The Environment Agency Integrated Assurance and Approvals Strategy (IAAS)

Report – XXXXXX/R (project code number)

Draft July 2015

DRAFT

2 of 27

Version Date Summary of Changes Authors

DRAFT

3 of 27

We are the Environment Agency. We protect and improve the environment and make it a better place for people and wildlife.

We operate at the place where environmental change has its greatest impact on people’s lives. We reduce the risks to people and properties from flooding; make sure there is enough water for people and wildlife; protect and improve air, land and water quality and apply the environmental standards within which industry can operate.

Acting to reduce climate change and helping people and wildlife adapt to its consequences are at the heart of all that we do.

We cannot do this alone. We work closely with a wide range of partners including government, business, local authorities, other agencies, civil society groups and the communities we serve.

Published by:

Environment Agency Horizon house, Deanery Road, Bristol BS1 5AH Email: enquiries@environment-agency.gov.uk www.gov.uk/environment-agency

© Environment Agency 2014

All rights reserved. This document may be reproduced with prior permission of the Environment Agency.

Further copies of this report are available from our publications catalogue: www.gov.uk/government/publications

or our National Customer Contact Centre: T: 03708 506506

Email: enquiries@environment-agency.gov.uk.

DRAFT

4 of 27

Executive summary Our Integrated Assurance & Approvals Strategy (IAAS) applies to our complete portfolio of projects and programmes. It explains how we plan, coordinate and provide assurance systems and approval points from identifying a project or programme to the realisation of benefits.

We have updated the 2011 version of our IAAS to reflect organisational change and closer alignment to Government business procedures.

Our strategy is a planning tool with a wide audience comprising our staff and customers and all those who wish to understand the process of assurance and the subsequent point of approval. It is designed to help all those planning projects and programmes of work and to assist the planning of these key stages in the lifecycle.

Assurance not only provides the project owner with the confidence that delivery of the benefits will be successful, but it also informs the business that we are investing in the right projects and programmes. Our strategy explains the variety of assurance systems we employ and how we audit these systems to ensure that they perform. Our assurance systems bring together subject matter experts from across our business and our sponsoring department, Defra. Collectively, we add value through the assurance process which we apply in proportion to the scale of cost and project risk.

DRAFT

5 of 27

Contents Executive summary ...................................................................................................................... 4

1. Introduction ............................................................................................................................... 7

Objectives of the IAAS ................................................................................................................. 7

Audience for the IAAS ................................................................................................................. 7

The Integrated Assurance and Approval Plan ............................................................................. 7

2. Purpose and Scope................................................................................................................... 8

How the IAAS will be used in the Environment Agency ............................................................... 8

Summary of assurance and approvals process (delegated authority) .......................................... 8

(FCERM <£100m; IT <£5m) ....................................................................................................................................... 8

Summary of assurance and approvals process (authority not delegated) .................................... 8

(FCERM >£100m; IT >£5m) ....................................................................................................................................... 8

3. Application of Assurance ......................................................................................................... 9

Corporate policy statement .......................................................................................................... 9

When we apply assurance .......................................................................................................... 9

Risk Potential Assessment .......................................................................................................... 9

Formal Guidance Documents .................................................................................................... 10

Informal Assurance ................................................................................................................... 10

National Project Assurance Service ........................................................................................... 10

(All projects in excess of £100k; FCERM only below £10m) .................................................................................... 10

Large Projects Review Group .................................................................................................... 11

(Restricted to FCERM in excess of £10m) ............................................................................................................... 11

Major Projects Assurance Group ............................................................................................... 11

The Major Projects Authority (MPA) .......................................................................................... 11

Assurance of non-EA projects ................................................................................................... 12

Audit .......................................................................................................................................... 12

Learning and Continuous Improvement ..................................................................................... 13

4. Approvals ................................................................................................................................ 13

Summary of the Financial Scheme of Delegation (FSoD) approval process .............................. 13

Delegations ............................................................................................................................... 13

Defra ......................................................................................................................................... 14

HM Treasury ............................................................................................................................. 15

Treasury Approval Point (TAP) ................................................................................................................................. 15

IUK Route map ......................................................................................................................................................... 15

5. Resourcing .............................................................................................................................. 15

NPAS and LPRG Resource Plans ............................................................................................. 15

MPA Review Support ................................................................................................................ 15

6. Appendices ............................................................................................................................. 15

Appendix 1 - Guidance Documents ........................................................................................... 16

Appendix 2 - Assurance and Approvals Stages18

DRAFT

6 of 27

Appendix 3 - Major Projects Assurance and Approvals Process ................................................ 19

Appendix 4 - NPAS Submission Flowchart ................................................................................ 20

Appendix 5 - Project Approval Delegations ................................................................................ 21

Appendix 6 - External Risk Management Authority Project Lifecycle ......................................... 22

Appendix 7 - LPRG Submissions Protocol ................................................................................. 23

Appendix 8 - Organising Major Project Reviews ........................................................................ 25

References .................................................................................................................................. 27

DRAFT

7 of 27

1. Introduction The Environment Agency promotes a substantial and varied portfolio of projects and programmes funded by public and private investment. We aim to deliver successful outcomes and value for money across the portfolio. Achieving this objective cannot be taken for granted so we have systems in place to ensure the best chance of success. These systems include independent assurance reviews and approval arrangements that apply to all projects and programmes whatever their size or degree of complexity but in proportion to the level of perceived risk.

The role of assurance is to provide information to those that sponsor, govern and manage a project or programme to help them make better informed decisions which reduce the causes of project failure, promote the conditions for success and deliver improved outcomes. There is strong evidence that independent assurance is beneficial to individual projects.

The Major Projects Authority was set up in 2011 as a partnership between the Cabinet Office and HM Treasury to address the findings of the National Audit Office (NAO) report Assurance of High Risk Projects 1(June 2010) and also the Major Projects Review undertaken in 2010. A major project is defined as any central government funded project or programme that requires HM Treasury approval and/or is of special interest to the Government and the majority are included in the Government Major Projects Portfolio (GMPP). The NAO report called for a central, mandatory system of assurance to be established for government. Integrated assurance and approval is defined as the planning, coordination and provision of assurance activities and approval points throughout the policy to delivery lifecycle.

