The Gateway review process is a key assurance mechanism designed to provide an objective view of the ability of a programme or project to deliver on time and to budget. It is not part of the programme or project management process. Gateway reviews are managed in NI by the Centre of Expertise for Programme and Project Management (CoE) within Construction and Procurement Delivery (CPD), the local authorised hub.
Risk Potential Assessments (RPAs) must be completed for all programmes and projects. These should be validated by CoE or the head of the departmental programme office and should be sent to the Departmental Assurance Co-ordinator (DAC) at least 12 weeks ahead of an expected review.
Departments may decide on a de minimis cut off point, below which an RPA may not be required, but must do so on the basis of a full understanding of the implications and be accountable for their action. De minimis limits should be approved by the Departmental Accounting Officer in consultation with the head of the appropriate Centre of Procurement Expertise. Where a programme or project is above the de minimis limits an RPA should be completed and forwarded to the DAC for agreement.
RPA forms should be refreshed and resubmitted to CPD at each Gateway milestone.
If a risk level of medium or high is indicated in the RPA, the DAC will make arrangements, on behalf of the Senior Responsible Owner (SRO) for a Gateway review to take place. The first step will be for the DAC to meet with the SRO and members of the programme or project team. This assessment meeting, typically lasting between one and two hours, will:
- agree the risk assessment as detailed on the RPA
- determine the readiness of the programme or project for a review
- identify necessary skills for potential reviewers
- establish suitable dates for the planning meeting and the actual review
Following the assessment meeting, the DAC will appoint an independent and impartial review team to carry out the review.
The planning meeting is an opportunity for the review team and the programme or project team to meet for the first time. The review team will agree a code of conduct for the review and then agree this with the SRO. The key outputs from the planning meeting are:
- the list of stakeholders to be interviewed
- the list of documents to be made available to the review team
The DAC (or an appointed representative) will attend the planning meeting to ensure compliance with Gateway principles and to support both the review team and programme or project team through the process.
A review typically lasts three days. Some high risk reviews will last four days and, where the stakeholder list is unusually short, a two day review may suffice.
For a project, reviews take place at:
- Gateway 1 - Business Justification
- Gateway 2 - Delivery Strategy
- Gateway 3 - Investment Decision
- Gateway 4 - Readiness for Service
- Gateway 5 - Operations Review and Benefits Realisation
For a programme a series of Gateway 0s will be carried out. These typically reflect the programme start, programme delivery and programme close but may vary depending on circumstances. Workbooks are provided for Gateway review team members to inform questioning, highlighting areas to probe during each review.
The review is evidence-based and involves interviews with key stakeholders culminating in a report, delivered to the SRO on the final day of the review. This report is confidential to the SRO, containing recommendations based on the review team’s findings. In light of the recommendations, a Delivery Confidence Assessment (DCA) is awarded, indicating the potential for successful delivery.
Delivery Confidence Assessment
The DCA will range from green to red, defined as:
Green - successful delivery of the programme or project to time, cost and quality appears highly likely and there are no major outstanding issues that, at this stage, appear to threaten delivery significantly
Amber/Green - successful delivery appears probable, however, constant attention will be needed to ensure risks do not materialise into major issues threatening delivery
Amber - successful delivery appears feasible but significant issues already exist requiring management attention; these appear resolvable at this stage and if addressed promptly, should not present a cost or schedule overrun
Amber/Red - successful delivery of the programme or project is in doubt with major risks or issues apparent in a number of key areas; urgent action is needed to ensure these are addressed, and whether resolution is feasible
Red - successful delivery appears to be unachievable; there are major issues on programme or project definition, schedule, budget required, quality or benefits delivery, which at this stage do not appear to be manageable or resolvable
It is important to note that a Gateway review is not an audit. It is designed to provide the SRO with real time information so that action can be taken to address live issues and redirect the programme or project towards successful delivery.
Roles and responsibilities
The main roles and responsibilities associated with Gateway reviews are:
Senior Responsible Owner
The programme or project SRO is responsible for initiating the Gateway review process, making contact with the DAC and for submitting a completed RPA. They are also responsible for overseeing the provision of all relevant documentation to the review team.
Departmental Assurance Co-ordinator
The DAC is responsible for administering and arranging Gateway reviews and for managing the NICS pool of Gateway reviewers.
Gateway Review Team Leader
The RTL will lead an independent team, typically accompanied by two Review Team Members, and is responsible for carrying out the Gateway review.
Gateway style healthchecks may also be carried out. Healthchecks are supplementary to formal Gateway reviews. They provide additional assurance to SROs where, for example, a programme or project is between key stages or where engagement with the Gateway process has occurred late.
Where the RPA for a programme or project is designated low risk and where this is agreed by the DAC, an internal peer review should be undertaken. This should be in line with Gateway principles and conducted by an independent team appointed by the department.
It is important to note that an internal peer review is not a Gateway review and an IPR team must not be described as having carried out a Gateway review under these circumstances.
Lessons learned and further assurance
The Chief Executive of CPD plays a key role in the governance of the Gateway review process which includes:
- having sight of all Gateway review reports, under direction from the Procurement Board, for the extraction and communication of lessons learned
- writing to the relevant Departmental Accounting Officer and drawing their attention to high risk Gateway reviews that receive a red delivery confidence outcome; outlining appropriate actions, including the application of an Assurance of Action Plans review
Further information on the Gateway review process is available from the Departmental Assurance Co-ordinator in the Centre of Expertise for Programme and Project Management.