A Guide to Project Gating for IT-Enabled Projects

Treasury Board of Canada Secretariat
Chief Information Officer Branch
Independent Review Program

Table of Contents


This guide is intended for public service employees who are part of project teams for large information technology (IT)-enabled projects within the Government of Canada. This guide examines, in particular, the project gating process—one of the key underpinnings of the independent review program introduced by the Treasury Board of Canada Secretariat (TBS) to overcome the problems that have led to the failure of some large IT-enabled projects since the 1990s. This guide also explores the use of independent project reviews. These reviews are performed in tandem with the project gating process and are crucial to the overall success of IT-enabled projects.

1. Introduction and Background

1.1 Purpose of this guide

Following the Office of the Auditor General's audit of large IT projects and report, TBS issued a report in 2007 entitled Improving IT Project Performance: Conception, Assessment and Monitoring, in which it identified three major factors that contribute to project failures:

  • Project conception that results in unwise approaches;
  • Unsupportive project environments that contain barriers to success; and
  • Project participants who lack the necessary qualifications or experience for IT-enabled projects.

In response to the Auditor General's report, the Standing Committee on Public Accounts issued a report on large IT projects in , in which it endorsed the findings and recommendations of the Office of the Auditor General's audit and made further recommendations on several issues.

As the IT investments in systems and infrastructure of the 1970s and 1980s come due for renewal, new structures are required for service delivery to meet increasing public expectations. The use of IT is now pervasive, having moved from a back office role to front-line direct interaction with the public for service delivery. Moreover, during the past decade or so, Internet-based systems have become catalysts for change and business transformation, with attendant privacy and security issues. All of this increases the pressure to have IT-enabled projects succeed.

TBS, acting on the Standing Committee's recommendations, has developed a suite of guidance and tools, in support of the Treasury Board Policy on the Management of Projects, to enable better departmental governance and oversight of large, complex IT-enabled projects. Central to these recommendations is the use of project gating and independent reviews.

A gating framework defines points during the life of a project, from the early concept to post-implementation phases, when executive management carefully considers the project status and grants approval to proceed to the next decision point or "gate." Early project examination is especially crucial. A number of past federal government undertakings did not receive proper scrutiny at the project's conception and initiation phases and were eventually proven to be fundamentally unwise.

Project gating is most successful when used hand-in-hand with independent project reviews. These are critical assessments of a project conducted by experienced and qualified people who are at arm's-length from the project. A defined gating process clarifies when reviews should be performed and which issues should be examined at those points in time, while still allowing flexibility for ad hoc or "health check" reviews. Independent reviews are most helpful when they are timed to provide assessment immediately before a decision is required at a project gate, thereby supporting the gating process.

Project gating and independent reviews are not new practices. Though used to varying degrees in government and the private sector in the past, they have generally lacked the necessary understanding, consistency, discipline, and rigour to be fully effective. What is new is the proactive institutionalization of these practices and application of consistent formal disciplines and tools, driven from the top of organizations and backed by executive commitment and engagement.

TBS's Chief Information Officer Branch (CIOB) provides guidance to departments and agencies on the application of project gates and independent project reviews in accordance with Treasury Board policies and directives. CIOB develops, updates, and continuously improves the guidance and tools based on the industry's best practices and lessons learned from the reviews performed.

This guide explores project gating—one of the most powerful ways that an organization's executive team can formalize oversight of a project. The best practices and tools developed by TBS CIOB and described here are informed by the positive work experiences and benefits that have accompanied project gating elsewhere. Many departments and agencies of the Government of Canada have already begun implementing some form of gating as a method of improving project results.

Departments and agencies need to institutionalize and formalize the notion of executive oversight and active governance of IT-enabled projects if project results are to improve. This guide is designed to support that objective.

1.2 IT-enabled projects—Making decisions, managing challenges

A project has clear, well-defined outcomes to be achieved. A project has a beginning and an end—it is not an ongoing process or activity. The activities required to achieve a project's goals are determined in advance, estimated, and sequenced into a project plan. All project participants report progress against the plan, and management is responsible for adjusting the plan if milestones are missed or circumstances change. Many organizations characterize projects as "investments" to convey the notion that they are expected to produce a defined benefit.

An IT-enabled project is a project that has an IT component that is critical to achieving the intended business outcomes. The following are examples of IT-enabled projects:

  • Projects to implement or modernize program delivery to the public;
  • Projects to implement internal administrative systems and processes, such as for finance or human resources management; and
  • Projects to implement databases and systems used for a variety of purposes, ranging from policy development to financial reporting.

Project environments are quite different from the ongoing operation of a business activity because large IT-enabled projects present special challenges:

  • They generally unleash pervasive business change across entire organizations;
  • They can involve numerous stakeholders across departmental and jurisdictional boundaries due to the project's horizontal organization;
  • They have to be implemented into complex existing operations;
  • They need executive decisions to be made in "project time" because of significant project operating costs; and
  • They depend on a level of management and business rigour to which many are unaccustomed.

The landscape of IT-enabled projects in government contains many examples of executives making well-intentioned but misguided decisions or failing to identify necessary actions regarding future project directions. Governance models and project assurance functions deployed in government are frequently either passive, come into effect "after the fact," or aim to resolve only narrow management or technical issues. Too often, they are not able to support timely and informed senior executive decision making. Risks are often downplayed or simply accepted without any associated plan for mitigation.

The use of project gating and independent project reviews, however, strengthens senior executive accountability over projects.