Programme and project assurance, in conjunction with formal approval points, helps manage risk and improve delivery confidence. This approach supports all those responsible for successful delivery whilst providing funders and other stakeholders with the confidence that the project or programme can deliver to time, budget and quality. The MPA recommends that central government bodies develop an Integrated Assurance and Approval Strategy (IAAS) to ensure agreed and consistent assurance standards across their portfolio of projects. An IAAS will normally build on existing descriptions of how each organisation makes its investment approval decisions.

This Environment Agency IAAS has been revised to reflect changes to the Environment Agency governance and the portfolio of projects that now includes a number on the GMPP. For the purposes of assurance, the Environment Agency portfolio includes projects sponsored by Lead Local Flood Authorities and Internal Drainage Boards (referred to collectively as external Risk Management Authorities (RMAs). Projects and programmes are promoted across the whole range of the Environment Agency business portfolio and the principles contained in the IAAS apply without exception.

Objectives of the IAAS The IAAS:

• sets out the purpose and goals of the assurance and approvals regime required for all projects within the portfolio, depending upon their characteristics and level of risk;

• enables project teams to apply a consistent quality standard in line with Environment Agency, MPA and HM Treasury requirements

Audience for the IAAS This IAAS has been developed by the Environment Agency in consultation with our sponsoring department, Defra.

The audience for this IAAS includes all those who are accountable for the delivery of projects and programmes and those charged with providing assurance and approval.

The Integrated Assurance and Approval Plan

DRAFT

8 of 27

All central government major projects are required to have in place an integrated assurance and approval plan (IAAP), although all projects can benefit from this discipline.

The IAAP, which should be proportionate to the risk, includes a plan of all the assurance and approvals needed throughout the life of the programme or project. Scheduling these activities in advance enables the Environment Agency, Defra, the MPA and HM Treasury to forward plan resources accordingly. The IAAP should be developed at the outset as a part of the project initiation and be a part of the management case in the business case. For major projects, the IAAP should be validated by HM Treasury before submission of the strategic outline case (SOC). The content of an IAAP is defined by the Cabinet Office2.

2. Purpose and Scope How the IAAS will be used in the Environment Agency The purpose of our IAAS is to explain how we provide assurance to our programmes and projects and how we approve those that fall within our delegated authority. It also explains how we assure projects that fall outside our delegated authority. Assurance and approval are completely different activities and our aim is to make both as transparent as possible, to Environment Agency staff and our customers whether they be government, funding partners or the wider public.

The scope of this IAAS looks at assurance and approvals in separate sections.

We provide assurance to give our project teams an independent review of investment justification and delivery confidence at a strategic point in the maturity of the project. The assurance reviewer is a "critical friend" who provides expert advice that will help to ensure that a project achieves its projected benefits. Our assurance systems also provide a scrutiny role culminating in a recommendation to officers with delegated authority to approve expenditure. Each discrete assurance activity is explained and supported by flow charts. Government guidance allows us to apply assurance as best fits our business plan whilst being flexible and proportionate to the risks. Our approval delegations however, are specified in detail by Defra and defined in the Financial Scheme of Delegation (FSoD). It is not the purpose of this IAAS to reiterate the delegations but to explain how we apply them.

Summary of assurance and approvals process (delegated authority)

(FCERM <£100m; IT <£5m)

Projects or programmes are sponsored by Environment Agency senior officers. Projects sponsored by external RMAs are promoted by Environment Agency officers on behalf of the RMA. Two formal assurance systems exist depending on the programme/project type, risk and value. The National Project Assurance Service provides multi-disciplinary assurance to projects valued in excess of £100k. Flood and Coastal Erosion Risk Management (FCERM) projects above £10m capital cost are assured by the Large Projects Review Group (LPRG). The assurance systems provide the sponsor (or external RMA) with an assessment of delivery confidence and also provide a recommendation for approval. The sponsor informs the approving officer, about the outcome of the formal assurance process and requests approval. The approving officer may be a single role or a collective in the case of the Environment Agency Board. We notify Defra of any project with a whole life cost that may exceed the HM Treasury disclosure threshold of £50m.

Summary of assurance and approvals process (authority not delegated)

(FCERM >£100m; IT >£5m) We notify Defra of projects and programmes in this category before they are assessed by the Cabinet Office Major Projects Authority and HM Treasury. At this stage they may be included in the Government Major Project Portfolio depending on value and risk. Lower risk projects are subject to

DRAFT

9 of 27

HM Treasury disclosure at key milestones. All GMPP projects must follow a set reporting programme specified by HM Treasury and the Cabinet Office 5.

Under Civil Service rules Major Projects are owned by a Senior Responsible Owner (SRO), a role accountable for the delivery of the project/programme to Parliament. In the Environment Agency, the SRO is an Executive Director who may delegate day to day running of a major project to a project director. We apply similar assurance principles to these projects as to those of lower value, although assurance is also provided by the Major Projects Authority through a series of formal reviews. The MPA assurance reviews which can take place at any stage in the development cycle, help the SRO decide if the project is ready to move to the next stage. MPA assurance reviews are co-ordinated by the Cabinet Office and carried out by a team of reviewers drawn from either departments or specialist consultants.

Our Executive Directors and Board will indicate their agreement that the project can be submitted to Defra for their consideration and agreement. Defra conducts their review and then submits the business case to the HM Treasury. The HM Treasury will seek advice from Infrastructure UK and their Major Projects Review Group.

3. Application of Assurance Corporate policy statement The discipline of assurance and the control applied by the approvals process build on the cultural values stated in our Corporate Plan. We are committed to a risk based and proportionate assurance system across all our portfolio of projects and programmes.

When we apply assurance We apply formal assurance of projects prior to prescribed milestones or gates. We apply the same approach as is applied by all government departments and agencies, following the guidance provided by HM Treasury and adapted to our business need.

Business cases justifying our projects are assured at three stages of development, strategic, outline and full business case.

• The Strategic Outline Case (SOC) documents the initial assessment or case for change and seeks to justify further investment in evaluating or appraising the project. No more than is necessary should be spent developing an SOC and we clearly record the assumptions we make. At this stage in the life of the project, assurance provides confidence that the continued investment is worthwhile. This is the first project gate or Gate 1.

