[ARCHIVED CONTENT] Department of Trade and Industry

This snapshot, taken on 22/07/2004, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.

Find out more about web archiving at The National Archives

See all dates available for this archived website

E.6 GATEWAY REVIEWS

E.6.1 Contents

Introduction
Benefits
What to Do
Low Risk Projects
Medium/High Risk Projects

E.6.2 Introduction

All new procurement projects in civil Central Government (including Agencies and NDPBs) are subject to Gateway Reviews. The Gateway Process has been developed by Office of Government Commerce (OGC) and examines a project at critical stages in its lifecycle to provide assurance that the project can progress successfully to the next stage. It is designed to be applied to projects that involve the procurement of services, construction/property, IT-enabled business change or procurement projects establishing framework contracts. Procurements are any finite activity designed to deliver a government requirement and involving government expenditure.

The Gateway Process is based on well-proven techniques that lead to more effective delivery of benefits together with more predictable costs and outcomes. The process reviews the project at critical points in its development. These critical points are identified as Gateways. There are up to 6 Gateways during the life cycle of a project, 3-4 before contract award and two looking at service implementation and confirmation of the operational benefits. The process emphasises early review for maximum added value.

E.6.2 Benefits

The aim of the Gateway process is to provide assurance and support for Project Owners (POs) and Senior Responsible Owners (SROs) in delivering their responsibilities and ensuring the success of their procurement project. Benefits include assurances that:

Realistic time and cost targets for projects established and achievable

The necessary skills and expertise are available and deployed on the project
The project is sufficiently resourced
All the stakeholders covered by the project fully understand the project status and the issues involved

The project can progress to the next stage of development or implementation

The Office of Government Commerce (external link verified June 2004) site contains full details about the Gateway Process.

E.6.3 What to do

First decide whether the procurement is a distinct project or just part of an ongoing process. If in any doubt, the Procurement Policies & Services (PPS) unit and OGC Gateway Helpdesk (external link verified June 2004) can provide advice but ultimately this is a decision for line management.

Once a procurement project is identified it should be risk-assessed as early as possible in the process i.e. once a sufficiently clear picture of the project is available. This is achieved by the Senior Responsible Owner (SRO) or Project Owner (PO) completing the OGC�s Project Profile Model (PPM) which is on the OGC website (external link verified June 2004).

The Project Profile Model (PPM) contains three spreadsheets from which the most appropriate should be selected by the staff completing it (i.e., IT-enabled Business Change, Property & Construction or Service Procurement). As stated in the PPM guidance notes, it provides a standard set of high level criteria against which the degree of difficulty and risk can be assessed.

Completion of the PPM produces a total score that indicates the level of risk involved in the procurement project:

Low Risk Score of 30 or below (the lowest score is 14)
Medium Risk Score of 31-40
High Risk Score of 41 or more

E.6.4 Low Risk Projects

For procurement projects scoring 30 points or below (the lowest possible score is 14) the SRO/PO should consider whether a Gateway Review is warranted. For procurement projects scoring at the lower end of the Low Risk category an assessment should be made of the reasonableness of devoting resources and time to a review. These should be commensurate with the level of value likely to be added. In addition to the PPM score, other factors that should be taken into account include:

Whether the procurement planned is novel or routine, and
The skills and experience of the procurement team.

Actual contract value is included in the PPM risk assessment. While the likelihood is that lower-scoring procurements will not need to be reviewed and that higher-scoring ones will, circumstances may differ in each case and SROs/POs need to take all relevant factors into account.

Where it is decided that a Gateway Review is appropriate for a Low-Risk project, the SRO/PO or Project Manager acting on his/her behalf should send the PPM to the Procurement Policies & Services Unit (PPS) in FRM and consult Mike Patton on next steps. Low-Risk Reviews are undertaken by teams selected from a panel of nominees from DTI, its Agencies and NDPBs. The PPS, in consultation with the SRO/PO, will appoint a Review Team Leader from the panel for each low-risk Review.

Decisions made during the course of the above process should of course be documented on file with justifications.

E.6.5 Medium/High Risk Projects

All IT procurement projects and other procurement projects scoring over 30 points (i.e. high and medium risk) are dealt with by OGC. SROs/POs should submit PPMs in these categories to the OGC Helpdesk (external link verified June 2004) and consult them about next steps. The OGC Gateway Team need 6-8 weeks notice of a Review in order to undertake the necessary planning and team selection.

