Documentation Guide for ICT Investment Approval Process
Documents
Business Case
Project Plan
Definition
Provide a summary of the business problem and a range of response options, including a status quo option. The preferred option should be identified in
consultation with Finance. Detail the financial and non-financial costs and benefits from implementing each option, along with project cancelation costs.
Provide a summary of the schedule, by each option, to support phased implementation. Discuss how the business case supports the entity and Commonwealth
business and ICT strategic objectives. Detail any legislative or Cabinet authority for the business case and discuss compliance with whole-of-government
policies such as security, privacy and procurement and summarising corporate governance arrangements. The First Pass Business Case should detail the
activities and the cost to develop the option(s) for the Second Pass Business Case.
Outline how the project deliverables will be organised, controlled and managed to ensure achievement of schedule, scope and budget targets; provide a high
level summary of the project scope; provide a summary of supporting plans; and provide a project schedule identifying each project stage and milestone.
Define the governance structure, roles, responsibilities and reporting channels for managing the programme / project, including: the board / working group,
Governance Plan the change / configuration / assurance authorities, and any other oversight provided by the entity.
Risk Plan and
Register
Detail how the project will identify, manage and report risks, including the personnel responsible for risk management. Detail each project risk and mitigation /
treatment strategies. Risks should relate to the business and technical issues likely to impact on schedule, scope and budget targets.
Provide a prioritised list (no more than two or three pages) of entity approved and unapproved ICT investments over the next four years, with summary annual
Investment Plan cost estimates and a short descriptive statement for each investment.
Benefits Plan and Detail the project's measurable benefits and the method and metrics to be used for tracking, reviewing and reporting when and if benefits are realised.
Benefits are to be agreed between the programme / project office, sponsors, stakeholders and Finance.
Register
Solution
(Architecture)
Design
Requirements
Specification
Procurement
Plan
Outline the solution to be developed to address the business problem identified in the business case. Outline the scope of the proposed solution within the
context of the entity’s current ICT environment. The architecture of the proposed solution, for example: technology (hardware), applications, security,
information (data models) and system integration / migration. The Solution Design should be of sufficient detail to support further post-approval design (as
applicable) of the solution. The Solution Design is a primary input for the build and testing phases of the project and may be used to support industry
engagement activities.
Outline the business and technical requirements of the solution, and provide sufficient detail to support the ongoing design, cost estimation and schedule
management of the products to be delivered. The document may also detail the users, transactions, process flows and business rules; the basis of a sizing
method such as a use-case or function point count. Outline any hardware capacity and performance requirements. Out of scope requirements may be detailed.
Complements the Solution Design and may be used to support industry engagement activities.
Detail how the project will acquire the services, hardware and software required to implement the solution; support the Project Plan and outline the strategy
for any industry engagement activities.
Updated: 9 October 2015
Documentation Guide for ICT Investment Approval Process
Security Plan
Product
Breakdown
Structure
Quality Plan
Change Plan
Workforce Plan
Reference and explain how the proposed solution will align with the Protective Security Policy Framework, comply with the Information Security Manual,
including addressing the Top 4 Strategies to mitigate targeted cyber intrusions (mandatory for Australian Government entities), and other security policies and
guidelines; provide additional security details beyond the Solution Design and Requirements Specification; and engage the entity’s IT Security Advisor. See
Estimates Memorandum 2014/04 Cyber Security Requirements in Business Cases for ICT-Enabled New Policy Proposals available from Finance or the entity’s
CFO area.
Provide a hierarchy of products to be delivered by the project, with each descending level of the hierarchy providing a more detailed component product, with
associated costs. A work breakdown structure may also be provided. Related to the Solution Design and Requirements Specification.
Define the approach, standards, techniques and processes to ensure that the project's products meet specified acceptance criteria; establish document change
control, auditing and configuration management processes. Outline the process of quality rectification for build, integration and installation activities as
applicable.
Detail a change management strategy for implementing the solution within the entity; covers stakeholder engagement, communication activities and
identifying any training needs as the basis to develop a user training solution after Second Pass approval.
Detail how an appropriately skilled and experienced workforce will be acquired, managed and retained to complete project deliverables.
Updated: 9 October 2015