• The Outline Business Case (OBC) develops the case for change in sufficient detail and enables us to choose a solution that meets the objectives from a list of possible options. This is an important decision point and assurance provides the business and the project governance with confidence that the decision is the right one. This is the second gate or Gate 2.

• The Full Business Case (FBC) develops the solution design and tests the assumptions made during the design stage by inviting suppliers to tender prices to implement the project before we commit to a contract. Commercially, this is the most critical decision point and assurance provides confidence that the business case remains robust and that we have minimised project risk and uncertainty in proportion to the scale of the project thereby providing the public purse with the best value for money. This is the third and final gate or Gate 3.

The assurance and approval points are mapped in Appendix 2 (all projects) and Appendix 3 (Major Projects). The degree and type of assurance we apply is proportional to the project cost and amount of risk. We describe the assurance systems in the following sections and refer to other important documents.

Risk Potential Assessment

DRAFT

10 of 27

The Risk Potential Assessment (RPA) is an Office of Government Commerce Gateway TM process that provides a standard methodology for assessing the potential risk of our projects or programmes against defined criteria of political, public, financial and operational risk. It also helps inform the level of assurance required and the level of project management control we need to apply. We complete the RPA as early as possible in the lifecycle of a project or programme.

The level of risk is categorised as either very low, low, medium or high. In general, high risk projects are assured by the Major Projects Authority, medium risk projects are assured by the Department and low risk are assured by local arrangements. Our Quick Guide entitled Using the Office of Government Commerce Risk Potential Assessment (RPA) 2011 provides guidance on completing the RPA.

Formal Guidance Documents We provide a number of guidance documents and instructions to help our staff and external organisations understand our approach to assurance and approval. They include details of the standard templates for use when compiling the submissions. These documents and relevant Cabinet Office publications are listed in Appendix 1.

Informal Assurance We apply independent informal assurance in a variety of ways to suit the project risk and value. Colleagues with appropriate professional expertise review the project documentation and offer structured advice. For example, our Evidence Directorate research projects are subject to internal peer review and where necessary to external independent peer review to assure the business case including scientific quality.

We also provide informal assurance to external organisations planning to seek approval to a grant in aid funding application and whilst such projects will still be subject to formal assurance, the local checks are designed to provide our partners with a greater certainty of outcome.

Informal assurance also contributes to disseminating knowledge, learning and best practise amongst our staff and partners.

National Project Assurance Service

(All projects in excess of £100k; FCERM only below £10m)

The National Project Assurance Service (NPAS) provides consistent and robust assurance to all projects promoted by the Environment Agency and external RMAs. The NPAS draws from a large pool of cross-functional subject matter experts who are formed into a number of assurance boards. Smaller projects below £2m are submitted to one of a number of assurance boards that function by correspondence or telecom meetings. Larger projects are considered by a single national assurance board that either meets face to face or conducts business by phone as is proportionate to the scale of the submission.

The benefits of this system of assurance are:

• Consistency of advice through a national approach

• No fixed submission deadlines with assurance meetings only when beneficial

• Risk based proportional assurance

• Continual analysis and feedback of assurance advice that will help to enhance confidence and standards in project delivery

We set up the NPAS to flex in response to a changing submissions profile, so for example, we can set up one of more review boards at short notice to meet a short term increase in demand for assurance. Forward planning is drawn from our national project management system which feeds into the NPAS submissions planning team. Each of the assurance boards is co-ordinated by one of the planning team ensuring that the management of submissions is kept separate from the individual technical assurance reviews. The assurance boards are each led by a Lead Reviewer who also chairs the board and makes the final recommendation from the board with a delivery

DRAFT

11 of 27

confidence grading of red, amber or green. Red and amber delivery confidence grades accompany submissions with outstanding comments that have not been resolved.

The NPAS team holds regular workshops and learning events where we share selected case studies that contain learning points.

The process for submitting projects to the NPAS is provided by a flowchart included in Appendix 4.

Large Projects Review Group

(Restricted to FCERM in excess of £10m)

The Large Projects Review Group (LPRG) is an assurance group within the Flood and Coastal Risk Management Directorate. The terms of reference for the group is to assure flood and coastal erosion risk management projects (EA and Non-EA projects) with a capital value exceeding £10m and projects considered to be novel and contentious (HM Treasury terminology). The LPRG also assures high level plans and strategies that seek approval under the Non-Financial Scheme of Delegation. Assurance is concluded with a recommendation for approval.

We set up the review group at the request of Defra (then MAFF) and it has been in operation for over 15 years and is well known to all RMAs concerned with flood management. The LPRG is chaired by the LPRG Lead Reviewer on behalf of the Deputy Director of Investment & Delivery Assurance and the membership of the group extends to subject matter experts in environmental assessment, finance and partnership funding, appraisal, procurement and project management. Defra assurance reviewers also attend to combine our respective assurance reviews and to monitor the extent to which Environment Agency projects are achieving Defra policy objectives. The LPRG maintains a forward looking plan of our submissions and those expected from external RMAs.

The LPRG review concludes by making a recommendation for approval so all issues raised by the group must be satisfied before the recommendation can be provided.

In certain circumstances the LPRG may call for a detailed investigation into projects that get into difficulty. As well as supporting the assurance activity, the investigation report will be used to circulate learning points throughout our business.

Appendix 7 outlines the process for submitting to this group.

How we record NPAS and LPRG Assurance Reviews and Recommendations

The output from the NPAS is a review sheet including a commentary from the lead reviewer and the formal recommendation. The output from LPRG is the audit tracker sheet usually including a commentary from the lead reviewer and the formal recommendation which can include a statement of conditions.

Each year we undertake a review of projects that have asked for additional funding to deliver agreed outcomes and disseminate and embed the learning that arises.

Major Projects Assurance Group Our Executive Directors Team set up the Major Projects Assurance Group in 2012 in response to the growing number of high value projects and programmes. The MPAG comprises a standing committee of Executive Directors and aims to take a strategic overview of risk associated with the project or programme in the context of the wider corporate portfolio.

The Major Projects Authority (MPA)

DRAFT

12 of 27

The MPA is part of the Cabinet Office and has specific requirements we must follow in connection with the administration of "major projects". Guidance is available in the document Major Project approval and assurance guidance 3. A primary requirement of the MPA is for all major projects to have an Integrated Assurance & Approvals Plan (IAAP) which must be validated by both the MPA and the HM Treasury.

