Servd DDPPQP Od211 - V03

DUE DILIGENCE PROJECT AND QUALITY BD : &DO
Projet : &PROJET
PLAN Client : &CLIENT
Propriété de CGI - CGI USE ONLY
Due diligence project and quality plan

Cortex output description / template
Customer : &CLIENT
Contract number :
Proposal number :
Business/project number :
Project Manager : &DPIA
Reporting to :
Project/document reference : <Document ID>
Issue : <0.1>
Issue date : <date text>
Period of validity :
Status : eg draft, definitive
Distribution : eg list of ... ... and ...
names roles / locations
Due Diligence Manager

Approved (CGI) : ......................................
Date: .............................
Approved (CGI QA)
: ......................................
(omit if not required) Date: .............................
Vertical Line Manager
Authorised (CGI) : ......................................
Date: .............................
Horizontal Line Manager
Authorised (CGI) : ......................................
Date: .............................
725347437.doc Propriété de CGI 1 / 33

CGI USE ONLY
Projet : &PROJET
Amendment history
date issue status author
yyyy-mm-dd 0.1 eg first draft for review Due Diligence Manager
Text in italics is intended to be for guidance only and should be deleted before issue.
Other, non-italic text should either be retained or suitably modified. Before
completing this document, see the notes supplied under the Manage Projects KPA
link pages for project and quality plans, and Manage Service KPA pages..
WARNING: customer visible plans
This is NOT suitable for distribution to a customer in this format. In order to

produce a customer visible version of the plan the following changes are
needed: [If this template is modified for specific/local application, it is essential
to adjust this list accordingly]:
Add the customer contact name/role to the distribution list on the front sheet
Remove the text ‘CGI use only’
Remove the following (sub-)sections from the document:
this warnings section

sub-section 3.1 (network and bar charts)
sub-sections 5.4 (staffing profile)
section 9 (charges plan)
sub-sections 11.3 (cashflow) and 11.4 (financial status)
The embedded guidance notes (especially in sections 9 - organisational
processes and 1.6 - referenced documents) contain several items of detailed
changes to be considered if the plan is to be a customer deliverable - review all
such items for completeness and appropriateness
If formal customer agreement to the document is required by the contract,

complete the final row of the signature boxes as:
‘Agreed (customer) : ………role/date’.
For certain types of contract it may be necessary to replace some of these

removed internal sections with approved external alternatives.
Plans must not be circulated to a customer - even in draft - before ALL

appropriate internal approvals and authorisations have been completed.

CGI USE ONLY
Projet : &PROJET
Detailed contents
1 Introduction and summary............................................................................................................ 5

1.1 Introduction......................................................................................................................... 5
1.2 Objectives........................................................................................................................... 5
1.3 Success factors.................................................................................................................. 6
1.4 Risks identified................................................................................................................... 6
1.5 Constraints......................................................................................................................... 6
1.6 Referenced documents...................................................................................................... 6
1.7 Document scope................................................................................................................ 7
2 Scope of supply - deliverables and dependencies........................................................................8
2.1 Deliverables........................................................................................................................ 8
2.2 Precedence........................................................................................................................ 8
2.3 Dependencies.................................................................................................................... 9
3 Plan, approach and work breakdown structure...........................................................................10
3.1 Network and bar charts.................................................................................................... 10
3.2 Milestones........................................................................................................................ 10
3.3 Work breakdown structure / life cycle processes..............................................................10
3.4 Initiate due diligence (WP1000)........................................................................................11
3.5 Due diligence investigations (WP2000)............................................................................11
3.6 Report due diligence (WP3000).......................................................................................14
3.7 Review due diligence (WP4000)......................................................................................15
4 Lifecycle support processes....................................................................................................... 16
4.1 Documentation management...........................................................................................16
4.2 Wash-up meetings........................................................................................................... 16
4.3 Issue management........................................................................................................... 16
4.4 Customer meetings.......................................................................................................... 17
4.5 Other processes............................................................................................................... 17
5 Organisation and resource plan.................................................................................................. 18
5.1 Team structure................................................................................................................. 18
5.2 Key roles.......................................................................................................................... 18
5.3 Assignment to tasks......................................................................................................... 19
5.4 Staffing profile.................................................................................................................. 20
5.5 Communications with customer and third party organisations..........................................20
5.6 Other resources................................................................................................................ 20
6 Compliance matrix...................................................................................................................... 21
7 Other processes......................................................................................................................... 24
7.1 Procurement and subcontracting......................................................................................24
7.2 Data management............................................................................................................ 24
7.3 Customer supplied and hired-in Items..............................................................................24
7.4 Backup and archiving....................................................................................................... 25
7.5 Quality control records...................................................................................................... 25
7.6 Systems safety (if applicable)........................................................................................... 26
7.7 Security (if applicable)...................................................................................................... 26
7.8 Health & safety of staff (if applicable)...............................................................................26
7.9 Other support processes.................................................................................................. 26
8 Management processes............................................................................................................. 27
8.1 Contract change control................................................................................................... 27
CGI USE ONLY
Projet : &PROJET
8.2 Customer complaints and satisfaction measurement.......................................................27