  1. The implementation of a formalized project gating structure and process subjects a project to senior management scrutiny at predetermined points in its life cycle to ensure the project's readiness to continue to the next gate. Central to this process is the discipline of the gate decision meeting.
  2. Formalized independent project reviews performed at predetermined points during the project's life cycle allow for review results and recommendations to support decision making at relevant gate decision points.

Gating and independent reviews provide key input for making important decisions about corporate investment management and resource allocation. The significance of gating and independent reviews should not be underestimated. Gate decision meetings, as an instrument of departmental governance, ensure that project decisions are prudent and taken in the full context of the overall investment portfolio. They also ensure that resources are appropriately allocated in accordance with the informed participation of senior executives.

1.3 Overview of this guide

This guide contains the following main components:

  1. Introduction and Background: This chapter presents recommendations from TBS CIOB's independent review program to overcome problems identified by the Office of the Auditor General with large IT-enabled projects and best practices for project oversight.
  2. Gating for IT-Enabled Projects: This chapter explores the gating process from project phase, project life cycle, and project gate through to the gate plan, gate definition, and gate decision meeting. This chapter also examines the use of independent reviews, a practice that should accompany the gating process for best results in implementing IT-enabled projects.
  3. A Project Gating Framework: This chapter explores the seven gates that large IT-enabled projects pass through—from concept through to post-implementation review—in order to provide an informed assessment of progress and issues, and to ensure that projects are on track before proceeding to the next gate. In addition to the full gating framework, there are also shorter streamlined gating and light gating frameworks for cases that do not require overly rigorous assessment.
  4. Conclusion: This chapter sums up the project gating process and use of independent project reviews, the key elements of TBS CIOB's recommended guidance for the executive management of IT-enabled projects.
  5. Appendices: Four are included. The first appendix contains a figure depicting the seven-gate model applied to a sample project. It shows the positioning of gates relative to the classic project life cycle (PLC) and systems development life cycle (SDLC) as well as the juxtaposition of workshop reviews and health check reviews. The second appendix defines the sustaining, tactical, evolutionary, and transformational classes of projects. The third appendix contains a list of abbreviations used in this document. The fourth appendix lists Treasury Board policies, policy instruments, and other resources of interest.

2. Overview of Gating Best Practices for IT-Enabled Projects

2.1 The gating process

Effective executive-level discipline and control over large and complex IT-enabled projects require that projects be structured in a manner that allows those accountable to clearly, comprehensively, and objectively assess how the project is performing against planned goals at all stages. The Treasury Board Policy on the Management of Projects makes it clear that the deputy head is accountable for project expenditures and outcomes.

Two elements are critical to ensuring effective results: dividing the project delivery process into a series of manageable phases and ensuring that resource implications and results are made fully visible to executives at logical, predetermined checkpoints or "gates." Gates afford executives the opportunity for informed assessment of progress and issues, ultimately leading to better decisions on future plans and investments.

A project phase is a period of time during which a logical grouping of activities will be performed and deliverables completed and approved (deliverables are tangible, verifiable work products). Traditionally, projects have been divided into discrete phases such as conception, planning and design, execution, and closing. Collectively, project phases represent the project life cycle.

A project gate is a key decision and control point that occurs before the next major milestone or deliverable (e.g., business case) or a new project phase (e.g., implementation) begins. The gate represents a logical point at which executive "gatekeepers" can determine whether and how to proceed. Project gates effectively "open" or "close" the path leading to a subsequent project phase. Gates also provide an opportunity to assess the quality of work to date and to alter the course of the project and take remedial actions as necessary.

A gate plan identifies in advance when gates will occur in the project schedule. The gate plan is established at the onset of the project and not later than the point at which the business case is approved. The plan is normally reconfirmed at each subsequent gate. The gating strategy sets out a series of checkpoints throughout the project's life cycle at which, as a result of progressive elaboration, the following is expected:

  • A greater degree of detail for project definition and planning;
  • Fewer uncertainties and unknowns;
  • An increased number of mitigated risks;
  • More precise estimates; and
  • A greater understanding of the specific business outcomes, including how they will be assessed.

As the project proceeds, subsequent gates are reconfirmed with each gate decision. The probability of success is lowest at the start of the project, when risk and uncertainty is highest. As a general rule, gates should occur at points when the project is expected to have progressed significantly—as evidenced by documented results—in terms of the previously listed checkpoints.

A gate definition is prepared for each gate. It describes the purpose of the gate, issues to be addressed, items for assessment, and expected deliverables. For full details on the individual gates in TBS's recommended gating model, see Chapter 3, "A Project Gating Framework."

The practice of gating provides reasonable assurance of a successful project outcome by requiring continuing executive intervention and informed decisions at significant, predetermined points in the project's life cycle.

The gate decision meeting convenes a forum of key stakeholders and resource owners, as necessary, to decide whether the project will pass through a given gate and proceed to the next phase and what conditions, if any, will apply. For large IT-enabled projects, attendees at the gate decision meeting make a recommendation to the deputy head on whether to continue the project or not, since this is a decision that is made at the departmental level.

The gate decision meeting is convened by the project sponsor (typically the deputy head or assistant deputy minister (ADM)–level business owner of the large IT-enabled project). All gatekeepers designated for the project—usually a limited number of key executives representing stakeholders and resource owners—must attend. In some departments and agencies where project oversight is institutionalized, a standing executive committee is formed to examine all projects at all gates.

Meetings are scheduled in a timely fashion to avoid delaying the project and causing it to incur unnecessary costs. Gatekeepers are expected to be knowledgeable and well informed with respect to their areas of responsibility and to personally attend meetings fully prepared to make necessary and timely decisions.

