Assurance levels that work together improve project delivery outcomes

Welcome to the fifth blog in our series on The Teal Book: Project delivery in government.

Each post will provide a short 5-minute introduction to one of the book’s parts or chapters. Every blog will be written by one of the authors, sharing their personal take on what it covers and how it can help you, as someone working in project delivery.

When we set out to write The Teal Book, our goal was simple: to provide a clear, practical and authoritative guide to project delivery in government that builds on the expectations of the functional standard. This blog looks at the role of assurance in the governance and management of programmes and projects, drawing on chapter 4 of The Teal Book, ‘Governance and management’. It also helps to dispel some common myths about assurance.

Why assurance should matter to you

If you manage, direct or oversee programmes and projects, assurance is one of the main ways you can:

• protect outcomes for users and citizens
• give confidence to decision making bodies such as ministers, boards and Parliament
• support value for money and sound use of public funds, alongside appraisal
• manage risk in line with the Orange Book
• generate reliable evidence and insight, supporting evaluation

Assurance that is designed well helps you make better decisions, earlier. It highlights issues while they can still be fixed. It improves the integrity of information that senior leaders rely on. It reduces surprises at gates, approvals and scrutiny points.

Assurance that is designed badly can feel like the opposite. It can be fragmented, repetitive or overly focused on process. Reviews may overlap or leave gaps. Activity is not always clearly aligned with decisions. At that point assurance can feel like something done to projects, not something done for them.

Assurance is not a bureaucratic hurdle

In many organisations, assurance can still be seen as a bureaucratic hurdle: a compliance exercise that slows delivery or just ticks a box.

This usually reflects:

• weak or unclear assurance frameworks
• a focus on templates and process rather than insight
• a lack of shared understanding about what assurance is and why it matters

When assurance is treated as an afterthought, it sits outside day-to-day delivery. Reviews arrive late, add little value, and can become confused with, or duplicated by, formal approvals.

In reality, assurance is integral to good governance, as set out in functional standards, The Teal Book and Orange Book. It should sit alongside prioritisation, authorisation, direction and oversight as part of how you run programmes and projects.

Done well, assurance:

• gives senior leaders and stakeholders confidence that work is under control
• supports safe, successful delivery of policy, strategy and objectives
• provides insight, not just information, about whether risk is being managed within appetite
• improves the quality, reliability and timeliness of evidence for decision-making

What we mean by ‘assurance’ in government

The common cross‑government definition of assurance is:

A general term for the confidence that can be derived from objective information over the successful conduct of activities, the efficient and effective design and operation of internal control, compliance with internal and external requirements, and the production of insightful and credible information to support decision-making. Confidence diminishes when there are uncertainties around the integrity of information or of underlying processes.

There are a few important points in this definition:

• assurance is about confidence
• it is based on objective information, not opinion alone
• it covers both how things are designed and how they operate in practice
• it links directly to decision-making

It is the mechanism that tells you whether the controls, plans and delivery approach you are relying on are actually working, and whether the information you receive is trustworthy.

Assurance is broader than reviews

Assurance is not just about formal reviews such as gate reviews or independent assurance. Reviews are one important tool, but assurance is broader. It is a continuous process throughout the life of a programme or project.

It helps to think of assurance as something provided to an individual or group, typically senior leaders, boards or key stakeholders. Additionally, it is not delivered by a single person or team. It comes from different people, each bringing their own perspective and expertise.

In programmes and projects, assurance is usually provided by delivery teams, organisational functions and independent bodies.

Delivery teams

Those managing delivery check that standards and practices are being followed in line with the agreed governance and management approach.

Organisational functions

Functions such as finance, commercial, digital, analysis and risk confirm that those managing delivery have designed an appropriate governance and management approach, that it is in place and operating as intended.

For example, the digital function could assure that technology solutions are accessible and secure and follow the Technology Code of Practice by the Government Digital Service.

The commercial function could assure that procurement processes comply with regulations, contracts deliver value for money and supplier performance is managed effectively.

Independent bodies

Internal audit, portfolio offices, central assurance teams or external reviewers provide additional objectivity on the effectiveness of assurance from delivery teams and organisational functions.

When these sources of assurance are aligned and coordinated, they give a richer, more reliable picture of delivery, risks and controls. When they are not, they can duplicate each other, miss key risks, and increase burdens on teams without improving confidence.

How assurance supports decision-making

Assurance activities, including reviews, provide evidence and insight to support decision-making at formal gates in the project delivery life cycle. Gates are decision points where decision‑makers consider whether to proceed, pause, change or stop.

For example, ahead of an investment decision, an assurance review might look at:

• whether the business case is robust and follows Green Book guidance
• whether key risks are understood and managed appropriately
• whether delivery plans, benefits and outcomes are realistic

The review does not make the decision. It strengthens the information that decision‑makers rely on. This distinction is important. If you are planning a gate, you should also plan the assurance you will need in advance, so that decision‑makers get timely, targeted insight instead of last‑minute surprises.

How many levels of assurance should there be?

We describe assurance in levels. This is sometimes called ‘three lines of assurance’ or ‘three lines of defence’. The exact terminology is less important than the outcome: clear, non‑duplicative sources of confidence for decision‑makers.

To support good governance, there should usually be at least three levels of assurance provided for the individual or group that holds ultimate accountability. In large or complex programmes, there can be four or more levels.

Multiple levels may be provided by organisational functions and independent bodies, depending on:

• the organisation’s governance arrangements
• the scale, complexity and profile of the work
• the agreed risk appetite and tolerance for the programme or project

In major programmes, assurance is often provided for several senior roles or key stakeholders, for example:

• a project director for a constituent project
• the senior responsible owner (SRO) for the programme
• the sponsoring department or portfolio board

When you look across the whole programme, it may appear that there are many levels of assurance. In practice, these are separate assurance structures for different accountabilities and interests.

Each assurance level should be:

• clear about who they are providing assurance to and for what purpose
• coordinated, so activity is proportionate, scheduled sensibly and integrated
• non‑duplicative, so different providers do not ask for the same evidence in slightly different forms

If you are designing assurance for a programme or project, your task is to make these levels work together. That means planning assurance alongside governance, risk and control from the start, not bolting it on later.

What you can do next

Whether you are an SRO, project lead, member of a sponsoring body or member of a functional team, you can:

• map who is providing assurance to whom, and at what level, to spot overlaps and gaps
• use The Teal Book and Orange Book to test whether your approach is proportionate to the risks and aligned with functional standards and Managing Public Money
• involve assurance providers early when planning major milestones or gates

Assurance is not just a requirement. It is one of the most practical tools you have to improve delivery, protect outcomes and provide confidence to those who are ultimately accountable for spending public money.