8.3 Planning and estimating................................................................................................... 27
8.4 Work delegation and monitoring.......................................................................................27
8.5 Subcontract/supplier controls........................................................................................... 28
8.6 Risk management............................................................................................................ 28
8.7 Status reporting................................................................................................................ 28
8.8 Metrics.............................................................................................................................. 28
8.9 Communication of knowledge..........................................................................................29
8.10 Other management processes.........................................................................................29
9 Organisational processes........................................................................................................... 30
9.1 Identification and involvement of stakeholders.................................................................30
9.2 Line monitoring................................................................................................................. 30
9.3 Quality assurance............................................................................................................. 30
9.4 Other organisational processes........................................................................................30
10 Charges plan.............................................................................................................................. 31
10.1 Professional costs............................................................................................................ 31
10.2 Materials and expenses costs.......................................................................................... 31
10.3 Contingency provisions.................................................................................................... 31
11 Financial plans............................................................................................................................ 32
11.1 Contract value.................................................................................................................. 32
11.2 Payments......................................................................................................................... 32
11.3 Cashflow........................................................................................................................... 32
11.4 Financial status................................................................................................................ 32
Appendix A - - Due diligence issues log............................................................................................... 33

CGI USE ONLY
Projet : &PROJET
1 Introduction and summary

1.1 Introduction
Provide a brief overview of the customer and their business.
Provide a brief overview of the customer services in scope and their proposed
outsource (eg DBFO)
This due diligence exercise will assess the outstanding assumptions, risks and issues
and seek to confirm positive statements of service to be incorporated into the contract
of service. It follows the submission of the CGI proposal to <customer> on <date>,
and the subsequent <ITP/contract> received on <date>instructing due diligence to
start <immediately/on date>.
The due diligence activities run in parallel with planning the transition and preparing
a revised offer by <date> and contract negotiations/BAFO (best and final offer)
leading to a full contract award on <date>. The due diligence provides these other
activities with details of the current service and risks.
Amend the above words as required to suit the contractual situation. Identify whether
the due diligence is being performed by CGI alone, or in parallel with other bidders.
Outline any other features of the bid/programme impact or that interact with the due
diligence. For example, if CGI is working with a partner, identify their role in the
due diligence and reference the teaming agreement and confidentiality agreement.
Due diligence completes on successful completion of the gate 1 review, when the
vertical and horizontal line management formally approve the outputs.
State if the customer has any role in accepting/authorising the due diligence output.
1.2 Objectives
The main objectives of the due diligence are:
 to allow CGI to verify assumptions made during the bidding process, thus
validating the solutions, prices and timescales previously given to <customer>
 to assess the quantity, quality, sizing and complexity of the infrastructure and
systems that will be used to deliver the managed service and confirm or
otherwise that we can deliver the service for the costs estimated and in the
timescales required
 to assess the nature of the existing service provision and improvements to be
made in the provision of the new service
 to allow <customer> and CGI to build an appropriate commercial agreement
should a decision to proceed be taken at the end of due diligence
 to identify, quantify and determine a mitigation action for all remaining
programme risks.
CGI USE ONLY
Projet : &PROJET
Amend the above list as required
1.3 Success factors
The factors critical to the due diligence achieving these objectives are:
 Conducting the due diligence process in a professional manner which will

promote the image of CGI and provide a positive backdrop to ongoing
commercial negotiations
 Promoting a common understanding of the current scope, scale, quality and risks
of the current service
 Proactively uncovering and testing assumptions implicit in our offer, on which
the successful delivery of the service rely
 Providing an audit of the investigation process to justify the analysis and provide
a basis for subsequent changes to the proposal and contract
 Providing feedback on the effectiveness of the due diligence process and
procedures, to facilitate process improvement for future programmes.
These should always be positive factors - not just avoided risks.
1.4 Risks identified
State the major risks to the due diligence successful completion and what
containment and contingency plans are proposed to address them. This section may
reference out to the programme risk register if it specifically includes risks to due
diligence.
1.5 Constraints
Identify any constraints that apply to the due diligence, and what mitigating actions
are planned to overcome them. For example:
 customer staff availability to attend meetings due to work and holiday

commitments
 limited hours of access to customer data room containing their documentation
 restrictions on copying specific confidential customer documents.
1.6 Referenced documents
Refer to any related plans and documents referenced, including the proposal, QMS,
ITP, any other relevant bid outputs, and the Cortex baseline.
Title Reference Version/issue date

