Date lodged: 23 March 2017
To ask the Scottish Government who is accountable for its IT (a) investment, (b) infrastructure, (c) tender processes, (d) procurement and (e) project management, and who audits this.
Answered by: Derek Mackay 13 April 2017
The Scottish Government’s IT Investment Board oversee alignment, assurance and support for the deployment of information systems, and the wider use of information technologies, across the Scottish Government. The board, chaired by the Director Digital and comprising senior representatives from Finance, Procurement, HR, IT and Business areas, reports to the Scottish Government’s Place Board and through that to the Directors-General and the Permanent Secretary.
The Information Services and Information Systems division has responsibility for development and support of the organisation’s IT infrastructure. Assurance for that infrastructure is the responsibility of the Scottish Government Chief Technology Officer with an external assurance role provided by the technology systems integrator partner.
All Scottish Government procurement activities are governed by a system of Delegated Purchasing Authority. This applies to the procurement of IT, including “tendering processes”, and involves Delegated Purchasing Officers given authority to award contracts at specified value levels. These arrangements apply to procurement agreements let by the Scottish Government on behalf of Scottish public bodies as a whole, and the Scottish Government’s own specific procurement requirements.
The Scottish Government’s Programme and Project Management Centre of Expertise provides advice on good practice in Programme and Project Management and manages the provision of independent assurance for major projects undertaken by all organisations to which the Scottish Public Finance Manual is directly applicable.
Accountable Officers have a personal responsibility for the propriety and regularity of the finances under their stewardship and for the economic, efficient and effective use of all related resources and are personally answerable to the Parliament for the exercise of their functions. Under delegation from their Accountable Officers the Senior Responsible Owners of are accountable for their successful delivery individual projects or programmes. .
The Scottish Government has an internal audit function and a comprehensive independent assurance framework in place for IT projects and infrastructure developments; including Gateway Reviews and the Technology Assurance Framework which includes Digital First Assessments and a set of mandatory independent stop/go gates at key stages of major programmes or projects.
The Office of the Chief Information Officer is responsible for the Technology Assurance Framework across the Scottish Government and its Agencies. The internal audit function is provided by the Director of Internal Audit with an audit of the Scottish Government’s programme and project management independent assurance review process conducted in 2016.
Further independent audit is provided by Audit Scotland with all Audit Scotland reports published online