E.7 RISK MANAGEMENT

E.7.1 Contents

Introduction
Allocation of Risk
The Risk Management Process
Financial Stability of Contractors
Other Procurement Risks
Risk Analysis
Reducing Risk
Contingent Liability
Additional Information and Advice

E.7.2 Introduction

The advice in this section should be read in conjunction with the OGC guidance on Risk Management (external link verified June 2004).

The Department is exposed to many types of risk (i.e. the probability of incurring misfortune or loss). These are mostly, but not exclusively, finance related and concern physical assets, valued information and human resources. Departmental assets, information or services are increasingly being obtained through procurement. It is therefore important that purchasers ensure that the risks inherent in any particular procurement are properly identified and that efficient and effective systems are in place to manage any risks that arise.

Risk can rarely be eradicated but they can be managed. Risk management requires a planned and systematic approach to identifying, quantifying and controlling risk. Risk management systems provide a framework and a range of techniques for assessing the costs and benefits of reducing risk.

All procurement is susceptible to risk. Good risk management will identify the likelihood of a misfortune occurring, predict the consequences and identify the options available for controlling the risks together with associated costs.

The risks the Department is exposed to are not confined to those with a financial consequences. For example, the consequences of late delivery of brochures costing a few thousand pounds for a Ministerial launch are likely to be greater than a non-critical computer system failing to operate correctly on day one of its installation, even though the cost of the latter procurement is far greater. Good risk management will enable the degrees of risk and their consequences to be set in the context of Departmental priorities.

In procurement, it is important to identify and assess risks in the business case, in the contract strategy and in the contract management arrangements. The earlier in the contractual process a risk can be identified, the greater the level of control over it and the lower the cost of making provision for it in the contract.

Risks can change over time. Where contracts are of longer duration, they need to make provision for this and give sufficient flexibility for the changing risk to be effectively managed.

E.7.3 Allocation of Risk

Risks should be allocated to whoever is able to manage them at the lowest cost.

One of the key features of public private partnerships is the transfer of risk to the private sector partner. This is achieved by harnessing private sector management skills and is appropriate whenever it is genuinely possible to transfer control over a project and the associated risks to the private sector without disproportionate costs.

At the other end of the scale, transferring risk can be as simple (and hopefully as automatic) as ensuring that goods come with a manufacturer�s guarantee.

Often, the supplier is best placed to handle risk. DTI�s General Terms and Conditions ensure that, in the main, liability rests with the contractor. Specifications should also ensure that, as far as possible, risks are transferred. Making suppliers liable for the consequences of poor risk management often provides an incentive to improve performance, particularly management effort. The contractor's performance will nevertheless still need to be monitored because if the contractor fails to take remedial action the Department may have to resolve the problem itself (possibly by commissioning someone else to do the work).

However, risk should not simply be transferred for its own sake. The Department could find itself paying for inappropriately transferred risks through higher charges. Making suppliers liable for the consequences of risks which they have no chance of managing is likely to be not only costly but also futile.

Where there is doubt about where responsibility for managing a risk should lie, compare the cost of transferring the risk with that of retention. Obviously, the cost of transfer from one party to another should not exceed the cost of retention. The cost of performance bonds and insurance needs to be taken into account and, because the Crown usually indemnifies itself, the notional cost of that self indemnity should be included when comparing management of risks in-house (or by another Government Department) with external contractors.

E.7.4 The Risk Management Process

To manage risk successfully you need to:

identify the risks to which the Department is exposed;
quantify the magnitude of the exposure and the probability of the risk occurring;
assess whether it is more practical and economical for the Department or the supplier to manage various tasks and allocate them accordingly;
identify possible options for controlling retained risks and appraise their costs and benefits; and,
agree and implement a risk management strategy.

E.7.5 Financial Stability of Contractors

The financial stability of the contractor is a key consideration if a contract:

is of large value
is of long duration
is high profile, or
involves significant other risks.

For guidance on procedures for assessing the financial viability of a potential contractor see Section E.4.16 - Conducting a Financial Appraisal.

E.7.6 Other Procurement Risks

Identification of risks is central to putting effective risk management arrangements in place. This requires expertise and an enquiring open-minded approach to risk analysis.