CGI proposal to <customer > <filing> V1.0 <xx/xx/xxxx>
ITP from <customer > <filing> Dated <xx/xx/xxxx>

Cortex baseline Online Current baseline
CGI USE ONLY
Projet : &PROJET
Title Reference Version/issue date
Local QA procedures
Define which baseline of Cortex (and of any other quality management system
involved) the due diligence is using – state either ‘current baseline’, or a specific
previous one that has been agreed by the local QA office. This is needed to identify
the versions of the various Cortex processes invoked by sections 3.7 and 6.
1.7 Document scope
Introduce the due diligence project and quality plan document and define its scope of
applicability. Say what work it applies to, what the mechanism for its review and
authorisation is (including on-going review) and state that it been produced to this
output description.
This due diligence project and quality plan for the <xyz programme> describes the
objectives, structure, schedule, organisation, resources and costs of the due diligence,
together with the approach, processes, controls and procedures that will be applied
by team members to their work, in order to accomplish the objectives.

CGI USE ONLY
Projet : &PROJET
2 Scope of supply - deliverables and dependencies

2.1 Deliverables
2.1.1 Due diligence report
This output is a document that provides a record and summary of the information
found during the investigation. It highlights any gaps and inconsistencies identified
and raised through the issues log (see section 2.1.3).
State whether the report is deliverable: this should reflect what is in the due
diligence ITP. If it doesn’t some action may be required!!!
2.1.2 Due diligence analysis
This output is a document that identifies:
 How issues might impact the company’s ability to provide (or to transition to
provision) the services in a profitable way: ie potential ‘deal breaker’ factors that
must be addressed before further effort is invested in the programme
 Issues that require special approvals or the investment of specialised resources
 Level of confidence in basis of the report and the confidence in the resulting
analysis, including a list of issues that affect the likely accuracy of the report
 An assessment of supplier relationships, including any specific issues (eg poor
performance, potential competitors)
 Any additional information or recommendations that are considered
commercially sensitive
 Lessons learned including any suggested process improvements.
This document is for CGI internal use only.
2.1.3 Issues log
This output is a catalogue of the issues raised, and provides a means of tracking their
status during the due diligence. Appendix A - provides a template and section 4.3 the
procedure for managing it.
2.1.4 Updated risk register
This is the <Project name> risk register which catalogues the risks to the overall
programme. The due diligence validates and updates the risks in this register against
the results of the investigation.
2.2 Precedence
Define the precedence of any documents that determine the scope of supply for the
due diligence, eg ITT, correspondence, ITP, contract.

CGI USE ONLY
Projet : &PROJET
2.3 Dependencies
Specify all external items that are to be provided to the due diligence from elsewhere
together with the milestones or dates by which these items are required. Identify
overall commitments from the customer.
This should preferably be in the form of a table that includes all items the due
diligence is dependent upon and which must be ‘delivered’ to the due diligence.
Dependency Owner Timescale Description

Handover from Bid Manager Bid Handover Proposal, BSS, QMS, risks,
bid issues and assumptions
Service Service architect Bid Handover Can be a separate document
definition or draft schedule(s) from
contract
Customer Customer During Access to customer staff and
access investigation documents
Management Vertical and horizontal Gate 1 Review Review due diligence report
review line management and due diligence analysis
Gate 1 sign-off Vertical and horizontal <date>
line management

