Professional Documents
Culture Documents
Projet : &PROJET
PLAN Client : &CLIENT
Propriété de CGI - CGI USE ONLY
Amendment history
date issue status author
yyyy-mm-dd 0.1 eg first draft for review Due Diligence Manager
Text in italics is intended to be for guidance only and should be deleted before issue.
Other, non-italic text should either be retained or suitably modified. Before
completing this document, see the notes supplied under the Manage Projects KPA
link pages for project and quality plans, and Manage Service KPA pages..
Detailed contents
7 Other processes......................................................................................................................... 24
7.1 Procurement and subcontracting......................................................................................24
7.2 Data management............................................................................................................ 24
7.3 Customer supplied and hired-in Items..............................................................................24
7.4 Backup and archiving....................................................................................................... 25
7.5 Quality control records...................................................................................................... 25
7.6 Systems safety (if applicable)........................................................................................... 26
7.7 Security (if applicable)...................................................................................................... 26
7.8 Health & safety of staff (if applicable)...............................................................................26
7.9 Other support processes.................................................................................................. 26
8 Management processes............................................................................................................. 27
8.1 Contract change control................................................................................................... 27
725347437.doc Propriété de CGI 3 / 33
CGI USE ONLY
DUE DILIGENCE PROJECT AND QUALITY BD : &DO
Projet : &PROJET
PLAN Client : &CLIENT
Propriété de CGI - CGI USE ONLY
Provide a brief overview of the customer services in scope and their proposed
outsource (eg DBFO)
This due diligence exercise will assess the outstanding assumptions, risks and issues
and seek to confirm positive statements of service to be incorporated into the contract
of service. It follows the submission of the CGI proposal to <customer> on <date>,
and the subsequent <ITP/contract> received on <date>instructing due diligence to
start <immediately/on date>.
The due diligence activities run in parallel with planning the transition and preparing
a revised offer by <date> and contract negotiations/BAFO (best and final offer)
leading to a full contract award on <date>. The due diligence provides these other
activities with details of the current service and risks.
Amend the above words as required to suit the contractual situation. Identify whether
the due diligence is being performed by CGI alone, or in parallel with other bidders.
Outline any other features of the bid/programme impact or that interact with the due
diligence. For example, if CGI is working with a partner, identify their role in the
due diligence and reference the teaming agreement and confidentiality agreement.
Due diligence completes on successful completion of the gate 1 review, when the
vertical and horizontal line management formally approve the outputs.
State if the customer has any role in accepting/authorising the due diligence output.
1.2 Objectives
to allow CGI to verify assumptions made during the bidding process, thus
validating the solutions, prices and timescales previously given to <customer>
to assess the quantity, quality, sizing and complexity of the infrastructure and
systems that will be used to deliver the managed service and confirm or
otherwise that we can deliver the service for the costs estimated and in the
timescales required
to assess the nature of the existing service provision and improvements to be
made in the provision of the new service
to allow <customer> and CGI to build an appropriate commercial agreement
should a decision to proceed be taken at the end of due diligence
to identify, quantify and determine a mitigation action for all remaining
programme risks.
725347437.doc Propriété de CGI 5 / 33
CGI USE ONLY
DUE DILIGENCE PROJECT AND QUALITY BD : &DO
Projet : &PROJET
PLAN Client : &CLIENT
Propriété de CGI - CGI USE ONLY
The factors critical to the due diligence achieving these objectives are:
State the major risks to the due diligence successful completion and what
containment and contingency plans are proposed to address them. This section may
reference out to the programme risk register if it specifically includes risks to due
diligence.
1.5 Constraints
Identify any constraints that apply to the due diligence, and what mitigating actions
are planned to overcome them. For example:
Refer to any related plans and documents referenced, including the proposal, QMS,
ITP, any other relevant bid outputs, and the Cortex baseline.
Local QA procedures
Define which baseline of Cortex (and of any other quality management system
involved) the due diligence is using – state either ‘current baseline’, or a specific
previous one that has been agreed by the local QA office. This is needed to identify
the versions of the various Cortex processes invoked by sections 3.7 and 6.
Introduce the due diligence project and quality plan document and define its scope of
applicability. Say what work it applies to, what the mechanism for its review and
authorisation is (including on-going review) and state that it been produced to this
output description.
