Boost Delivery Confidence with DTA Assurance

Boosting Public Sector Digital Project Delivery Confidence With DTA’s Assurance Framework

By Anthony Sanfrancesco

The Australian government continues to make significant investments in digital transformation projects—totalling $12.9 billion as of the 2024-25 mid-year economic and fiscal process—but too many of these projects are still failing to meet expectations or inspire confidence, leading the government to sharpen its focus on project performance.

Over the last year, the number of digital projects undergoing a delivery confidence assessment increased by 46.3%, and as of February 2025, 23 out of 61 assessed transformation initiatives are rated as having medium to low delivery confidence due to stalled progress or emerging risks.^[1] The consequences of this ripple outward: staff are forced to rely on outdated systems, citizens wait longer for essential services and agencies projects lose momentum and trust in future reforms.

Delivery assurance—State 4 of The Digital Transformation Agency’s (DTA) Commonwealth Digital and ICT Investment Oversight Framework (IOF) - commonly referred to as the DTA assurance framework. This assurance framework was designed to help close this gap by providing leaders with a clear view of whether projects are truly positioned for success. This is accomplished through activities such as project health checks, focused reviews of key areas of risk or components of the project critical to successful delivery, and internal audits. Unfortunately, assurance is often treated as a tick-the-box compliance task rather than a strategic function. Reviews start late, are too narrowly-scoped and conducted with little to no independence to provide meaningful foresight into risk.

To shift outcomes and meet the DTAs requirements, agencies—especially Senior Responsible Officers (SROs)—need to rethink how assurance is applied. Not as a compliance activity, but as a strategic task in navigating complexity and mitigating risk.

Topics

Risk Management and Regulatory Compliance Digital Transformation Technology Enablement

Industries

Government

Three principles of effective assurance

Two basic foundations of assurance are independence and timing. Without independence, assurance risks becoming an echo of delivery rather than an honest assessment. When assessment is independent and separate from the delivery team, they can offer a clear, objective review, and do so without pulling critical resources away from delivery.

Timing is just as critical. When assurance begins too late, it becomes reactive. A well-timed delivery confidence assessment can inform key decisions, flag risks before they eventuate and evolve with the project.

But even with these foundations in place, assurance must go further in today’s environment of increasing project complexity, resource constraints and scrutiny.

These three principles outline what effective assurance looks like, and how it can help teams stay ahead of delivery challenges, create confidence in and ultimately successful digital transformation projects.

1. It generates foresight, not just insight

While assurance can certainly provide insight into past performance, its true value lies in forecasting where the project is headed. By getting involved early and staying engaged throughout the project, assurance is positioned not just to reflect what’s gone wrong but to anticipate what might.

This foresight is especially critical in the early stages of a project when optimism is high, the business case is approved and teams are energised to deliver. That momentum can create a sense of certainty that everything will go according to plan.

Consider a multi-year digital case management system project where the initial assurance is conducted at the business case stage and not revisited until just before launch. In the interim, critical risks—like integration issues with legacy systems, delays in user testing or a shortage of skilled developers—can go unchecked. An assurance provider embedded from the start and engaged throughout can surface the risks early and provide leadership with actionable strategies to stay on course. This kind of foresight is essential to improving the delivery confidence of digital projects.

2. It reflects the complexity of the work, and who’s doing it.

Digital transformation programs, particularly within government, are large, complex and politically sensitive. Yet it’s not uncommon for assurance roles to be filled by generalists or under-resourced teams. This mismatch between the complexity of the project and the depth of assurance capability limits the effectiveness of any review. Effective assurance accounts for this reality.

Strong assurance evaluates who is doing the work, whether they understand the delivery environment and if the team has the right skills, context and flexibility to respond when the real-world complexity begins to surface. This is particularly critical when agencies rely on system integrators who, while technically capable, may lack the institutional knowledge or policy fluency needed in a public sector context.

3. It serves as a trusted adviser to the senior responsible officials.

Ultimately, the goal of assurance is not to monitor or micromanage the project—it’s to support the Senior Responsible Officer (SRO) and their team to deliver a successful outcome. One of the challenges government has is getting the right resources and skills. An independent third-party assurance won’t divert resources from your in-house team. When assurance is viewed not as an audit or compliance function but as a strategic partner, it becomes easier to have open conversations about what’s working, what’s not and what needs to change. A strong assurance relationship gives the SRO access to honest perspectives and equips them with the foresight to make informed decisions before risks escalate.

Assurance = confidence in your delivery

Digital transformation in government is high stakes work and under increasing scrutiny. As the Digital Transformation Agency’s delivery confidence assessments become more common, more projects are assessed for delivery confidence, and the pressure to deliver real, measurable outcomes will only intensify. But assessing the delivery confidence of digital projects doesn’t have to be a guessing game. By applying the right assurance framework—engaged early, executed independently and aligned to the complexity of the work—SROs can lead with clarity.

How Protiviti can help

Protiviti understands that the journey facing each governmental body is different. That’s why our government consultants offer clients a tailored solution; we never assume a one-size-fits-all approach can address a client’s unique needs. Our government consulting teams across the globe are ready to deliver deep expertise, objective insights, a tailored approach, and unparalleled collaboration to help Australian federal and state government leaders confidently face the future.

Find out more about Protiviti Australia’s federal government and state government consulting services.

About the author

Tony Sanfrancesco is a Protiviti Australia Director with over a decade of experience providing assurance for large transformation projects and programs across the Australian public sector. He specialises in internal audit, controls advisory, and risk management.

Government and Public Service Consulting Firm

Protiviti partners with federal and state government to address the most complex challenges and create a better future.

Internal Audit

Our strategic internal audit sourcing models in Australia deliver specialised talent, proven methodology, and innovative technology to meet the evolving needs of internal audit functions ranging from full outsourced solutions and delivery centres to tactical staff-augmentation.

Controls Advisory

Access deep expertise related to all-things controls, whether to support internal audit, audit-readiness, compliance, or regulatory objectives. Design, implement, and run control testing programs and embed the controls-mindset into everything an organisation does.

Risk Management Consulting

Protiviti Australia helps government assess risk and develop tech-enabled solutions to manage risk in an agile manner and minimise potential losses. From risk program design, to independent reviews and assurance, we ensure continuous monitoring and improvement.

Australian Federal Government

Federal departments and entities are increasingly required to navigate complex reforms, drive efficiencies, maintain public trust, and deliver programs that are economical, effective, and outcomes-driven.

State Government and Public Service Consulting

State and territory governments in Australia are responsible for delivering many of the services that directly impact the lives of citizens—education, health, housing, transport, justice, sustainability, infrastructure, and economic development.