CGI USE ONLY
Projet : &PROJET
3 Plan, approach and work breakdown structure

3.1 Network and bar charts
Include diagrammatic representations of the plan that show the due diligence
timescales for the major activities based on:
 The high level work packages in the WBS (matching section 3.3)
 The key milestones (identified in section 3.2) with dates
 The interdependencies between the work packages, milestones and major

external dependencies.
Provide comments on any unusual features or salient points in the plans.
This section may reference out to appendices, if it is more convenient to produce the
networks and or bar charts in other places.
3.2 Milestones
Milestone Criteria
Gate 0 review Lodgement of the bid documentation and ITP/contract or
equivalent according to local lodgement rules
Bid handover Completion of the briefing of the Due Diligence Manager and
team by the bid team, to the level where the Due Diligence
Manager can identify and prioritise the areas of investigation.
Gate 1 review: Due diligence has achieved its aims and is therefore complete.
due diligence
confirmation review
3.3 Work breakdown structure / life cycle processes
The following table shows the main tasks in the due diligence.
Work Package Description Outputs

WP1000 Initiate due diligence Due diligence handover notes,
kick-off meeting minutes,
due diligence project and quality
plan (this document)
WP2000 Due diligence investigation Issues,
customer meeting records
WP2100 Investigate spplications
WP2200 Investigate infrastructure
WP2300 Investigate HR
WP2400 Investigate service management
WP2500 Investigate commercial

CGI USE ONLY
Projet : &PROJET
Work Package Description Outputs

WP2600 Investigate processes
WP2700 Investigate other areas
WP3000 Report due diligence Draft due diligence report,
draft due diligence analysis,
updated risk register
WP4000 Gate 1 review Agreed due diligence report, agree
due diligence analysis, review
meeting minutes
Amend this suggested stream breakdown as necessary.
3.4 Initiate due diligence (WP1000)
Due diligence commences upon appointment of the Due Diligence Manager, whose
immediate priority is to become familiar with the bid and associated key issues
through a hand over meeting with the bid team.
Following this there is an internal formal kick off meeting held to establish a
common understanding of the bid by all parties, agree the focus areas for due
diligence, the resources required and the budget allocated.
The Due Diligence Manager agrees with the customer the detailed approach,
constraints, scope and timescale including the dates by which the customer needs to
meet dependencies.
The Due Diligence Manager produces a plan for the due diligence (this document)
and agrees the details of the output format for the due diligence report and analysis.
3.5 Due diligence investigations (WP2000)
3.5.1 Overview
The purpose of the investigation is to gain an in-depth quantitative and qualitative

understanding of the operation of the customer’s current service delivery operation
and any new services in scope. This task concentrates on collecting and interpreting
the information available.
The investigations will be carried out as a set of streams, each associated with an
area of specialist expertise.
The investigation will be conducted by means of:
 examination of the customer documents provided

 customer meetings (see section 4.4)
 inspecting facilities and equipment
 technical survey of the IT service and infrastructure.

CGI USE ONLY
Projet : &PROJET
Each stream is time boxed, with effort prioritised on discovery in areas considered to
hold the highest risks to ensure completion of due diligence.
During the investigations, the Due Diligence Manager will hold a ‘wash-up’ meeting
at the end of each day (amend frequency to suit) to track progress, to collate the
information, prioritise items for investigation, identify issues, and escalate where
necessary (see 4.2).
The investigation is to cover both the responsibilities owned/undertaken directly by

the customer and those delegated to third parties. The main areas of the service
where further understanding is required are defined in the following sections.
This suggested stream breakdown should be amended as necessary. The scope of the
investigation should reflect what is in the due diligence ITP.
3.5.2 Investigate applications (WP2100)
This stream covers the business purpose, reliability, build technology,

maintainability, and impact of loss for all applications in scope. The investigation
will assess these from the perspective of users, management and application
maintainers. The critical areas for investigation (most important first) are:
 <application 1> and its supporting database

 <application 2> and its supporting database.
Amend and expand the above list of priority areas for investigation, as identified by
the bid team/account manager. List in priority order if possible.
Identify and reference checklists to be used.
3.5.3 Investigate infrastructure (WP2200)
This stream is ‘assets’ orientated. The critical areas for investigation (most important
first) are:
1. Numbers, type, configuration and location of desktop systems

2. Numbers, type, configuration of laptops and other mobile devices
3. Location, configuration and management procedures at <customer> data centres
4. Support and maintenance of desktop applications
5. Local area network facilities at all <customer> locations
6. Support and maintenance of wide area networks
7. Support and maintenance of IT security systems and firewalls
8. Support and maintenance of telephony systems (including fixed and mobile
handsets, base stations, faxes, switches, ACD systems, number and routing
strategies).