In preparation for gate decision meetings, participants should be informed of and able to confirm the following:

  • The business imperative, strategic alignment, and business case;
  • Project performance up to the gate in question, including confirmation of delivery and acceptance of expected deliverables;
  • The appropriate mitigation of risks, management of changes, initiation of action plans to address outstanding issues, and identification of any requirements for broader mid-course corrections;
  • The scope and detailed plan for the next phase and the criteria to be met before proceeding to the next gate;
  • An updated high-level plan to take the project through the remaining steps to successful completion; and
  • The necessary supporting action and decisions, including firm resource allocation commitments.

The gatekeepers assess all input from the project team, stakeholders, and, if applicable, third parties (such as those from assurance or review functions). The outcome of the meeting is a decision on whether the project passes the gate unconditionally, passes with conditions, or is suspended or terminated. Additional decisions may deal with specifics relevant to how the project will move forward.

The gate decision meeting is also an opportunity to assess the adequacy of the monitoring and control mechanisms in place for the project and to plan advisable reviews.

The gating process should never delay a project unnecessarily. It is recommended that projects be stopped only if there is little or no possibility of attaining intended outcomes with the current course—or suspended and restarted if a fundamental change in approach is required. With an effectively managed gating process, such decisions would typically occur only at the earlier gates. Care must be taken to ensure that routine project management decision making is not delayed pending the outcome of formal executive-level gate decision meetings.

2.2 Independent project reviews

For gated projects, an independent review report can provide important input to a gate decision meeting. In the past, independent reviews were often commissioned on an ad hoc basis to provide reassurance—especially when the project appeared to be failing. A more proactive approach (incorporated when the project sponsor establishes a project gate plan) includes an independent review plan that identifies the gates for which independent reviews will be a prerequisite of the gate decision process. These reviews are not intended to supplant normal project monitoring or assurance measures (e.g., Independent Verification and Validation, or IV&V, and audits).

Independent project reviews are intended to uncover issues that may not be evident or effectively managed at the project level or are not being advanced sufficiently by the project and its stakeholders. Review deliverables, such as presentations, are structured so as to provide timely, constructive, action-oriented recommendations and advice as input to the gate decision process. Independent review findings are normally dealt with at gate decision meetings.

Reviewers who can apply a fresh, unbiased, dispassionate, executive-level assessment of a situation—harnessing their individual experience and judgment to perform the assessment—are essential to the success of the independent review practice.

The methodology and approach of TBS's independent review program is designed to enhance the consistency, integrity, and effectiveness of the independent review process and to enhance the value of project success. It does so by incorporating the following:

  • A holistic view with an executive decision-making focus. The review considers the total project situation from the business imperative, strategy, and approach through to environment, resources, technology, project execution, and forward planning.
  • Brief and intensive execution (typically one to six weeks). The goal is to ensure that the review's output is available as timely input to decision making at predetermined gates. The independent review approach is not exhaustive; it is targeted and probing and is designed to minimize the burden on the project.
  • An experience-based approach. This is achieved by using executive-level reviewers with proven qualifications. TBS CIOB maintains pools of reviewers who have met the prescribed qualifications. Reviewers are ultimately selected by the review sponsor from these pools of qualified reviewers.

The Independent Reviewer's Handbook provides details about TBS's independent review program and methodology.

3. A Project Gating Framework

3.1 The seven-gate model and its variations

This chapter describes the gating model recommended by TBS as a process to ensure that IT-enabled projects are on course for success. The full gating model defines seven gates. In addition to the full gating model, there is also a streamlined five-gate model for projects of medium size and complexity and a light three-gate model for smaller, low-risk projects. The streamlined and light gating models combine certain gates and provide feasible alternatives if less rigorous project assessment will suffice.

To give executives who are accountable for large and complex IT-enabled projects effective discipline and control, it is recommended that such projects be structured to provide for a clear, comprehensive, and objective assessment of how the project is performing against planned objectives at all stages. Key to success is ensuring that resource implications and results are visible to executives at logical predetermined checkpoints or "gates." Gates provide the opportunity for an informed assessment of progress and issues. This permits executives to make better decisions on future plans and investments.

The gating model recommended by TBS draws upon ideas from the United Kingdom's Office of Government Commerce (OGC) Gateway Process and the Province of Ontario's IT Project Gateway Review Process as well as components of the Stage-Gate Process adopted by several departments. All of these frameworks and methodologies are tried and proven. However, the TBS-recommended gating model also takes into account the decentralized and less standardized environment that exists in the federal government and the larger size of typical IT-enabled projects (compared with provincial jurisdictions and most private sector organizations). This includes the tendency in the federal government to procure project components piece by piece rather than all at once for the complete project or business service.

The full gating model defines seven gates that might logically be present in every project. Its actual application, however, will depend on each case. The seven gates are:

  • Gate 1—Strategic assessment and concept
    • For confirmation of the project's objectives—both what is to be done and why—and the identification of key stakeholders
  • Gate 2—Project approach
    • For confirmation of how the project's objectives will be achieved
  • Gate 3—Business case and general readiness
    • For confirmation of funding and business outcomes
  • Gate 4—Project charter / project management plan (PMP)
    • For confirmation of resources, support, and governance
  • Gate 5—Detailed project plan and functional specifications
    • For confirmation of readiness to proceed with construction
  • Gate 6—Construction complete and deployment readiness
    • For confirmation of readiness to deploy for both business and IT domains
  • Gate 7—Post-implementation review
    • A post-mortem and final step to gather lessons learned

The seven-gate model described in this guide, along with other gate models that may be in use, follow similar principles. Gates are created such that at each successive gate, the project becomes more precisely defined, and uncertainties and risks become clearer and are resolved or mitigated. The project is also expected to have made certain accomplishments, indicated by project progress documents that permit an assessment to be made of the project's state and its readiness to proceed to the next gate.