Major project assurance is split into planned and consequential categories. Planned assurance includes:

• a Risk Potential Assessment identifying project risk and level of assurance required

• a Starting Gate Review exploring deliverability prior to public commitment

• Gateway TM Reviews – series of assurance gates before key milestones

• a Project Assessment Review – flexible assurance review tailored to the project

Consequential assurance has defined tools designed to investigate projects that are in difficulty (refer to the Formal Guidance Documents table for details).

Assurance activities are tailored according to the risk category determined by the Risk Potential Assessment. The responsibility for projects of medium risk rests with Defra, however projects with a high risk category will be reviewed by the MPA. Reviews are resourced by civil servants drawn from the MPA, departments, Infrastructure UK and, in some cases, external accredited consultants. We can request support from the MPA at any time in the life of a programme or project.

The Senior Responsible Owner initiates the review process. Our SROs are required to commence with a Starting Gate review and thereafter to plan reviews to provide delivery confidence assessments prior to passing through important decision points. We still need to carry out our internal assurance reviews. The MPA delivery confidence assessments are provided confidentially to the SRO with a copy to the MPA.

Assurance of non-EA projects Non-EA projects are those promoted by external RMAs in England and who apply to us for funding. The process by which we provide funding is defined in the Memorandum relating to capital grants for local authorities and internal Drainage Boards in England under the Flood and Water Management Act 2010, Coastal Protection Act 1949 and Land Drainage Act 1991 (April 2013).

The Memorandum explains that we will assess business cases in support of applications for funding. Applications are received by our Area Flood and Coastal Risk Managers who will assure those with a value below £100k and seek assurance from either of the assessment boards, NPAS or LPRG for those with a value exceeding £100k. We assure projects from external RMAs in the same way as we assure Environment Agency projects, including major projects. External RMAs will present to the assurance boards and receive the output from the assurance process.

See Appendix 6 for a diagram explaining the assurance and approval life cycle for applications submitted by external RMAs for grant in aid.

Audit Internal Audit undertakes an annual programme of audit work. This programme is determined with senior management and approved by the Environment Agency’s Audit Risk and Assurance Committee, and is based upon the organisation’s risk profile and corporate objectives. On a risk basis, projects and programmes may be included in this programme. In addition, Internal Audit can be commissioned to provide independent advisory and consultancy work to provide additional checks and balances to projects and programmes where required.

Public Sector Internal Audit Standards (PSIAS) require the Head of Internal Audit (HIA) to provide to the Accounting Officer an opinion on the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and control, timed to support the annual Governance Statement. As such, Internal Audit also acts to monitor and coordinate between the different sources of assurance across the organisation, and its overall assurance

DRAFT

13 of 27

framework. For example, Internal Audit considers and may provide the link between internal and external sources of assurance, or between the first, second and third lines of assurance (first line: operational managers and staff, the 1st line implement policies, procedures and controls. They have day to day responsibility for managing risk; second line: risk managers, compliance, quality and regulatory reviews, these co-ordinate, facilitate and oversee the management of risk and compliance within the organisations risk appetite; third line: independent risk assurance e.g. internal audit supported by the audit committee, providing independent assurance in respect of governance, risk management and control.)

Internal Audit does not have an executive role in management decision making, although their assurance opinions may influence such decisions.

Learning and Continuous Improvement We are committed to sharing ideas and to personal development as identified in our Corporate Plan. Learning from our project experiences is a vital part of this, sharing good practise and areas where we can improve. Our sponsor department Defra will undertake a Post Project Evaluation at intervals and we embrace their findings. We undertake periodic post project appraisal to draw learning from a suite of recently completed projects and publish the findings in the public domain.

We conduct specific investigations into project performance that has fallen outside approved parameters, particularly cost and identify recommendations that can be implemented across our business and supply chain.

4. Approvals

Summary of the Financial Scheme of Delegation (FSoD) approval process The FSoD defines Environment Agency expenditure and provides transparency and accountability for the financial decisions we make.

Business Cases for projects with a value under £100k do not require formal assurance or FSoD approval. Should the value of the project subsequently exceed £100k then this will require both assurance and FSoD approval.

FSoD approval is currently required for:

• Partnership projects with a total cost over £50k

• Single Tender Actions where there is only a single source supplier

• Consultancy Forms (both advisory and non-advisory)

Our FSoD Co-ordinators arrange approval signatories to all FSoD forms with accompanying assurance review sheets. In the case of higher value projects the National FSoD Coordinator will ensure the approving officers have been consulted and that the required signatories are in place prior to Chief Executive approval and subsequent Board, Defra or HM Treasury submission (where applicable). We aim to collect signatories within two weeks of receipt of the FSoD forms. E-mail is acceptable evidence from an approver.

The project sponsor also briefs the appropriate FSoD approver.

Business Cases or claims for supplementary expenditure requiring approval from the Executive Board can be approved under Sub Delegation where our Chairman represents the Board. All items to be submitted to the Board must be included in the FSoD Board paper managed by the National FSoD Coordinator.

Delegations

DRAFT

14 of 27

The levels at which items need Defra approval are set out in the Financial Memorandum. The Board owns the FSoD Schedule which shows the levels to which the Board have delegated the approvals, passed to us from Defra, down into the business. The delegations are split between National and Area.

EA delegation for Projects (not including FCRM capital projects) is up to £5m. Projects over £5m will require approval from the appropriate Executive Director, Chief Executive, the Board and Defra.

EA delegation for FCRM capital projects is up to £100m. This requires approval from the Chief Executive with consultation from the Executive Director of FCRM (National) or Executive Director of Operations (Area). The EA Board and Defra have the opportunity to call-in projects between £5m - £100m in whole life cost terms (WLC).

EA delegation for LA, IDB and other RMA FCERM projects is up to £100m. This requires approval from the Chief Executive with consultation from the Executive Director of Operations (Area) and the Director of Business Finance. The EA Board and Defra have the opportunity to call-in projects between £5m - £100m in whole life cost terms (WLC).

EA delegation for Consultancy projects is up to £500k. Projects over £500k will require approval from the Chief Executive, the Board and Defra.