CGI USE ONLY
Projet : &PROJET
3.5.4 Investigate human resources (WP2300)
This stream primarily deals with the implications of the transfer of staff (TUPE),
their terms and conditions. The critical areas for investigation (most important first)
are:
the bid team/account manager. List in priority order if possible. It may be necessary
to assess any change impact with Trade Unions, particularly if any redundancies are
likely to result from the outsource.
3.5.5 Investigate service management (WP2400)
This stream addresses company wide business SLA and continuity, together with the
service desk performance and service processes (user base, on call, procedures, etc),
management and operation of a first, second, third line help desk for all IT related
issues. The critical areas for investigation (most important first) are:
3.5.6 Investigate commercial (WP2500)
This stream covers commercial aspects such as 3rd party supply contract novation.
The critical areas for investigation (most important first) are:
List priority areas for investigation, as identified by the bid team/account manager.
List in priority order. Include checks on current management of 3rd parties and
comparing the subcontracted slas against business slas.
3.5.7 Investigate processes (WP2600)
This stream identifies the extent and validity of customer processes, procedures and
forms. The critical areas for investigation (most important first) are:
List priority areas for investigation, as identified by the bid team/account manager.
List in priority order. For a BPO due diligence, this includes the investigation of
business processes, including business inputs (electronic input, paper documents,

CGI USE ONLY
Projet : &PROJET
goods in and phone calls) customer business processes and outputs (electronic/paper
documents, reports, forms, goods out and phone calls).
3.5.8 Investigate other areas (WP2700)
This stream covers any remaining areas such as regulatory issues, safety, customer
locations and facilities from which CGI will be delivering the service, estates
management if premises are to be transferred, systems and physical building access
for on site service. The critical areas for investigation (most important first) are:
 Review the customer’s systems safety and management arrangements (policy,

management system, safety case(s), hazard analyses) to assess if they appear
adequate
 If the above are not in place, a safety assessment of the services, systems and
infrastructure to identify any special measures necessary to mitigate the risks
 Security policy
3.6 Report due diligence (WP3000)
This work package documents the information found during the investigation, as a
due diligence report (see section 2.1.1). This additionally highlights any gaps and
inconsistencies identified and raised through the issues log.
The team also conduct an analysis of the findings to:
 validate the bid assumptions and risks, and highlight significant discrepancies,
particularly where investigation findings are at odds with the risk mitigation and
contingency levels
 confirm that the issues raised are either closed by the provision of further
information, accounted for via the risk register, or passed on to the customer or
subcontractor
 check the findings against the definition of service offered and scope of work
proposed.
 identify any lessons learned (see communication of knowledge section ).
This is documented in the due diligence analysis (see section 2.1.2).

CGI USE ONLY
Projet : &PROJET
3.7 Review due diligence (WP4000)
The review process will involve a document review of the due diligence report and
due diligence analysis, and at least one formal review meeting, the gate 1 review.
The objectives of the due diligence review meeting are as follows:
 understand the due diligence coverage achieved

 understand any implications for the scope of contract
 understand any implications for the risk profile
 identify areas that may require additional protection in the contract
 identify areas that may justify a price adjustment
 confirm that the actions agreed at the due diligence kick-off meeting have been
completed
 ensure actions are set for any updates required to the offer (QMS, risk register,
contract, etc)
 review the lessons learned/suggested process improvements and allocate owners
for follow-up actions
 decide whether the due diligence exercise is complete.
Attendance should include representation from vertical and horizontal line
management, vertical and horizontal commercial management, the bid/sales team
and customer relationship management. The UK/plc commercial functions should be
invited where the total value of the bid requires UK or plc authority (see the
applicable Cortex document ‘Authority matrix – CP-AuthMat).

CGI USE ONLY
Projet : &PROJET
4 Lifecycle support processes

4.1 Documentation management
Define the procedures for documentation management on the due diligence. Include
the requirements for review and authorisation of documents listed in 7.5.1.
If the overall programme has a documentation plan, this section only needs to refer
out to the specific plans or standards for details, for example the format of
documents and/or document configuration control details may be covered by a
specific standard.
Default process and guidance references:

- [SUP.P170] - Manage documentation
- [DO.P120] - Review
- CSM-LOS102 - Guide to documentation
4.2 Wash-up meetings
The purpose of these meetings is:
 for the stream leaders to communicate the key issues that they have discovered
 to provide a forum for cross stream communication
 to provide a forum to re-prioritise the investigation and resource it
 to agree the escalation of any issues relating to the DD exercise.
The meeting will be chaired by the DD manager and attended by the stream leaders
and BAFO process owners and attendance is mandatory. The DD manager will
notify the team of agreed actions.
4.3 Issue management
Issue management is the process of tracking items of concern or potential concern

raised during the investigations of the due diligence. They include the following
types:
 information missing or incomplete (eg no design specification for an application,

or access to a document could not be provided)
 information inconsistent: conflicting data
 information potentially inaccurate: (eg number of pcs at a site is stated as ‘the
inventory states 120 but we suspect there are more than that’)
 service level issue (eg current service failing to meet SLA).
The individual who identifies the issue records it in the log. The Due Diligence
Manager is responsible for the maintenance of the log. New entries in the log will be
highlighted at the wash-up meeting. Appendix A - provides a template.