In addition to reviews associated with a gate, health check reviews or workshop reviews on particular issues may also occur at other times. The figure in Appendix A, "Gating," shows the positioning of gates relative to the classic project life cycle (PLC) and systems development life cycle (SDLC). The choice of health check and workshop reviews in Appendix A are merely examples, whereas the gate reviews are shown where they would typically occur.

While the SDLC follows a traditional waterfall methodology, the positioning of gates can be adapted to various methodologies, overlapping phases, and multiple-release projects. (A waterfall methodology is one in which the entire scope of the project passes through each phase before work begins on the next step. This is the opposite of the iterative methodology in which an initial solution that meets only part of the requirement is developed and implemented, followed by subsequent cycles of development and implementation.)

Deciding which gates to use for a project is important. In departments where there is an executive-level oversight group for project or investment management, this group may make a decision based on its assessment of the project's risk or complexity. In other departments, the decision may be left to the project sponsor.

The best practice is that all projects go through all seven gates. If a less rigorous course is considered acceptable, then streamlined gating and light gating are viable options (charts of streamlined gating and light gating appear below). Independent reviews are performed at gates where an external opinion is felt to be beneficial. On large and/or long-term projects, it is recommended that at least one independent full review be done each year. The publication Review Topics for Enquiry provides the reviewer with a comprehensive summary of issues for consideration, depending on the circumstances at hand. Lines of examination can be selected as appropriate to the applicable gate and review type.

The review at each gate point can take different formats, ranging from a workshop style to a quick review, health check review, or full review. The workshop and quick reviews are most suitable at early project stages, and the more elaborate full review is more suitable in mid-project or late in the project, particularly if a very thorough examination is needed.

In the tables that describe each of the gates, percentages indicate the accuracy of project estimates that reviewers should normally expect to find. At each gate, two estimates are examined: an estimate for the entire project and an estimate of the work required between the most recently completed gate and the next gate. The first is the estimate for the total project effort. As a rule, this estimate would change from an extremely rough approximation during the early gates when the project is still a concept to an increasingly accurate estimate at later gates, until it finally reduces to an estimate of ±15 per cent at Gate 5, just before construction starts.

The second estimate forecasts the work that needs to be done before the next gate. Since this is work that is about to begin immediately and most issues should be known, the estimate should be accurate (±10 per cent); this requirement appears in the "Supporting items" section of the table.

It is important not to confuse these two different estimates—one is for the project overall, and the other is for the work necessary to arrive at the next gate.

Here are three project phase and gating models:

Figure 1: Gating Model 1: Full gating for very large and highly complex projects
Graphic illustrates full gating. Text version below:
Figure 1 - Text version

This graphic illustrates full gating for large and highly complex projects. It is recommended that a project of this scale employ a full seven-gate model. The seven-gate model includes the following gates in order from beginning to end: Concept, Approach, Business Case, Project Charter, Detailed Plan, Construction/Deployment, and Post-implementation.

Figure 2: Gating Model 2: Streamlined gating for projects of medium size, risk, and complexity
Graphic illustrates streamlined gating. Text version below:
Figure 2 - Text version

This graphic illustrates streamlined gating for projects of medium size, risk, and complexity. It is recommended that a project of this scale employ a streamlined five-gate model. The five- gate model includes the following gates in order from beginning to end: Approach, Business Case, Pre-construction, Pre-deployment, and Post-implementation.

Figure 3: Gating Model 3: Light gating for small, low-risk projects with little complexity
Graphic illustrates light gating. Text version below:
Figure 3 - Text version

This graphic illustrates light gating for small, low-risk projects with little complexity. It is recommended that a project of this scale employ a light three-gate model. The three- gate model includes the following gates in order from beginning to end: Business Case, Pre-construction, and Post-implementation.

3.2 Gate 1—Strategic assessment and concept

Purpose: To answer the key questions "What do we want to do?" and "Why?" The objectives at this early stage are to test the wisdom and appropriateness of the proposed undertaking, and to ensure that key stakeholders are identified, and that everyone understands what is to be done and why. A half- to one-day workshop session is typical, preceded by reading of any available early project documents. The Gate 1 review seeks to arm the review sponsor with considerations that should be addressed before the next phase of the project and, in some cases, may actually dictate going back to the drawing board before proceeding further.

Review issues
  • Validation of the rationale for the project
  • Confirmation that underlying fundamentals make sense
  • Assessment that the project is doable as proposed
  • To eliminate ideas that do not make sense or will prove to be impossible to execute
Core review items for this gate
  1. Wisdom and appropriateness of proposed undertaking
  2. Articulation of the business problem and validity of the business imperative
  3. Definition and boundaries of scope
  4. Definition and measures of success
  5. Degree of common understanding about the proposal among parties involved
  6. Identification of stakeholders and extent of support and commitment for the initiative
  7. Confirmation that the project makes sense in the context of the departmental project portfolio and federal government priorities
Supporting item(s)
  1. Plan and estimate (±10%) for tasks and level of effort to next project gate
Typical input to the review

The project group provides reviewers with an understanding of why the project is being proposed, what it is intended to accomplish, and how it is defined. Supporting information to position the full context of the proposal might include reference to departmental reports and plans as well as an overview of the department's main business lines.