Appendix 5 shows the relevant delegations

Defra Environment Agency projects and programmes that fall into either medium or high risk when assessed for Risk Potential must be notified to Defra. HM Treasury has delegated an expenditure threshold to Defra. Currently this is £100m whole life costs for projects with a defined lifetime. Lower values apply for ICT projects: £5m whole life costs; £1m on admin support systems. HM Treasury require projects exceeding the £50m threshold to be disclosed. The threshold of delegation does not apply in cases where the projects are novel or contentious.

Defra will review Environment Agency submissions at the Network Operations and Investment Executive Committee (NetExCo) which is chaired by the Permanent Secretary who is also the Accounting Officer. The NetExCo members are the five DGs (including Chief Veterinary Officer who is not on the board), Defra Finance Director and CEOs from Environment Agency, Natural England, Rural Payments Agency and the Animal and Plant Health Agency. The NetExCo meets twice a month.

The NetExCo is currently supported by the Network Operations and Investment Committee (NOIC) and the Risk Panel. The NOIC is the portfolio board for the Transformation Portfolio. In addition it considers delivery of major projects, including benefits tracking and performance of cross-network services, e.g NCS, SSCL, health and safety. It is chaired by the Chief Operating Officer and meets monthly. The Risk Panel assesses and monitors the Department’s strategic risks as agreed by the Board and the NetExCo. It is chaired by the Chief Scientist and meets roughly every two months.

Defra encourages us to engage early with their finance and commercial staff about planning this process. Each project will have different requirements and these will vary depending upon the stage of the business case, so the format of the submission must be agreed by Environment Agency and Defra Executive Directors in advance and consider the need to engage Ministers.

In support of this process we accompany the business case with an assurance statement ahead of submission to Net Ex Co. The statement explains the key findings of the assurance reviews and matters to bring to the attention of the NetExCo who will need assurance that business cases demonstrate appropriate due diligence and that relevant experts have been involved in the preparation and assurance reviews.

We engage with the committee secretary to arrange an agenda item and present our business cases for approval. The Defra NetExCo decide whether a business case can be submitted to HM Treasury.

DRAFT

15 of 27

HM Treasury

Treasury Approval Point (TAP)

We must seek HM Treasury approval where we propose expenditure that exceeds the limits delegated to Defra. Treasury uses the TAP process to scrutinise our proposals. The process aims to improve the quality of scrutiny of projects and to improve value for money. The TAP applies at the three main business case stages, strategic outline (SOC), outline business case (OBC) and final business case (FBC).

The TAP process is applied by Treasury spending teams who include subject matter experts. In certain circumstances our project may be asked to present to a TAP Panel meeting.

Projects with a whole life cost exceeding £1bn or are highly innovative or very high risk may be scrutinised by the HM Treasury Major Projects Review Group (MPRG).

IUK Route map Infrastructure UK (IUK) is a part of HM Treasury set up by government to reduce waste and improve value through efficiency savings across both public and private sector investment in infrastructure delivery. The Route map (Improving Infrastructure Delivery: Project Initiation Route map 4) is a framework to address recurring problems and common causes of failure in major projects and which enables us to align complexity with the necessary capabilities to ensure a successful outcome.

5. Resourcing NPAS and LPRG Resource Plans We expect assurance reviewers to demonstrate expertise in a particular field and where possible, to support this with evidence from a technical development framework classification. Membership of an assurance board should be documented in the reviewer's Individual Performance Plan and will be subjected to quarterly performance reviews with their line manager. We encourage training and continuous professional development to ensure that our reviews have the skills necessary to sustain high standards of project delivery. We also encourage reviewers with a common technical specialism to share their experiences in order to spread learning and improve consistency of approach.

MPA Review Support The Environment Agency supports its sponsoring department, Defra by offering experienced candidates to take part in cross departmental assurance reviews for either medium or high risk projects including those on the GMPP register. Candidates are accredited by the MPA at either medium or high risk levels following an assessment process looking at their skills and experience and whether they are competent to lead a review team.

When an SRO raises the need for an assurance review, the host department calls for support from the cross-departmental reviewer pool and identifies the subject matter areas and security classifications. The review team is comprised of three or four reviewers including a leader who is accountable to the SRO. The resource costs of each review are met by the reviewer's department. Accredited reviewers are expected to undertake two reviews per year.

6. Appendices

DRAFT

16 of 27

Appendix 1 - Guidance Documents

The way in which we apply corporate project management is explained at:

http://intranet.ea.gov/policies/62382.aspx

Our approach to corporate project management

Project Roles, Responsibility and Governance

http://intranet.ea.gov/policies/61490.aspx

This document outlines the roles, responsibilities and capabilities associated with managing, leading and governing a project.

Writing a Successful and Compelling Form A Business Case

http://intranet.ea.gov/search.aspx?client=default_frontend&site=default_collection&output=xml_no_dtd&proxystylesheet=default&ie=UTF-8&oe=UTF-8&filter=0&q=writing+a+compelling+business+case

Provides EA staff with guidance in preparing a business case.

Using the Office of Government Commerce Risk Potential Assessment (RPA) 2011

http://ams.ea.gov/ams_root/2011/701_750/718_11.doc

http://www.cabinetoffice.gov.uk/sites/default/files/resources/Risk%20Potential%20Assessment%20Form%20Jun

Our quick guide to assessing the project risk.

The Risk Potential Assessment

DRAFT

17 of 27

e%202011.doc

Business Case Template (following the 5 case model)

Add link

Our Operational Instruction containing the template and generic guidance.

Assuring a Project

http://intranet.ea.gov/search.aspx?client=default_frontend&site=default_collection&output=xml_no_dtd&proxystylesheet=default&ie=UTF-8&oe=UTF-8&filter=0&q=writing+a+compelling+business+case

Provides EA staff with details of the project arrangements needed to ensure independent assurance and how and when to do this.

Project appraisal report guidance for a FCERM simple change project for local authorities and Internal Drainage Boards and other risk management authorities

https://www.gov.uk/government/publications/project-appraisal-report-for-fcerm-projects

Provides guidance to external Risk Management Authorities applying for grant in aid to promote flood and coastal erosion risk management projects.