CGI USE ONLY
Projet : &PROJET
During the course of the due diligence, if further information is uncovered by a team
member, then they update the resolution section, and modify the status accordingly.
Possible values of status are:
raised: initial value
closed: issue resolved
duplicate: issue closed because it the problem is already covered by another issue
mitigated: issue open, but impact has been reduced as a result of subsequent action
(eg Further information disclosed).
Issues are not deleted, but issues with status closed or duplicate may be moved to
another section or spreadsheet if desired.
- [SUP.P180] – Manage Risks
4.4 Customer meetings
The correct planning and recording of customer meetings is paramount to the

successful conclusion of the DD exercise. These cover:
 one-to-one interviews with stakeholders and practitioners within the customer
organisation (specify which ones and the reason for choosing them)
 workshops with senior IT operational management from the Customer and
current incumbents.
The owner of the meeting (normally the stream leader) should do the following:
1. Prepare an agenda ahead of the meeting and send to the interviewees so they can
prepare and obtain any necessary information.
2. Confirm that the interviewees are the correct people to answer the questions (if
necessary arrange a new meeting).
3. At the meeting, take detailed notes and request a copy of any key facts provided
by the interviewee.
4. Complete a customer meeting record using the template provided in.[SUP.P170]
Manage Documentation – Documentation Guidelines and Templates, Minutes
Template. Record the essence of the meeting and the facts provided. together
with any actions that are agreed from the meeting. Record as actions all requests
for further information or copies of documents/data.
5. Submit the meeting record to the attendees for agreement, and ensure all
attendees confirm their agreement by signing a hard copy (or providing an
email). File the agreed copy and any other record of agreement.
4.5 Other processes
This section is not mandatory but is left as a place to identify any other special
lifecycle processes and procedures that are required and are not covered under the
above headings. Delete if not needed.

CGI USE ONLY
Projet : &PROJET
5 Organisation and resource plan

5.1 Team structure
Provide an organisation chart of the due diligence team structure that identifies the
key roles and indicates the reporting relationships, information flows within the
team, and records any changes with time.
The team structure follows the structure of the investigation streams, each requiring
its own specialists and led by a stream leader. Each stream leader will be responsible
to the Due Diligence Manager for obtaining and confirming the information key to
their area of the service, as directed by the kick off meeting.
The following structure shows a ‘typical’ approach: adapt as necessary.
5.2 Key roles
5.2.1 Staffing
Role Performed by Individual

Account manager
Due Diligence Manager
Line Manager
Outsourced services Line Manager
Applications stream leader
Infrastructure stream leader
Human resources stream leader
Service management stream leader
Commercial stream leader
Process stream leader
Other stream leaders as required.

CGI USE ONLY
Projet : &PROJET
5.2.2 Due Diligence Manager
The Due Diligence Manager has responsibility for planning and running the due
diligence, and delivering the outputs. the terms of reference are as defined by Cortex
process MSV.P40.
5.2.3 Stream leader
The stream leaders are responsible for the ensuring that their team gather all the
information required to address the questions, assumptions and risks pertinent to
their area of responsibility. The stream leaders shall also ensure that they validate the
impact of the investigation work with the bid team to confirm the scope of service.
The key responsibilities are to:
 engage in the due diligence investigation process for their stream

 prepare customer meeting records in a timely manner
 attend wash-up meetings and raise any (significant) issues identified during
investigation
 complete the sections of the agreed outputs in accordance with the plan
 liase with other work streams as required to ensure the sharing of information
and issues
 work with the bid team/service architect to confirm the scope of the service
offering in light of the information obtained.
5.3 Assignment to tasks
Work Description Role