The following areas need to be addressed:

  • The concept and imperative of the project, including identification of the project sponsor, the business problem statement in the context of the overall business strategy, the broad scope of the project, expected general business outcomes and indicators of success, key stakeholders, general business risks, approximate sizing of the project, and critical success factors.
  • The alignment of the project proposal with departmental Program Activity Architecture, program(s) delivery, departmental plans and priorities, broader federal government or cross-departmental goals, as appropriate, and positioning of the project in the context of the departmental information management and IT portfolio (including reference to departmental architectures). The positioning might also reference TBS-sponsored shared or common services and cluster initiatives, if relevant.
Review format

Workshop review (conducting a few targeted interviews may be necessary)

3.3 Gate 2—Project approach

Purpose: To confirm that the approach to address the business problem or opportunity is wise by testing its feasibility and appropriateness. As in the Gate 1 review, this gate is not intended to be an overly burdensome undertaking and can often be performed in a one-day workshop session. The project group is expected to provide information on the approach envisaged for the undertaking—a discussion that should flow logically from the focus on the business problem and alignment issues of the Gate 1 review.

Review issues
  • Validation of the wisdom and feasibility of the proposed approach to the project
  • Experience and studies show that unwise decisions on project approach have frequently proven to be a major contributing factor to project failure
Core review items for this gate
  1. Reconfirmation of underlying business wisdom, precision of goals, commitment of stakeholders, and how expected business outcomes will be measured
  2. Project classification (e.g., sustaining, tactical, etc.). See Appendix B for definitions of project class
  3. Assessment of key elements in the approach description document, including:
    • How much redesigning will be required for the business process, model, and program delivery strategy
    • How business change will be decided upon and achieved
    • Precision of definition and scope—is the project definable and can its scope be bounded?
    • Preliminary business model
    • Extent of reuse of existing assets—systems, data, business rules, procedures, and program delivery infrastructures
    • How transition to new environments will occur for both the business program and the associated IT systems
    • Make-versus-buy considerations
    • Environment in which project will be undertaken
    • Preview of risk assessment for the selected approach
    • Preview of how project will be governed

Note: The expected level of detail for the above items relates to what is necessary to permit an assessment of the feasibility of the approach; the focus is on whether the approach is reasonable.

Supporting item(s)
  1. Reviewers would also benefit from previewing:
    • Project packaging (order of magnitude sizing [±100%]), possible technological solutions, project staging and time frames, key roles and staffing considerations, goal alignment, architectural considerations, key assumptions, and risks
    • Project environment (governance, relative departmental capacity, project culture and discipline, business ownership, executive engagement and capacity, supporting functions such as human resources, finance, procurement, etc.)
  2. Updated plan and estimate (±10%) for tasks and level of effort to next project gate
Typical input to the review
  • Information on project approach according to core review items
  • Preliminary results from a Project Complexity and Risk Assessment (PCRA) and Organizational Project Management Capacity Assessment (OPMCA), if required
Review format

Workshop review (conducting a few targeted interviews may be necessary)

Note that in some situations, particularly for smaller projects, Gates 1 and 2 may be combined.

3.4 Gate 3—Business case and general readiness

Purpose: To answer the key question "How?" The most feasible project options are considered here and the preferred option recommended. The project approach is now fully articulated. A high-level project plan has been tabled, upon which preliminary costing is based. The business case should include an investment rationale and describe outcomes to be achieved, as well as their justification relative to the proposed cost. Project cost and schedule estimates for the entire project should be in the ±40% range. (Ranges assume a typical development or integration project where there are many unknowns at the early stages. An infrastructure replacement project might have a much smaller estimating range.)

Review issues
  • Assurance that the business case is thorough, complete, and compelling
  • Confirmation that the organization is ready to undertake the project
  • To confirm that the business case is sufficiently compelling to justify, sustain, and guide the project
  • To identify any shortcomings in readiness for action before approval and confirm that key identified risks can be managed
Core review items for this gate
  1. Business case requirements:
    • Clarity of business problem statement
    • Clarity and precision of project goals—must be sufficiently clear to provide focussed outcomes, and guide what is in and out of project scope
    • Clear business justification for the project investment, including how goals can be quantified and measured, and their attainment confirmed
    • Reconfirmation of the alignment of the project with organization's goals
    • Thoroughness of options analysis, including reasonableness of costs and benefits for each option and reasonableness of selected option 
    • Indicative cost estimate and schedule
    • Estimating methodology, basis for assumptions, and sensitivity analysis
  2. Organizational readiness to undertake the project:
    • Arrangements decided upon—Project Management Office (PMO), strategies for outcome management, performance management, and risk management
    • Initial project planning under way and mechanisms in place
    • Business requirements approach fully defined
    • Preparation of environment in which to run project
    • Assessment of organizational capacity relative to project difficulty (OPMCA)
    • Evidence of intent and ability to create an environment for project success
Supporting item(s)
  1. Complete definition of the project:
    • Project complexity and risk levels, scope, size, and packaging
    • Risks, constraints, and dependencies (PCRA)
    • Architecture and technological alignment (within federal government and department)
    • Privacy issues (Privacy Impact Assessment, or PIA), security issues (Threat and Risk Assessment, or TRA), and other policy issues
  2. Updated plan and estimate (±10%) for tasks, level of effort to next project gate
  3. PCRA and OPMCA
Typical input to the review
  • Business case standard, and detailed supporting analysis and documentation
  • PCRA
Review format

Workshop review; in very large or complex projects, may be a quick review

3.5 Gate 4—Project charter / PMP

Purpose: To address business case unknowns. A complete project charter, high-level PMP, and definition of the business solution are prerequisites for this gate. Any business case unknowns should be resolved here (or a plan in place to resolve them). Project cost and schedule estimates for the entire project should be ±25%.