Major Projects Authority Planned Assurance Reviews (was OGC GatewayTM Process)

https://www.gov.uk/government/publications/major-projects-authority-assurance-toolkit

http://webarchive.nationalarchives.gov.uk/20100503135839/http://www.ogc.gov.uk/what_is_ogc_gateway_review.asp

The Major Projects Authority: assurance toolkit, supplemented by the OGC Best Practise - Gateway to Success is a process that examines projects and programmes at important decision points and looks ahead to provide assurance that they can progress successfully to the next stage. The process is presented in a series of workbooks and is best practise in central government.

DRAFT

18 of 27

Appendix 2 - Assurance and Approvals Stages

Assurance & Approval Stages - A2/3 - FCERM Capital

Starting Gate

>£100mRPA High Risk

>£50m < £100mRPA Med Risk

>£2m < £50mRPA Low Risk

£100k<£2m

NPAS/LPRG Assurance Investment Approval Contract Award

Gateway 1 – SOC/FCERM7

OGC Review

Gateway 2 – OBC/FCERM2 FBC

MPAG Assurance

Gateway 3 - Defra , HMT

Defra/HMT ReviewsFunding Approval

FSoD A2/3 SOC

FSoD A2/3 SOC

FCERM7

Deminimus

Deminimus

Deminimus

FSoD A2/3 SOC

FSoD A2/3 FBC

FSoD A2/3 FBC

FSoD A2 /3

>£2m < £50mNon-EA only

Funded by RMA Funds Allocated to RMA FCERM7

Deminimus

<£100k Non-EA Funded by RMA Funds Allocated to RMA

OBC assurance stage decided at Gate 1

Funded by RMA FCERM2 Funds Allocated to RMANon-EA

FCRM

Local Assurance

Assurance & Approval Stages – EA Only - A1 (E&B, CIS, FCRM Revenue & non strategy capital)

Starting Gate

>£5m

>£1m < £5m

NPAS/LPRG Assurance Investment Approval Contract Award

Gateway 1 – SOC

OGC Review

Gateway 2 - OBC FBC

£100k<£1m

MPAG Assurance

Gateway 3 – Defra, HMT

Defra/HMT ReviewsFunding Approval

SOC

Deminimus

Deminimus

Deminimus

Form A/SOC

FBC

A1

FBC

A1,2&3 <£100k Deminimus

OBC assurance stage decided at Gate 1

Local Assurance

or

DRAFT

19 of 27

Appendix 3 - Major Projects Assurance and Approvals Process

Major Projects Assurance and Approval Process

Stra

tegi

c O

utl

ine

C

ase

Ou

tlin

e B

usi

nes

s

Cas

eFu

ll B

usi

nes

s C

ase

AP

PR

OV

ED S

OC

Risk Potential Assessment

Initial Assessment , Project Planning, Strategic Outline

Case

Dir Ops

Exec Dir Ops

CEOEA

BoardHMT

Defra NetExCo

LPRG

Ass

ura

nce

Ass

ura

nce

Ass

ura

nce

Ap

pro

val

MPA Starting Gate

MPAG Advice

MPRG IUK

MPA Gate 1 (Business

Justification)

Ap

pro

val

Ap

pro

val

Detailed Options Appraisal, Outline Business Case

Design., Procurement, Full Business Case

Dir Ops

Dir Ops

Exec Dir Ops

Exec Dir Ops

CEO

CEO

EA Board

EA Board

Defra NetExCo

Defra NetExCo

HMT

HMT

AP

PR

OV

ED O

B C

AP

PR

OV

ED F

BC

MPA Gate 2 (Option Choice)

MPA Gate 3 (Investment

Decision)

LPRG

LPRG

OBC

MPRG IUK

SOCReview

RPA

MPAG Advice

MPAG Advice

DRAFT

20 of 27

Appendix 4 - NPAS Submission Flowchart

Is it a partnership

project?

Is the project cost

above £100k?

(new total cost for

form G)

1. Assurance

through project

governance

Is it an FCRM Capital

project?

Is the project cost

above £10m?

(new total cost for

form G)

Is it novel or

contentious?

Is it a form A for business

case preparation costs

where the scheme will be

above £10m in value?

Is the project cost

above £2m?

(new total cost for

form G)

2. Assurance

through LPRG

3. Assurance

through National

PAB

No

Yes

Yes

Yes

No

No

Yes

Does the project

have an IT element?

Yes

Yes

4. Virtual assurance

through NPAS

Is the project cost

above £1m?

(new total cost for

form G)

6. Assurance

through IT TAB and

National PAB

5. Assurance

through IT TAB

Is the project cost

above £1m?

(new total cost for

form G)

4. Virtual assurance

through NPAS

3. Assurance

through National

PAB

No

No

Yes Yes

Yes

No

No

No

No

This flowchart helps you to decide

the assurance route for a project’s

business case or form G (request for

additional funds). Once you've

reached one of the numbered

boxes, go to the relevant heading

below to find out what you need to

do next.

Is our contribution

above £100k?

Are we leading the

project?

Yes

Yes

No

No

No Yes

DRAFT

21 of 27

Appendix 5 - Project Approval Delegations

A2 SOC/OBC/FBC Strategy Plan

A3 SOC/OBC/FBC

Deputy Director

Director Operations

Executive Director Operations

Chief Executive

Agency Board

Defra

<£2 million

<£1 million

<£10 million

<£20 million

<£10 million

<£5 million

>£20 million

<£20 million

Project FSoD Delegations

<£250m

A1 SOC/OBC/FBC

£<1 million

<£5 million

H M Treasury

>£5 million

>£100 million >£250m

>£20 million

>£100m

Strategy NFSoD Delegation

DRAFT

22 of 27

Appendix 6 - External Risk Management Authority Project Lifecycle

Ide

ntify p

rob

lem o

r ne

ed

Produce project

mandate

•FCERM1 (MTP)

•Mandate•Moderation•PF Calculator

•Shape File•Appendix D

Bid for funding via

MTP or in year addition

Funding Allocated

Letter to LLFA

Design/ConstructionApplication

• FCRM2/PAR•CPA1/2 (Coastal )

LLFA Submit business case

Business case/project approval

<£100k – Area Approval>£100k – NPAS approval> £10m+ - LPRG approval

Gate 2

Outline Business Case &

option choice

Gate 3

Full Business Case and award

contract

Gate 4

Readiness for service

Final account•FCERM5

Gate 5

Contract completion

Gate 6

Project Closure

EA PSO

Local Authority

Flood Risk Management Authority Project Lifecycle

Gate 7

Benefits realisation and Post Project

Appraisal

EA (LA/IDB Finance)

