How to apply the Digital Investment Governance Framework
Who does the Digital Investment Governance Framework (DIGF) apply to?
All Queensland Government agencies must follow the DIGF. Queensland Government Statutory Bodies and Government Owned Corporations (GOCs) should have regard to the intent of the DIGF and may choose to adopt the DIGF where appropriate.
Which digital investments does the DIGF apply to?
The DIGF applies to digital investments with the exception of low risk/value investments. Low risk/value investments will not be monitored or tracked by the Queensland Government Customer and Digital Group (QGCDG) within the Department of Transport and Main Roads. It will be the agencies’ responsibility to ensure these investments follow the digital investment principles, align to digital strategic priorities (where possible) and appropriate assurance and governance is applied.
For completeness, all digital investments should still be registered with QGCDG once established as a project or program. QGCDG will work with agencies to ensure accurate records of the initiatives (e.g., moving between stages, tranches, closure) are maintained. If in doubt whether your investment is subject to the DIGF, contact OAI@chde.qld.gov.au for assistance.
The digital investments that are not deemed low risk/value will be required to follow the DIGF. These investments include:
- Cabinet Budget Review Committee (CBRC) funded investments (no exceptions), or
- investment assessed as assurance level 3 and 4 (no exceptions), or
- all investments greater than the Director-General thresholds defined by the Project commencement approval policy.
- investments deemed a high risk, (including those under the dollar thresholds), by an agency, the Chief Customer and Digital Officer (CCDO), Queensland Treasury or the Department of Premier and Cabinet (e.g., initiatives with significant privacy, security, and human rights implications).
Excluded digital investments which are not required to follow the DIGF include:
- replacement of an existing application or technology using a like for like service and deployment model that is above the Project Commencement Approval policy thresholds and an exemption is granted from the CCDO, or
- operational technology (OT) that detects, monitors or controls industrial equipment, assets, processors or events, unless nominated for inclusion by an agency. As these investments primarily relate to heavy infrastructure or industrial infrastructure, they will be covered by other investment assessment and governance frameworks. Examples of these investments would include heavy infrastructure (buildings, roads, bridges, tunnels, rail, etc.) and industrial infrastructure (medical equipment, industrial machinery, physical security, etc.) across sectors such as education, health, transport, water and energy.
For a digital investment that is not in-scope, an agency is still required to ensure:
- registration of the digital investment with Office of Assurance and Investment (OAI) occurs
- digital investment principles are applied
- digital strategic priorities are applied (where possible) and appropriate policies are applied
- best practice project and program management is applied
- Gated assurance process is applied (once assurance profiling tool submitted to QGCDG, further QGCDG reviews and reporting are not required). An agency may request a review or guidance from the QGCDG concerning the investment
- Queensland Government Enterprise Architecture (QGEA) framework, tools and guidance are applied.
The DIGF has been designed to allow initiatives to enter at any step, particularly where they become in scope due a change. The agency is required to notify the QGCDG as soon as possible of a change in status for their initiatives, and a decision will be made as to whether the DIGF is to apply to the digital investment from that point onwards. QGCDG will work collaboratively with agencies to determine what governance activities are required for each initiative.