Review issues
  • Validation that the project charter has addressed all issues critical for a successful project
  • Confirmation that proper project governance, planning, and management are in place
  • To ensure that all necessary ingredients for successful execution are in place prior to construction and implementation
  • To reduce the risk of having to introduce quick fixes later
Core review items for this gate
  1. Reconfirmation of business case, particularly feasibility of realizing outcomes, assumptions, constraints, and dependencies:
    • Refinement of estimates and estimating assumptions
  2. Reconfirmation of readiness to undertake the project
  3. Completeness of the project charter:
    • Absolute clarity of definition, and what is in and out of project scope
    • Clarity of roles, project sponsor, stakeholders, and governance
    • Documented definition of success, business outcomes and how they will be measured, and clarity of accountability for attaining the business outcomes
    • Summary of approach, with a focus on roles, governance, and risks
    • Identification of risks and assessment of whether risks are contained well enough to proceed
  4. Definition of business solution:
    • Business architecture or model
    • Solution description, including high-level program design and business model; business transformation strategy and business process re-engineering strategy, if applicable
    • High-level functional requirements, and technical and performance requirements
    • High-level data model and data considerations
    • High-level functional design and concept of operations
    • Commercial off-the-shelf options assessment, if applicable
  5. High-level PMP:
    • Elaboration of the project plan (work breakdown structure) and link to estimated costs and schedule
    • Requirements-gathering workshop
    • Procurement plan—Is it achievable in project time?
    • Business change management strategy and ability to be absorbed by organization
    • Business deployment strategy, including data issues
  6. Skeleton PMO in place, suitable project manager identified, and key project staffing initiated
Supporting item(s)
  1. Updated plan and estimate (±10%) for tasks and level of effort to next project gate
Typical input to the review
  • Updated business case
  • Project charter standard
  • Preliminary PMP
  • Solution description
Review format

Full review for larger projects or quick review as considered appropriate for smaller, low-risk initiatives

3.6 Gate 5—Detailed project plan and functional specifications

Purpose: To confirm the completeness and feasibility of the detailed project plan and definition of requirements. Decisions to go ahead with major spending commitments and to make major procurement choices (such as issuing requests for proposals or awarding contracts) take place here. All major unknowns have been sufficiently researched to provide assurance that high-impact risks have been effectively mitigated. Estimates for the entire project should be ±15%. (Note that project contingency should never fall below 10–15%).

Review issues
  • Ensure that the detailed plan provides a firm baseline for managing and tracking, and that unknowns are reduced to a minimum
  • Assess clarity of project deliverables and accountability
  • To ensure that executive(s) responsible for the project have a clear basis for assessing progress and taking remedial action
  • To ensure that the project is ready to proceed to construction with minimal risk of delays caused by inattention to essential details
Core review items for this gate
  1. Reconfirmation of business case and project charter
  2. Detailed management plan:
    • Detailed project scope—What is in scope and what is out?
    • Project dependencies specified with appropriate commitments documented, including an assessment of impact and risk
    • Architectural plans and decisions specified (architectural review completed)
    • Business change management and detailed business deployment plans, including data migration and conversion, training, and transition plans
    • Project organizational structure and resource requirements fully defined
    • Detailed work breakdown structure
    • Traceability matrix in place for requirements
    • Detailed list of deliverables and high-level acceptance plan
    • Preliminary implementation and system migration plans, including release management plan
    • Detailed schedule, substantive budget estimates (with assumptions, contingencies)
    • Tracking, control, and status reporting set-up
    • Detailed outcomes measurement plan
    • Updated risk assessment, PCRA, and OPMCA
  3. Firm costs, refined estimates, and estimating assumptions
  4. Management and key position staffing (full PMO tool set in place)
  5. High-level functional requirements (Requirements Traceability Matrix) and design; perhaps proof of concepts and design workshops to ensure solution in principle
  6. Business change management and deployment planning
  7. Architectural, technological, and design decisions taken
  8. Procurement plans and Request for Proposal progress or documents
  9. Security certification, privacy plans. TRAs, PIAs performed; mitigations stated
  10. Acceptance and outcomes measurement plan
Supporting item(s)
  1. Updated plan and estimate (±10%) for tasks and level of effort to next project gate
Typical input to the review
  • Complete detailed project plan
  • All sign-offs on procurement requirements, TRAs, PIAs, etc., as required to allow construction to proceed
Review format

Quick or full review, depending on project

3.7 Gate 6—Construction complete and deployment readiness

Purpose: To verify that the system under development is ready for implementation and that the project is fully prepared for a successful deployment. This gate represents a major point of approval for business readiness. There may be only one or a number of sub-gates and sub-gate reviews related to construction and deployment. (Other gateway approaches reviewed tended to treat construction or construction and deployment as one gate. This is perhaps because the projects under consideration were small or because there is an assumption that construction and deployment are well understood and have relatively low risk.) Based on the given situation and the degree of risk, the department should decide on the number, timing, and focus area for intermediate Gate 6 reviews during construction and deployment. For example, depending on the project structure, a gate could be established at the completion of a major development release or at the completion of a major rollout and deployment to a specified set of users. (See "Notes on Gate 6" below.)