Provide Scheme Number/LDW/LL/CPW

Funding Claims•FCERM6Forecasts•FCERM3

Claims•FCERM4Variations

Project Closure•FCERM8

Project Stages

Gate1

Strategic Outline Case supporting the FCERM7

Project Start

Confirm Funding Approval Letter to

LLFA

Grant Payments

Final Review

Study Complete

Proceed with Design/Construction

Application FCRM2/PARCPA1/2 (Coastal)

Study Application•FCERM7

Final account•FCERM5

Project Closure•FCERM8

Construction Complete

DRAFT

23 of 27

Appendix 7 - LPRG Submissions Protocol The business case (OBC/FBC) is used to decide if the investment is worthwhile and should be contained within 25 pages including an executive summary in the following format:

• Document submission list with the electronic file names, including appendices and a brief description of contents in standard format.

• Use the latest templates from our Easinet or GOV.UK website.

• Documents should be in MS Word, Excel or pdf. Gantt charts should be in pdf and not mpp format. Risk registers should not be in pdf. Appendices should only contain information that has a material bearing on the process of arriving at the recommendation.

• The business case and scheme of delegation (SoD) coversheet.

• Electronic copies of drawings referred to in the business case; in PDF or JPEG format.

The LPRG review will look at these areas:

• Adherence to the technical, environmental and economic requirements set out in FCERM-AG.

• A clearly defined problem and evidence of flooding to validate the predictions. Defined details of the existing defences, their condition grade, residual life and standard of protection provided.

• Water Framework and other relevant Directive objectives given equal consideration with flood risk.

• The choice of preferred option clearly demonstrated in economic and environmental terms.

• Clearly defined outcomes and benefits.

• That all the appropriate people have been consulted in the production of the business case.

• That the preferred option is affordable and that sources of external funding been investigated, in the case of a strategy plan, or in the case of a business case for a scheme, secured.

• Costs are broken into auditable sums and benchmarked against comparable projects.

• Key risks are presented with realistic mitigation and the risk contingency adequately reflects the risk to the project.

• The economic benefits are quantified and summarised in the business case document.

• In the case of a strategy plan, there is a clear implementation plan with detailed costs for the first five year period with partnership funding scores for each discrete intervention.

• A scheme OBC has a procurement strategy included.

• The expenditure profile matches the 6 Year Plan.

• In a supported change project, the relevant details from the strategy plan still apply.

• Electronic copies of letters of support from Natural England, Local Authorities and funding partners should accompany the submission.

• Where the submission includes a Statement of Case in support of Imperative Reasons of Overriding Public Interest, the submission to LPRG should demonstrate that Defra has been informed of our plans.

• Clear and appropriate governance arrangements in place.

A pre-meeting by BT Live-meet takes place after documents have been issued to LPRG members but before reviews have been carried out to enable reviewers to reach an understanding of the key issues, some of which may not be immediately apparent in the document. You are required to provide the LPRG support team with an electronic copy of the presentation and BT MeetMe dial in details and participant code. The meeting format:

• Introductions and check that technology is working for all attendees

• Chairman to set out the objectives of the session

• Presentation by project team

• Clarifications, Q&A from LPRG Reviewers

• Discussion as appropriate

DRAFT

24 of 27

• The LPRG Chair will provide a summary of the key issues and advise on next steps

The presentation will need to concentrate on setting the ‘big picture’ for the business case and provide a summary of the main issues encountered in developing the project or strategy. Decide who is attending and who will lead on each question. No more than four people should attend in total. You are strongly advised to rehearse your presentation to a group of colleagues to test the communication of the key messages and encourage constructive feedback on your style and impact. Presenting by BT Live meeting raises different challenges than presenting face to face. Try to focus the number of key points to as few as possible. Ensure everyone can hear you speaking by asking from the start. Keep the presentation to 10 minutes. Even one rehearsal will help you when you come to deliver the presentation to LPRG. Please follow these etiquette points:

• Let the Chair know when you want to speak by saying their name

• Identify yourself before speaking.

• Turn off ring tones on mobile phones

• Use the mute button on when not participating in a discussion.

• Avoid lengthy discussions. The relevant points should be summarised and directed back to the meeting chair for final comment.

• Pause frequently. You'll want to give participants time to think about what's being said and to add their own comments. Participants can't see each other, so a pause gives them a chance to step in without feeling that they're interrupting.

• Keep to time. If there's no time to discuss other important topics, indicate that they'll be handled through the review sheet.

• Address a question a specific individual rather than the group as a whole. You'll get an answer quicker if everyone doesn't pause to figure out who will respond.

Where a submission is referred to a full meeting it is strongly recommended you submit responses to key issues direct to the LPRG Submissions Manager prior to the meeting. An agenda will be sent the week before stating the time and venue. Notify the LPRG Submissions Manager who will be attending. Limit the number of attendees to no more than 4 unless there are exceptional circumstances including local authority partners and senior EA sponsors.

Practice the presentation before the meeting. Address the meeting and not the screen and check everyone can hear you. Give your audience time to absorb the points. Keep the presentation to 10 minutes and stick to the key issues; the problem, the preferred option, key risks and funding position. After the meeting any outstanding issues and actions will be clarified and you will receive a revised copy of the audit trail. If you have to re-submit, provide the LPRG Submissions Manager with a resubmission date, and keep them informed if there is any delay.

Once all issues are satisfied you will receive notification from the LPRG Submissions Manager confirming LPRG are ready to recommend approval. At this stage you will be asked to produce the final electronic version. It is important that you notify the Director's PA and National FSoD Coordinator to advise them that the documents are on the way to the Hub Director.

LPRG does not require you to collect the QA signatures a second time. FSoD consultee signatures do need to be collected again if there is a change to the FSoD documentation signed during the submission process. Alternatively an email from the FSoD approver confirming support of the revision is acceptable.

Brief your Hub Director. For project submissions requiring approval at national level you should provide a briefing by teleconference to any director likely to be involved in signing the submission. The preferred approach, endorsed by the Executive Director of Operations, is a half hour briefing to all national directors at one time. Hub Directors do not usually join the briefing but should be notified it is taking place. Book a half hour slot in the diaries of each director you need to brief. This should be done as soon as possible after the LPRG recommendation to approve.