This due diligence project and quality plan for the <xyz programme> describes the
objectives, structure, schedule, organisation, resources and costs of the due diligence,
together with the approach, processes, controls and procedures that will be applied
by team members to their work, in order to accomplish the objectives.
This output is a document that provides a record and summary of the information
found during the investigation. It highlights any gaps and inconsistencies identified
and raised through the issues log (see section 2.1.3).
State whether the report is deliverable: this should reflect what is in the due
diligence ITP. If it doesn’t some action may be required!!!
How issues might impact the company’s ability to provide (or to transition to
provision) the services in a profitable way: ie potential ‘deal breaker’ factors that
must be addressed before further effort is invested in the programme
Issues that require special approvals or the investment of specialised resources
Level of confidence in basis of the report and the confidence in the resulting
analysis, including a list of issues that affect the likely accuracy of the report
An assessment of supplier relationships, including any specific issues (eg poor
performance, potential competitors)
Any additional information or recommendations that are considered
commercially sensitive
Lessons learned including any suggested process improvements.
This document is for CGI internal use only.
This output is a catalogue of the issues raised, and provides a means of tracking their
status during the due diligence. Appendix A - provides a template and section 4.3 the
procedure for managing it.
This is the <Project name> risk register which catalogues the risks to the overall
programme. The due diligence validates and updates the risks in this register against
the results of the investigation.
2.2 Precedence
Define the precedence of any documents that determine the scope of supply for the
due diligence, eg ITT, correspondence, ITP, contract.
2.3 Dependencies
Specify all external items that are to be provided to the due diligence from elsewhere
together with the milestones or dates by which these items are required. Identify
overall commitments from the customer.
This should preferably be in the form of a table that includes all items the due
diligence is dependent upon and which must be ‘delivered’ to the due diligence.
Include diagrammatic representations of the plan that show the due diligence
timescales for the major activities based on:
The high level work packages in the WBS (matching section 3.3)
This section may reference out to appendices, if it is more convenient to produce the
networks and or bar charts in other places.
3.2 Milestones
Milestone Criteria
Gate 0 review Lodgement of the bid documentation and ITP/contract or
equivalent according to local lodgement rules
Bid handover Completion of the briefing of the Due Diligence Manager and
team by the bid team, to the level where the Due Diligence
Manager can identify and prioritise the areas of investigation.
Gate 1 review: Due diligence has achieved its aims and is therefore complete.
due diligence
confirmation review
The following table shows the main tasks in the due diligence.
Due diligence commences upon appointment of the Due Diligence Manager, whose
immediate priority is to become familiar with the bid and associated key issues
through a hand over meeting with the bid team.
Following this there is an internal formal kick off meeting held to establish a
common understanding of the bid by all parties, agree the focus areas for due
diligence, the resources required and the budget allocated.
The Due Diligence Manager agrees with the customer the detailed approach,
constraints, scope and timescale including the dates by which the customer needs to
meet dependencies.
The Due Diligence Manager produces a plan for the due diligence (this document)
and agrees the details of the output format for the due diligence report and analysis.
3.5.1 Overview
The investigations will be carried out as a set of streams, each associated with an
area of specialist expertise.
Each stream is time boxed, with effort prioritised on discovery in areas considered to
hold the highest risks to ensure completion of due diligence.
During the investigations, the Due Diligence Manager will hold a ‘wash-up’ meeting
at the end of each day (amend frequency to suit) to track progress, to collate the
information, prioritise items for investigation, identify issues, and escalate where
necessary (see 4.2).
This suggested stream breakdown should be amended as necessary. The scope of the
investigation should reflect what is in the due diligence ITP.
This stream is ‘assets’ orientated. The critical areas for investigation (most important
first) are:
Amend and expand the above list of priority areas for investigation, as identified by
the bid team/account manager. List in priority order if possible.
This stream primarily deals with the implications of the transfer of staff (TUPE),
their terms and conditions. The critical areas for investigation (most important first)
are:
Amend and expand the above list of priority areas for investigation, as identified by
the bid team/account manager. List in priority order if possible. It may be necessary
to assess any change impact with Trade Unions, particularly if any redundancies are
likely to result from the outsource.
This stream addresses company wide business SLA and continuity, together with the
service desk performance and service processes (user base, on call, procedures, etc),
management and operation of a first, second, third line help desk for all IT related
issues. The critical areas for investigation (most important first) are:
Amend and expand the above list of priority areas for investigation, as identified by
the bid team/account manager. List in priority order if possible.
This stream covers commercial aspects such as 3rd party supply contract novation.
The critical areas for investigation (most important first) are:
List priority areas for investigation, as identified by the bid team/account manager.
List in priority order. Include checks on current management of 3rd parties and
comparing the subcontracted slas against business slas.
This stream identifies the extent and validity of customer processes, procedures and
forms. The critical areas for investigation (most important first) are:
List priority areas for investigation, as identified by the bid team/account manager.
List in priority order. For a BPO due diligence, this includes the investigation of
business processes, including business inputs (electronic input, paper documents,
goods in and phone calls) customer business processes and outputs (electronic/paper
documents, reports, forms, goods out and phone calls).
This stream covers any remaining areas such as regulatory issues, safety, customer
locations and facilities from which CGI will be delivering the service, estates
management if premises are to be transferred, systems and physical building access
for on site service. The critical areas for investigation (most important first) are:
This work package documents the information found during the investigation, as a
due diligence report (see section 2.1.1). This additionally highlights any gaps and
inconsistencies identified and raised through the issues log.
validate the bid assumptions and risks, and highlight significant discrepancies,
particularly where investigation findings are at odds with the risk mitigation and
contingency levels
confirm that the issues raised are either closed by the provision of further
information, accounted for via the risk register, or passed on to the customer or
subcontractor
check the findings against the definition of service offered and scope of work
proposed.
identify any lessons learned (see communication of knowledge section ).
This is documented in the due diligence analysis (see section 2.1.2).
The review process will involve a document review of the due diligence report and
due diligence analysis, and at least one formal review meeting, the gate 1 review.
The objectives of the due diligence review meeting are as follows:
Define the procedures for documentation management on the due diligence. Include
the requirements for review and authorisation of documents listed in 7.5.1.
If the overall programme has a documentation plan, this section only needs to refer
out to the specific plans or standards for details, for example the format of
documents and/or document configuration control details may be covered by a
specific standard.
for the stream leaders to communicate the key issues that they have discovered
to provide a forum for cross stream communication
to provide a forum to re-prioritise the investigation and resource it
to agree the escalation of any issues relating to the DD exercise.
The meeting will be chaired by the DD manager and attended by the stream leaders
and BAFO process owners and attendance is mandatory. The DD manager will
notify the team of agreed actions.
During the course of the due diligence, if further information is uncovered by a team
member, then they update the resolution section, and modify the status accordingly.
Possible values of status are:
raised: initial value
closed: issue resolved
duplicate: issue closed because it the problem is already covered by another issue
mitigated: issue open, but impact has been reduced as a result of subsequent action
(eg Further information disclosed).
Issues are not deleted, but issues with status closed or duplicate may be moved to
another section or spreadsheet if desired.
Default process and guidance references:
- [SUP.P180] – Manage Risks
4.4 Customer meetings
This section is not mandatory but is left as a place to identify any other special
lifecycle processes and procedures that are required and are not covered under the
above headings. Delete if not needed.
Provide an organisation chart of the due diligence team structure that identifies the
key roles and indicates the reporting relationships, information flows within the
team, and records any changes with time.
The team structure follows the structure of the investigation streams, each requiring
its own specialists and led by a stream leader. Each stream leader will be responsible
to the Due Diligence Manager for obtaining and confirming the information key to
their area of the service, as directed by the kick off meeting.
5.2.1 Staffing
The Due Diligence Manager has responsibility for planning and running the due
diligence, and delivering the outputs. the terms of reference are as defined by Cortex
process MSV.P40.
The stream leaders are responsible for the ensuring that their team gather all the
information required to address the questions, assumptions and risks pertinent to
their area of responsibility. The stream leaders shall also ensure that they validate the
impact of the investigation work with the bid team to confirm the scope of service.
The key responsibilities are to:
Indicate the profile of staff levels planned throughout the due diligence and comment
on any specific issues arising from this.