Review issues
  • Verification that construction is complete with user acceptance testing and migration to production firmly based on meeting acceptance criteria that support proceeding with deployment
  • Confirm that deployment teams have been established and are prepared to manage a smooth transition
  • To ensure the project is ready to proceed with deployment, and that system migration plans and ongoing support are in place
Core review items for this gate
  1. Reconfirmation that the project is aligned with departmental goals, the business case is valid, and expected outcomes will occur
  2. Construction complete and deliverables, including all documentation, accepted
  3. System migrated to production, and user acceptance testing complete
  4. Business change management, deployment, training, data migration, and conversion plans complete
  5. System migration plan validated
  6. Ongoing support and service management plans in place
  7. Vulnerability assessment complete
  8. Overall business and project readiness
Supporting item(s)
  1. Updated plan and estimate (±10%) for tasks and level of effort to project close-out
Typical input to the review
  • All sign-offs for user acceptance, production acceptance by operations, security certification and accreditation to go into production, maintenance team acceptance of documentation
  • Deployment, training, data migration and system migration plans, and vulnerability assessment approved
  • Support and service management plan
  • Disaster recovery and business resumption plans
Review format

Quick or full review, depending on project size, risk, and complexity

Notes on Gate 6

Projects may adopt a variety of phasing approaches, and not all phasing approaches will be sequential. Some may be structured with parallel phases, making the choice of gates and the scope of gate reviews more subjective. In the case of large iterative development methodologies, gates and review points would ideally be established to ensure that development is moving toward closure—that the iterations would not continue indefinitely or until the project runs out of time and money. The focus, then, is on the sign-offs against what has been delivered and on the clear agreement on what remains to be done. Examples of intermediate gates within the purview of Gate 6 include:

  • Construction release completion—In a project that is structured to have multiple major releases, it is recommended that a gate be established at the completion of one or more of these releases.
  • Mid-phase health check—A health check could be established in the middle of a project phase even if no major deliverables have been completed or decision points reached. The decision to do so might be based on some combination of dollars spent (e.g., $25 million), time elapsed (e.g., one year), and rate of expenditure (e.g., $2 million per month).
  • Construction and deployment readiness—In many projects, deployment activities and construction actually occur in parallel. In some cases, deployment occurs after the completion of construction. Depending on the nature and size of the project, a gate might be established to create a decision point about whether or not to deploy.
  • Pilot deployment and full deployment readiness—In some projects, a pilot deployment occurs immediately following the construction phase as a basis for deciding whether the system is ready for general deployment. This might be an appropriate point at which to establish a gate, depending on the size and nature of the project.

3.8 Gate 7—Post-implementation review

Purpose: To confirm completion, assess the extent to which the project has achieved its goals, and provide an assessment of value for money. This gate typically occurs approximately six months following project completion. A review at this point can also catalogue the lessons learned during the project—those identified by the project group and those captured by independent reviewers.

Review issues
  • Verify that the project was completed as planned and that the expected business outcomes were actually realized
  • Assess the degree of success for the transition to an ongoing service
  • To confirm success from a project delivery and business perspective
  • To determine what lessons might benefit the department and the broader community in future undertakings
Core review items for this gate
  1. Project delivery measured against original objectives
  2. Confirmation of the archiving of information and deliverables, as applicable
  3. Knowledge transfer and transition to successful service
  4. Completion of contractual obligations
  5. Validation of business outcomes
  6. Capture of lessons learned, including review process
  7. Project close-out report completed
Typical input to the review
  • Project close-out report
  • Business outcomes measurement plan
  • Contract acceptance reports
  • Project lessons learned
Review format

Workshop to full review, depending on project

In some cases, it may be premature to definitively determine the achievement of business outcomes during this gate. In that case, a plan might be developed to address further follow-up on the core items.

An important area for assessment is the effectiveness of the independent review itself and its positive and negative impact on the outcome of the project. It is recommended that lessons learned about project management and independent reviews be fed back to TBS CIOB for continuous improvement.

4. Conclusion

TBS CIOB has developed guidance and tools to foster best practices in executive oversight and governance of IT-enabled projects undertaken by the Government of Canada—projects that are often large, complex, and expensive.

Departments and agencies that effectively implement the project gating process described here and make judicious use of independent reviews at various project stages will greatly improve the likelihood of successfully delivering IT-enabled projects.

The recommended practices are part of an evolutionary process to change the cultural and accountability environments surrounding this special category of projects. While the project gating process is a useful tool, it is not a substitute for continuing executive involvement, leadership, and knowledge.

Appendix A—Gating

See the positioning of gates relative to the classic systems development life cycle (SDLC) in this figure on gates, workshop reviews, and health check reviews. Keep this figure in mind when reviewing the definitions of the gates. While the SDLC follows a traditional waterfall methodology, the positioning of gates can be adapted to various methodologies, overlapping phases, and multiple-release projects.

Figure 4: Sample Gates, Workshops and Health Checks Across Project Life Cycle (PLC)
Example of how gates plus workshop and health check reviews could be scheduled over the course of a project. Text version below:
Figure 4 - Text version

This graph provides an example of how gates plus workshop and health check reviews could be scheduled over the course of a project.