DRAFT

25 of 27

Appendix 8 - Organising Major Project Reviews

Major project reviews require effective organization. The following information and links are provided to explain how major project reviews are set up and managed.

Government major projects on the Government Major Projects Portfolio (GMPP) must adhere to guidance issued by the Major Projects Authority and who organize the reviews directly. Major projects outside departmental delegation limits (ie £100m for Defra/EA) but not on the GMPP will be subject to similar reviews but the appointment of reviewers will be the responsibility of Defra. The planning and organizational needs of the MPA and departmental reviews are broadly the same.

Guidance is available from the GOV.UK site Major Projects Authority: Assurance Toolkit here and contains the following publications:

Major Projects Approvals and Assurance Guidance: this explains the three stages of the business case and how and when reviews are carried out. It also explains the HM Treasury review and approval process.

Major Projects Authority assurance and approvals for agile delivery of digital services

Integrated assurance and approvals: lifespan of a major project on the GMPP: a flowchart showing the key assurance and approval points.

Integrated assurance toolkit for major projects - this summarises the different types of review meeting and their objective.

Guide to planning integrated assurance and approvals: explains the content of an Integrated Assurance & Approvals Strategy and also the Integrated Assurance and Approvals Plans that are applicable to all major projects and good practice for all projects.

Guide to choosing which MPA assurance review: this explains the different types of review, when they apply, their objectives, how each is arranged, the composition of the review team, the format of the review and the report including circulation.

Risk potential assessment form: determines the risk category of a programme or project and hence the route to assurance.

Starting Gate guidance: this document is essential reading for anyone accountable for a project and those tasked with organizing the reviews. It explains the reasons for the starting gate review, how it is organized and run, who is responsible for what and describes the arrangements needed. The arrangement of reviews at Gates 0 to 5 all follow the same process.

Project Assessment Review (PAR) guidance: a PAR is used when the standard Gateway 0 to 5 review are not considered to probe sufficiently deeply or when a project is getting into difficulty. It is sometimes referred to as a deep dive. The document explains the objectives of a PAR and how it is planned and run.

The GOV.UK page also provides a link to the OGC Gateway TM archive here and which includes under the programmes and projects tab the following titles:

A manager’s checklist: a quick guide to the review stages

Gateway Review workbooks: a series from Gateway 0 to 5 containing the essential checklists arranged under 6 headings which are used in the delivery confidence report produced by all MPA reviews.

Common causes of project failure

Initiating an MPA Review

Points to bear in mind:

DRAFT

26 of 27

• The SRO or project executive is the client for the assurance review and is responsible for the effective implementation of the recommendations.

• Assurance reviews are resourced commensurate with the inherent risk and complexity.

• The review team must be independent of the project and are responsible for the content of the report

• The review team comprises accredited peers, with the requisite skills, knowledge and experience that are drawn from an effectively managed Reviewer pool

• The review is short, focused and forward looking, delivering a report to the SRO on the final day of the review

• The recommendations of the review will be candid and practical, based on best practice and evidence and prioritized for urgency of implementation.

• The review process will be open with access to all stakeholders and documentation. It will be undertaken in a confidential and non-attributable manner.

• A peer to peer coaching style will be adopted with a no surprises approach.

Timeline Activity Event

Week 0 Departmental Assurance Coordinator (DAC) and SRO agree review resource requirements with reference to the updated RPA. The RPA determines the structure of the review team, eg risk level and expertise needed in the review team. The assessment meeting is to understand the current status of the project, confirm the readiness for a review and discuss logistics and dates for the planning meeting and review.

Assessment Meeting

Week 2 DAC arranges the review and sends out the RTL pack. Review team identified by seeking volunteers from across departments. DAC and SRO select team. Dates and venue for the planning meeting and Review confirmed. Preliminary documentation sent to the Review team. Project team develops the Review interview schedules and identifies relevant project documentation. Project team identifies the Review coordinator whose responsibility is to make all arrangements for the planning meeting and review days and to organize the interview diary. The task of organizing the interviews must not be underestimated and diary dates must be fixed well in advance.

Sets up Review Team Logistics

Week 6 DAC briefs the RTL concerning resource requirements and RTL briefs the team. RTL contacts the SRO. DAC and project team organize accommodation for the planning meeting and Review including domestic arrangements, security passes, refreshments, transmission of documents, arrangements for remote interviewing by either VC or telecom, means of exchanging draft reports between RT members etc

Continue to organize interviews

Prepare Review

Week 7 Review team meets to run through code of practice. Joined by the SRO (supported by members of the project team as necessary) who gives a presentation to set the scene. Review team asks preliminary questions and agrees the interview schedule for the Review including the arrangements to feed back to the SRO at the end of each day.

Any changes to interview schedule must now be confirmed with interviewees urgently.

Planning Meeting

DRAFT

27 of 27

Week 11 Day 1 – first hour set aside for review team arrangements. Thereafter interviews follow allowing a maximum of 50 mins for each and 10 mins for wash up before next interview. RTL feeds back to the SRO at end of each day with findings and to share early thoughts. Day 2 – interview schedule should end by mid afternoon allowing the review team to start drafting the report. Day 3 – clear for review team to draft report and present to the SRO at end of day 3.

SRO comments on the draft.

Review and draft report

Week 12 Incorporate responses to comments and final report delivered to SRO ccMPA

Final Report

References 1 National Audit Office: Assurance for high risk projects, http://www.nao.org.uk/report/assurance-for-high-risk-projects/

2 Major Projects Authority: Assurance Toolkit, Guide to planning integrated assurance and approvals. https://www.gov.uk/government/publications/major-projects-authority-assurance-toolkit

3 Major Projects Authority: Major Projects Approvals and Assurance Guidance. https://www.gov.uk/government/publications/major-projects-authority-assurance-toolkit

4 HM Treasury: Improving Infrastructure Delivery: Project Initiation Routemap, https://www.gov.uk/government/publications/improving-infrastructure-delivery-project-initiation-routemap

5 Cabinet Office: Transparency policy on the Government’s Major Projects Portfolio (GMPP) and guidance for departments on exemptions. https://www.gov.uk/government/publications/major-projects-transparency-policy-and-exemptions-guidance