The distribution is best presented as a plot of team size versus time, though
alternatively a staff charges plan may be used. Either of these may be more easily
included in an appendix that will need to be referenced. Issues that are noteworthy
are a rapid build up or especially large numbers of staff at any time.
Identify the communication measures necessary to ensure smooth running of the due
diligence, and should include a ‘map’ that describes all of the interfaces between
CGI, our customer and any third parties. State the formal constitution of any
management or steering bodies for the due diligence.
Where the interaction of the customer is critical to the success of the due diligence,
the key customer roles must be defined. If this project and quality plan is agreed
with (signed by) the customer, this structure and criticality should be added to this or
a new sub-section. If the project and quality plan is not agreed with (signed by) the
customer, this structure and criticality may be defined elsewhere; the contract might
be one such place.
This section is not mandatory but is the place to describe any other resources
required for day to day running of the due diligence, such as administration
resources, office or machine room space, access to customer resources (people,
systems, or office facilities).
6 Compliance matrix
Indicate compliance to Cortex by identifying the processes and procedures
applicable to each particular area. Sections 4, 7, 8 and 9 provide further detail.
This matrix template provides only suggested defaults values, and must be
reviewed and tailored to the lifecycle(s) and contractual framework applicable
to this particular due diligence.
Used?
(* = this quality plan
provides further details)
Quality planning Yes Detail project process MPJ.P40 *
(covers safety Detail project process - process DPP-PD See MPJ.P40
planning, and other description.
statutory / regulatory Review plans MPJ.P50
requirements) Manage project quality SUP.P200
Systems safety management RUN.P130
Work delegation and Yes Plan project MPJ.P30
monitoring Track progress MPJ.P60
Control project MPJ.P80
Apply work instructions DO.P10
Initiate support work processes SUP.P10
Supplier/ Yes Qualify subcontractor BUY.P30
Subcontract controls Buy and proceed BUY.P70
Manage change SUP.P130
Manage subcontractors BUY.P85
Order acceptance and supplier BUY.P90
performance update
Risk and issue Yes Manage risks SUP.P180
management
Status reporting Yes Report project status MPJ.P90
customer reports LCG022
Metrics Yes Manage measurements collation SUP.P190 *
Identification and Ye Manage stakeholders SUP.P210
management of s
stakeholders
Communication of Yes Disseminate project information MPJ.P110
knowledge (via Our Close project MPJ.P130
Knowledge) – the
harvest plan
Line monitoring Yes Delivery management RUN.P60 *
CTQ assurance Yes Quality management - quality RUN.P110.3
engineering environment
Central support functions - if available/applicable - otherwise these functions must be covered
in the lifecycle support processes section above
Procurement Yes Supplier assessment process BUY.P30 to This will often have taken
and/or P60 place during the bid
subcontractor Buy and proceed BUY.P70 phase - but the project
management Manage change SUP.P130 must still monitor the
Manage subcontractors BUY.P85 supplier/subcontractor
Order acceptance and supplier BUY.P90 and maintain/update the
performance update supplier assessment
Supplier assessment records BUY.P100 records.
Staff training Yes Manage Staff: MSF:
and development - Training provision P50.20
- Performance review P40.20
Unless stated otherwise, the version in use is the latest approved version. Precedence of
documents is by the order in which they occur in the matrix for each entry. Items in italic font
provide guidance only.
Notes:
1. Do not delete any rows. If an element is not applicable or is not used, the entries in the
‘process / procedure’ and ‘Ref.’ Columns should be kept blank.
2. Project-specific safety and security issues will be documented or referenced in this Plan. See
detail project process - process description available as supporting documentation to the
Quality Plan templates. Systems safety management – CMP-LCG032 applies with regard to
safety. It must be referenced for safety-related projects. Safety management plans is optional.
7 Other processes
7.1 Procurement and subcontracting
All purchases, other than those performed directly by the customer, must be handled
through the appropriate CGI local purchasing system. This section will therefore
typically consist of references out to the locally mandated standards, processes
and/or procedures for this, plus any special conditions/requirements that may apply.
The ‘Buy Things’ KPA provides the mandatory requirements for this activity.
Define the principles, processes and systems to be used for sharing and managing
data within the service, and with stakeholders.