The top section of the graph is a linear chart that breaks the Project Life Cycle (PLC) down into phases over the course of a project. In this example, the total project length is 45 months and the project phase breakdown is as follows:

  • Initiation phase begins in month 0 and ends in approximately month 7
  • Planning phase begins in approximately month 6 and ends in approximately month 19
  • Execution phase begins in approximately month 13 and ends in approximately month 39
  • Closing phase begins in approximately month 39 and ends in approximately month 45.

The second section of the graph is a linear chart that breaks down the project according to the Systems Development Life Cycle (SDLC). In this example, the project phase breakdown is as follows:

  • Conception phase begins in month 0 and ends in approximately month 9
  • Planning and Design phase begins in approximately month 8 and ends in approximately month 19
  • Construction phase begins in approximately month 19 and ends in approximately month 32.
  • Deployment phase begins in approximately month 31 and ends in approximately month 38.
  • Support phase begins in approximately month 38 and ends in approximately month 45.

The third section of the graph contains gates plus workshop and health check reviews listed in order of the month during which they occur. The X axis of the graph shows project time in months while the Y axis of the graph illustrates the rate of project expenditure. The order of the gates plus workshop and health check reviews is as follows:

  • Gate 1: Strategic assessment and concept–Month 3
  • Gate 2: Project approach–Month 6
  • Workshop: Architecture review–Month 9
  • Gate 3: Business case and general readiness–Month 10
  • Gate 4: Project charter / PMP–Approximately month 13
  • Workshop: Requirements review–Month 15
  • Gate 5: Detailed project plan and functional specifications–Month 19
  • Workshop: Design review–Month 21
  • Health check review–Approximately month 25
  • Gate 6: Construction complete and deployment readiness–Month 33
  • Deployment complete–Month 39
  • Gate 7: Post-implementation review (6 months after deployment)–Month 45.

The graph also contains a line that traces the rate of project expenditure throughout the project life cycle. The line is similar to a standard bell curve. It increases as the sample project reaches the planning / planning and design phases, peaks in the execution / construction phases, and declines in execution / deployment phases.

Appendix B—Project Class Definitions

The Treasury Board Policy on the Management of Projects uses a project classification based on the level of complexity and risk of a project. The following table helps contextualize the project complexity and risk levels for IT-enabled projects. While each project will not necessarily correlate directly with this classification scheme, it is an important construct for understanding each project. Within the federal government, one of the most significant causes of project difficulty has been the failure to recognize:

  • The complexity and risk level of the project undertaken, and hence the management and risk characteristics associated with it; and
  • That a project may have components that are higher risk and that the project management approach should reflect this.
Project Complexity and Risk Levels for IT-Enabled Projects
Class Description Risk Considerations


  • Primary project goal is to sustain service from an existing asset by addressing aging components or deficiencies that limit its ongoing use. It is not a redevelopment.
  • Negligible new capability or functionality added
  • Business-initiated changes are likely minimal
  • Scope confined to a single system or asset within a single program and one or few stakeholders
  • Low to no requirements risk—business changes are largely cosmetic (e.g., a usability enhancement).
  • Business processes essentially unchanged although technology interfaces may be different; minimal retraining required; minimal change management.
  • Risks more likely associated with technology than business; higher implementation risks in systems with demanding performance and availability (i.e., non-functional) characteristics.


  • Usually driven by an immediate business need to deliver an additional capability or to position an existing asset for anticipated needs by adding capability.
  • Capability added may be functional or non-functional and should be of modest proportion. Any redevelopment is of modest size.
  • Scope may involve multiple systems, programs, or organizational entities (departments), but with a clear authority and a simple governance structure.
  • Changes and additions to business processes are required with small- to medium-scale change management. Impact is often localized to a specific segment of the business.
  • Medium to high requirements risk and related risk of scope creep (additional requirements being added to the project). Development risk increases according to portion being redeveloped or added.
  • Technology risk may be high if significant performance and/or availability (i.e., non-functional) enhancements required; implementation risk medium, ranging to high, if underlying technology base replaced.


  • Major changes and additions to capability affecting business processes, job content, and service delivery model. Often a combination of business and technological evolution is involved.
  • Some base components are reused to provide a working platform on which to add function.
  • Scope may involve multiple systems, programs, entities, and jurisdictions and may span into client and business systems, requiring an appropriate governance structure.
  • High business risk due to significant change management and business process change—the greater the impact of the solution across the business, the greater the risk
  • High requirements risk and related risk of scope creep, hence significant development risk
  • Governance risk proportional to number and diversity of stakeholder interests
  • Conversion and implementation risks likely to be high


  • Project will change fundamentals about the way the business area performs its work—processes, job content, organization, outsourcing, client and business involvement, and service model.
  • Few, if any, existing components will be reused.
  • Project likely spans organizational entities; may be multi-jurisdictional, involve multiple stakeholders, and require a complex governance structure.
  • Carries all the risks of the evolutionary class, further increased by the absence of any significant reuse
  • High to very high business risk owing to project size, very high change management implications, and pervasive impact of solution across the business
  • High to very high governance risk
  • High conversion and implementation risk, variable technology risk
  • Few, if any, risk mitigation mechanisms visible

Appendix C—Abbreviations

Assistant deputy minister
Chief Information Officer Branch
Information technology
Organizational Project Management Capacity Assessment
Project Complexity and Risk Assessment
Privacy Impact Assessment
Project Life Cycle
Project Management Office
Project Management Plan
Systems Development Life Cycle
Treasury Board
Treasury Board of Canada Secretariat
Threat and Risk Assessment

Appendix D—Related Policies and Publications

Treasury Board Policies and Policy Instruments

Other Resources of Interest

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: