Bridges for the Bush) or projects collectively achieving an outcome (e.g.
2018 Rail Timetable). Programs provide an umbrella under which these projects can be
coordinated. This represented in Figure H1.

Figure H1 Program

Programs can be linear in nature with individual projects being delivered consecutively or
with staggered starts. Other programs may be very complex in nature where the component
parts of a program could be individual projects or smaller groups of projects (sub-programs).
In some instances, this may not be linear with some component parts of the program fully
delivered before other parts of the program have been completed or even commenced. This
represented in Figure H2.
 Infrastructure Investor Assurance Framework

Figure H2 Program delivery

Project
A project is a temporary organisation, usually existing for a much shorter duration than a
program, which will deliver one or more outputs in accordance with an agreed business case.
Under the IIAF a capital project is defined as infrastructure, equipment, property
developments or operational technology that forms a component of a capital project.

Projects are typically delivered in a defined time period on a defined site. Projects have a
clear start and finish. Projects may be restricted to one geographic site or cover a large
geographical area, however, will be linked and not be geographically diverse.

A particular project may or may not be part of a program.

Where a project is delivered in multiple stages and potentially across varying time periods it
is considered a ‘complex project’. Refer to the definition for ‘complex project’

Complex Project
A project may be delivered in multiple stages and potentially across varying time periods.
This could also be across a large (but connected) geography. Individual project stages may
be identified during the development phase or during the procurement and delivery phases
when individual project stages are being procured and delivered under different contracts
and potentially over different time periods.
 Infrastructure Investor Assurance Framework

When a large project is delivered in multiple stages it may be considered a complex project.
This represented in Figure H3.

Figure H3 Complex Project

 Infrastructure Investor Assurance Framework

Attachment I Examples of typical Modified IIAF Project Registration report

for complex projects and programs
EXAMPLE MODIFIED IIAF PROJECT REGISTRATION REPORT FOR A TYPICAL COMPLEX PROJECT/PROGRAM: SEGMENTED AFTER GATE 1
EXAMPLE MODIFIED IIAF PROJECT REGISTRATION REPORT FOR A TYPICAL COMPLEX PROJECT/PROGRAM: SEGMENTED AFTER GATE 2