Define the procedures for the retention, handling and protection of any material
hired-in or supplied on loan by the customer, or other parties for use in conducting
the due diligence.
Include the requirements for the handling and preservation of any equipment or
spares that are procured by the project and either used during development/testing,
or simply stored, before onward delivery to the customer.
Define the procedures for backup and archiving of material used by the due
diligence. If the overall programme has backup and archiving procedures which are
applicable to due diligence, then this section need only refer to those.
This section needs to differentiate between routine backups against equipment
failures or operational accidents, and the formal archiving of controlled baselines at
milestones and delivery points:
all legally significant items or specific issues for safety related projects should be
separately identified in this section
disaster recovery and business continuity requirements relevant here are
confined to the completion of the due diligence exercise
Default process and guidance references:
- [SUP.P150] - Manage backup / archiving of material.
Define the requirements for the control and retention of all types of quality control
records, including: review records and meeting records.
Default process and guidance references:
- [SUP.P200] - Manage project quality
- [DO.P120] - Review.
The table in the following section summarises the types of reviews and associated
review records for a typical due diligence exercise.
This table MUST be reviewed and updated in order to address the specific
needs of each individual due diligence.
Key to table: CU = customer; VLM = Vertical Line Manager; HLM = horizontal Line Manager; DDM = Due
Diligence Manager; QA = quality assurance office for the subsidiary;
725347437.doc Propriété de CGI 25 / 33
CGI USE ONLY
DUE DILIGENCE PROJECT AND QUALITY BD : &DO
Projet : &PROJET
PLAN Client : &CLIENT
Propriété de CGI - CGI USE ONLY
Note 1: The customer is only involved in the review of the due diligence report if it is a formal deliverable under
the contract/ITP, and only after it has passed all internal reviews.
7.6 Systems safety (if applicable)
Define the process for maintaining and controlling any safety procedures required
by the due diligence.
A separate safety management plan may be produced, in which case this section only
needs to refer out to the specific plan for details.
Default process and guidance references:
- [RUN.P130] – System safety management
- CMP-LCG032 – Safety related systems
Define the process for maintaining and controlling any security procedures required
by the due diligence. This process must comply with any information security
standards applied by the customer.
Define the process for ensuring compliance with data protection and confidentially
requirements.
Default process and guidance references:
- [SUP.P40] –Manage security.
Define the process for maintaining and controlling any health & safety procedures
required by the Due Diligence – eg for staff working out on site.
This section is not mandatory but is the place to detail any other special lifecycle and
support procedures that are required. Delete if not needed.
Examples of other support processes that may need to be considered, either here or
appended to the relevant sections above, include:
transport and accommodation logistics for staff
physical security / access controls to sites.
8 Management processes
8.1 Contract change control
Define the procedures for contract change control with both the customer and any
sub-contractors to cover controlling changes in the scope of the due diligence,
assessing their impact and passing on cost and timescale adjustments to the
customer in a timely manner.
Define the procedure for handling customer complaints about the conduct of the due
diligence. Address the requirements for the measurement of customer satisfaction
with the due diligence – typically, this will be in conjunction with the account
management processes and bid/programme management, and as a part of the overall
management of the Company’s relationship with the customer.
Define the approach taken to planning the due diligence and the control over the due
diligence project and quality plan. define how due diligence effort and timescale is
estimated and tracked.
Define the processes and procedures for allocation, recording, monitoring and
acceptance of planned work.
Define the processes and procedures to be used for risk management, both for the
due diligence as an exercise and the risk management associated with the
bid/programme as a whole (refer to the programme risk management procedures).
NB this section defines only the process, not where the risks themselves are defined,
nor their containment/contingency plans. See section 1.4 for related risk documents
eg (risk register)
Define the status reporting procedures for the due diligence, both internally and to
the customer. where the due diligence is being tracked as part of a larger
programme, this section need only refer out to the programme reporting procedures,
but stating how the due diligence activity’s progress is fed into them
8.8 Metrics
Define:
the mechanisms and any tools that will be used to gather them
the project staff and methods that they will use to analyse, report and take
action on them
the methods and mechanisms used to store the defined metrics
when they will be analysed, and how they’ll feed into the company’s
measurements and business process improvement activities.