Package
WP1000 Initiate due diligence Due Diligence Manager
WP2000 Due diligence investigation Due Diligence Manager
WP2100 Investigate applications Applications stream leader
WP2200 Investigate hr Infrastructure stream leader
WP2300 Investigate hr Human resources stream leader
WP2400 Investigate service management Service management stream leader
WP2500 Investigate commercial Commercial stream leader
WP2500 Investigate process Process stream leader
WP2600 Investigate other areas Other stream leaders as required.
WP3000 Report due diligence Due Diligence Manager (and stream
leaders)
WP4000 Review due diligence Due Diligence Manager

CGI USE ONLY
Projet : &PROJET
5.4 Staffing profile
Indicate the profile of staff levels planned throughout the due diligence and comment
on any specific issues arising from this.
The distribution is best presented as a plot of team size versus time, though
alternatively a staff charges plan may be used. Either of these may be more easily
included in an appendix that will need to be referenced. Issues that are noteworthy
are a rapid build up or especially large numbers of staff at any time.
5.5 Communications with customer and third party organisations
Identify the communication measures necessary to ensure smooth running of the due
diligence, and should include a ‘map’ that describes all of the interfaces between
CGI, our customer and any third parties. State the formal constitution of any
management or steering bodies for the due diligence.
The mapping should be in the form of an interconnected set of organisation charts.
Where the interaction of the customer is critical to the success of the due diligence,
the key customer roles must be defined. If this project and quality plan is agreed
with (signed by) the customer, this structure and criticality should be added to this or
a new sub-section. If the project and quality plan is not agreed with (signed by) the
customer, this structure and criticality may be defined elsewhere; the contract might
be one such place.
5.6 Other resources
This section is not mandatory but is the place to describe any other resources
required for day to day running of the due diligence, such as administration
resources, office or machine room space, access to customer resources (people,
systems, or office facilities).

CGI USE ONLY
Projet : &PROJET
6 Compliance matrix
Indicate compliance to Cortex by identifying the processes and procedures
applicable to each particular area. Sections 4, 7, 8 and 9 provide further detail.
This matrix template provides only suggested defaults values, and must be
reviewed and tailored to the lifecycle(s) and contractual framework applicable
to this particular due diligence.
Area Process / procedure Refs. Comments

Used?
(* = this quality plan

provides further details)
Conduct due Yes Due diligence MSV.P40
diligence
Verification and Yes Reviews DO.P120 Name any specific
validation reviewing procedures that
are to be followed, eg the
customer’s.
Lifecycle support processes
Documentation Yes Manage documentation SUP.P170 Name any other
management review DO.P120 documentation or review
standards that are to be
followed, eg the
customer’s.
Data management Yes Manage project data SUP.P220
Procurement and Yes Buy Things - supplier selection BUY.P30 Name any local
subcontractor Buy Things - routine & repeat BUY.P70 to procedure(s) to be used
management orders P100 (eg In the UK: UK-SAP
Buy Things - special purchases BUY.P10 to and UK-PROWL).
and all subcontracts P100
Manage change SUP.P130
Customer supplied / Yes Control of customer supplied SUP.P160 Name any local
hired-in items and hired material procedure(s) to be used
Backup and Yes Manage backup / archiving of SUP.P150 * as provided internally by
archiving material the team
Name any local
procedure(s) to be used
Quality control Yes Manage project quality SUP.P200 *
records reviews and records DO.P120
Security Yes Manage security SUP.P40 *
management
Management and organisational processes
Customer Yes Manage customer’s satisfaction MRL.P90 *
satisfaction
Customer Yes Manage customer’s complaints MRL.P80 *
complaints
Contract change Yes Manage change SUP.P130 *
control
Planning controls Yes Plan project MPJ.P30
Plan project - process PP-PD See MPJ.P30
description MPJ.P50
Review plans

