Major Projects Assurance

Last updated: 2 December 2013

Major Projects Assurance Group's three main functions - Major Projects Monitoring, Gateway, and Project Delivery - Capability.

Update 2 December 2013: 

Since 2001 the Major Projects Assurance group has been located in the State Services Commission. On 2 December 2013 the group transferred to the Treasury, as part of the Portfolio Performance Management group. In the New Year this guidance will be repositioned on the Treasury website

1. Major Projects Monitoring

From the inception of large or high-risk projects, the Major Projects monitoring group builds long-term relationships with Sponsors and Project/Programme Managers, and has two primary objectives:

  • to provide ongoing advice to the project to help it succeed
  • to provide ongoing independent assurance to Ministers as to the risk status and progress of the project.

Monitoring includes review of key documents such as business cases, scoping the Terms of Reference of Independent Quality Assurance (IQA), giving advice on options, and providing comment on Cabinet papers.

For more information see the Major Projects Monitoring pages.

2. Gateway

Cabinet requires that projects identified as high-risk are reviewed at key decision points by Gateway review teams.

Gateway is a project assurance methodology designed to improve project delivery. The process uses a series of short reviews to examine major government programmes and projects at key decision points in their lifecycle.

SSC's Gateway Unit:

  • Works with agencies to determine which projects are high-risk
  • Facilitates Gateway reviews

For more information see the Gateway pages.

3. Project Delivery - Capability

The Project Delivery - Capability group identifies capabilities and structures that can help government projects and works to implement them. Examples include:

  • Investment Logic Mapping (ILM)
  • Quantitative Risk Assessment (QRA)
  • Training for Project and Programme Sponsors/Senior Responsible Owners (SRO)

For more information see the Project Delivery - Capability pages.

Agency Responsibility

Agencies must complete an initial Risk Profile Assessment (RPA) for any project or programme that would expose the Government to significant fiscal or ownership risk if it were not delivered within the projected functionality, cost, and timelines (Cabinet Office Circular CO (10)2).

The RPA comprises 26 multiple choice questions. These identify, at a high level, the presence of risk indicators for a project; the RPA is an agency’s initial self-assessment of a project’s inherent risk.

The RPA is not an exhaustive risk analysis model; it does not replace the need for agencies to perform their own detailed risk analysis and management throughout a project’s lifecycle.

The RPA produces an indicative risk rating. For any project or programme where the risk rating is Medium or High, the agency must send the completed RPA to the SSC Gateway Unit ( The Gateway Unit in consultation with the other central agencies, and after discussions with the submitting agency if necessary, makes the final decision on whether the project is high-risk.