For each identified metric, this section must define both the characteristics of the
metric to be collected, and the reason for its collection.
At appropriate times during the due diligence, the Due Diligence Manager should
identify items of interest to other parts of CGI (subsidiary, business unit, ILoB,
QA ...); specifically any improvements that can be made to the due diligence process
and templates. This is documented in the ‘lessons learned’ section of the due
diligence analysis. The gate 1 review meeting will review this and ensure that
adequate actions are, or have been, taken.
The harvest plan is first drafted during the bid phases, highlighting documents,
deliverables which are identified as being of wider interest. These should be noted
here and the PSR should comment on current status until completed, approved and
submitted to Our Knowledge. The harvest plan will cover both deliverables, metrics
and potential lessons learned.
This section is not mandatory but is the place to identify any other special
procedures that are required. Delete if not required.
9 Organisational processes
Describe any procedures that extend beyond the due diligence and are normally
catered for by other CGI, customer or third party functions in connection with the
due diligence. If this plan is not deliverable to the customer, section 9 can be deleted,
however the words in italics must still be addressed in writing the plan
CGI's assurance activities are designed to ensure that the requirements of our
customers are being met and that the work is being conducted within the Cortex
system. These activities focus on:
identifying commercial, technical and quality (CTQ) risks and ensuring that they
are appropriately managed
providing independent confirmation of the operation of Cortex through
monitoring and auditing across all our operations
providing specific processes for special considerations that apply, such as
security, safety and export management.
9.1 Identification and involvement of stakeholders
For each phase and process of the service identify the particular stakeholders who
need to be involved.
Define the specific line management monitoring activities that are regularly applied
to this due diligence.
Define the quality assurance activities carried out in CGI as far as they affect the
due diligence. For example CTQ audit of the bid.
Define any other specific process and procedures that apply to the due diligence
(such as export management) and identify:
Organisations and roles
Any CGI or external standards that are applicable to the organisational
processes and the extent to which they apply.
725347437.doc Propriété de CGI 30 / 33
CGI USE ONLY
DUE DILIGENCE PROJECT AND QUALITY BD : &DO
Projet : &PROJET
PLAN Client : &CLIENT
Propriété de CGI - CGI USE ONLY
10 Charges plan
The section does NOT address issues of how costs relate to the contract value. These
are covered in the next section below.
If the plan is deliverable to the customer, then this section should be omitted
from any deliverable copies.
Give the staffing costs with time for the due diligence by inclusion of a plot of staff
charges versus time or a standard staff charges plan form.
The staff charges plan will normally be included as an appendix for ease of
generation of the document. The text in the section should summarise the forecast
total cost and any special features that arise, such as warranty provisions or unusual
inflation provisions.
Give the materials and expenses costs with time for the due diligence by inclusion of
a plot of materials and expenses costs versus time or a materials and expenses
charges plan.
The materials and expenses charges plans will normally be included as an appendix
for ease of generation of the document. The text in the section should summarise the
forecast total cost and any special features that arise, such as warranty provisions or
unusual inflation provisions.
Include the amounts to be set aside for contingencies against specific identified risks
related to the successful completion of due diligence.
This section should tabulate the contingency costs and likelihood of specific risks
identified in the section 1.4 of this plan and/or the risk register.
11 Financial plans
If this plan is deliverable to the customer, then only the first two subsections
(contract value and payments) of this section should be included in any
deliverable copies.
This section is only applicable if the customer is paying for the due diligence
under a separate project number. (It excludes other parts of the bid or resulting
programme).
State the contract value (for due diligence) and provide any commentary on changes
in the pipeline.
The contract value should be that for which signed cover has been obtained. The
commentary should cover any other changes to value that may be foreseen, but
which don’t yet have written cover.
11.2 Payments
11.3 Cashflow
Give the planned cashflow and any cashflow charges that are anticipated by the
inclusion of a cashflow time plan (plot or report) and a commentary on any
significant points. The time plan will identify the key risk milestone dates (as
described in section 3.2), and the dates of any other milestones related to payments
or penalties.
Summarise the financial status including forecast profit or loss by the inclusion of a
financial status report (plan) and a financial trends chart plot to summarise the
changes with time. Provide a commentary to explain any differences between the
plan and QMS columns.