Risks can arise in relation to the inherent nature of the products or services being acquired and the methods of manufacture, delivery and performance used. Risks can be affected, adversely or for the better, by the procurement options used, particularly where there are choices, e.g. between purchase, hire, rental or partnering arrangements.

Consider the risks relating to dishonesty of contractors or their personnel, professional liability, security of information handling and infringements of intellectual property rights.

There can also be issues relation to consequential risks, such as product liability, Departmental public liability or environmental impact.

The above examples are by no means exhaustive. Take advice from those with expertise in the particular market. For large or particularly sensitive projects it can be advisable to procure specialised risk management expertise (see Section E.7.10 - Additional Information and Advice).

E.7.7 Risk Analysis

To enable decisions to be taken about the amount of resources allocated to risk management it is important to identify both the probability and the consequences of a risk occurring. This is what is meant by risk analysis.

The outcomes from a risk analysis can conceptually be ranked in terms of the priority to be attached to a risk management strategy, as follows:

Table E.7-1: Ranking Risks

	Serious Consequences	Moderate Consequences	Insignificant Consequences
High Probability	High Priority	High Priority	Medium Priority
Medium Probability	High Priority	Medium Priority	Low Priority
Low Probability	Medium Priority	Low Priority	Low Priority

For an effective risk analysis you should initially:

identify the main areas of risk inherent in the procurement
identify other important uncertainties affecting the main costs and benefits
make at least broad quantitative judgements about the consequences of each risk, paying particular attention to those risks with the greatest range of possible outcomes (particularly relevant when new technology is involved) and to those whose outcomes may be irreversible
make at least broad quantitative judgements about the probabilities of the risks occurring, paying particular attention to those risks with the most serious consequences.

Guard against over optimism in the assessment of both the probability of a risk occurring and its consequences. Make appropriate allowance for any possible bias by checking the objectivity of your sources of information and looking at evidence from similar projects in the past.

Test the effects of different assumptions. A "sensitivity" analysis of how particular assumptions would affect particular project outcomes can be used to determine the viability of options for managing the risks and for identifying the point where a particular risk management option ceases to be viable because the costs outweigh the benefits ("switching point"). For complex projects, straightforward sensitivity analysis may not be adequate. In these cases the study of different "scenarios", might be justified.

For high value, high-risk projects consider whether a pilot project or more research is justified. Letting a short contract, with the option of a long extension if the pilot project is successful, can be a way to both manage risks and encourage the supplier to reduce them.

E.7.8 Reducing Risk

Risk management is not only about transferring risk to those best able to manage it but also about reducing the overall risk. By considering risk right from the outset, i.e. at the business case stage, there can be an opportunity to redefine the requirement, adapt the procurement strategy and develop the project management approach in such a way as to avoid or eliminate some risks altogether.

Among the factors to be considered are:

the case for a more flexible requirement or design
the case for a more flexible project which avoids commitment until nearer the completion date
the scope for better contractual arrangements
the availability of options offering greater certainty (including the option of not proceeding), if variability of outcome is the key risk.

Risk management is also about learning by experience. Ensure that, for any substantial procurement project, arrangements are in place for post project review, and that this draws out any important lessons about risk for the benefit of future procurement exercises.

E.7.9 Contingent Liability

One particular risk is that of contingent financial liability for the Department if a particular set of circumstances arise. Special procedures may have to be followed if the liability is large (in excess of �100k) and arise outside the normal course of the purchase and supply of goods or services in the discharge of the Department's business as authorised by Parliament (see Government Accounting).

Whenever such a risk is identified consult the relevant Resource Assistance Director in FRM. Where losses arise the procedures set out in the Accounting Memoranda should be followed.

E.7.10 Additional Information and Advice

Detailed guidance is provided the "Management of Risk, A Strategic Overview", (The "Orange Book") published by HM Treasury in January 2001. This document is also available in Adobe Acrobat version.

Further advice can also be obtained within DTI as follows:

on buildings and related assets consult the Building Facilities Management Unit of IWS Directorate to determine your responsibilities
on public liability and protective security consult the Corporate and Security Policy Unit of IWS Directorate
on capital expenditure proposals (except IT) consult FRM
on IT consult the Business Project Advisory Services of IWS Directorate.

Where the potential risks are likely to be large and you have insufficient expertise to carry out a risk analysis consult either your Directorate�s Economist (if you have one) or obtain external assistance from suitably experienced management consultants.

| index |