CGI USE ONLY
Projet : &PROJET
Area Process / procedure Refs. Comments
Used?
(* = this quality plan
provides further details)
Quality planning Yes Detail project process MPJ.P40 *
(covers safety Detail project process - process DPP-PD See MPJ.P40
planning, and other description.
statutory / regulatory Review plans MPJ.P50
requirements) Manage project quality SUP.P200
Systems safety management RUN.P130
Work delegation and Yes Plan project MPJ.P30
monitoring Track progress MPJ.P60
Control project MPJ.P80
Apply work instructions DO.P10
Initiate support work processes SUP.P10
Supplier/ Yes Qualify subcontractor BUY.P30
Subcontract controls Buy and proceed BUY.P70
Manage change SUP.P130
Manage subcontractors BUY.P85
Order acceptance and supplier BUY.P90
performance update
Risk and issue Yes Manage risks SUP.P180
management
Status reporting Yes Report project status MPJ.P90
customer reports LCG022
Metrics Yes Manage measurements collation SUP.P190 *
Identification and Ye Manage stakeholders SUP.P210
management of s
stakeholders
Communication of Yes Disseminate project information MPJ.P110
knowledge (via Our Close project MPJ.P130
Knowledge) – the
harvest plan
Line monitoring Yes Delivery management RUN.P60 *
CTQ assurance Yes Quality management - quality RUN.P110.3
engineering environment
Central support functions - if available/applicable - otherwise these functions must be covered
in the lifecycle support processes section above
Procurement Yes Supplier assessment process BUY.P30 to This will often have taken
and/or P60 place during the bid
subcontractor Buy and proceed BUY.P70 phase - but the project
management Manage change SUP.P130 must still monitor the
Manage subcontractors BUY.P85 supplier/subcontractor
Order acceptance and supplier BUY.P90 and maintain/update the
performance update supplier assessment
Supplier assessment records BUY.P100 records.
Staff training Yes Manage Staff: MSF:
and development - Training provision P50.20
- Performance review P40.20

CGI USE ONLY
Projet : &PROJET
* This plan provides further details.

The columns represent the following:
Area the element that is being addressed or is to be satisfied. Customer complaints; note
that a customer complaints Log is usually held centrally by each local QA Office for
logging quality issues that cannot be resolved at normal project-customer interface.
concessions: generally not relevant to most non-defence projects as this plan will
document any variations / deviations.
Used? If set to ‘Yes’, then compliance with Cortex should be
Set to ‘Yes’, ‘No’ or ‘N/A’.
demonstrable. If set ‘No’ or ‘N/A’, then it must be justified in this plan. Note
that there are some mandatory outputs in Cortex that have to be produced by
all projects.
Process/Procedure Indicates how the element is met by cross-referencing the appropriate
document. A subsidiary or divisional handbook procedure should be referenced
if appropriate. Further details / clarification may also be provided in this plan.
Reference Reference number of references provided in the ‘process / procedure’ column.
Comments Additional detail or clarification.
Unless stated otherwise, the version in use is the latest approved version. Precedence of
documents is by the order in which they occur in the matrix for each entry. Items in italic font
provide guidance only.
Notes:
1. Do not delete any rows. If an element is not applicable or is not used, the entries in the
‘process / procedure’ and ‘Ref.’ Columns should be kept blank.
2. Project-specific safety and security issues will be documented or referenced in this Plan. See
detail project process - process description available as supporting documentation to the
Quality Plan templates. Systems safety management – CMP-LCG032 applies with regard to
safety. It must be referenced for safety-related projects. Safety management plans is optional.

CGI USE ONLY
Projet : &PROJET
7 Other processes
7.1 Procurement and subcontracting
Define the project purchasing and subcontracting procedures (including the

sourcing of contract staff to conduct the due diligence.). If none are required, this
section may be deleted.
All purchases, other than those performed directly by the customer, must be handled
through the appropriate CGI local purchasing system. This section will therefore
typically consist of references out to the locally mandated standards, processes
and/or procedures for this, plus any special conditions/requirements that may apply.
The ‘Buy Things’ KPA provides the mandatory requirements for this activity.

- [BUY.P30] - Qualify supplier / subcontractor
- [BUY.P70]-[BUY.P100] - truncated process for routine & repeat orders
- [BUY.P10]-[BUY.P100] - full process for special purchases
and for all subcontracts.
7.2 Data management
Define the principles, processes and systems to be used for sharing and managing
data within the service, and with stakeholders.
Project data includes: all types of documentation, development products, test

materials, configuration data, web pages, workspace contents, quality records,
metrics and administrative material – whether deliverable or internal, and in all
forms of media. See also Backup and Archiving below.

- [SUP.P140] - Manage Configurations
- [SUP.P170] - Manage Documentation
- [SUP.P150] - Manage Backup / Archiving of Material.
7.3 Customer supplied and hired-in Items
Define the procedures for the retention, handling and protection of any material
hired-in or supplied on loan by the customer, or other parties for use in conducting
the due diligence.
Include the requirements for the handling and preservation of any equipment or
spares that are procured by the project and either used during development/testing,
or simply stored, before onward delivery to the customer.

- [SUP.P160] - Control of customer supplier & hired-in material.

CGI USE ONLY
Projet : &PROJET
7.4 Backup and archiving
Define the procedures for backup and archiving of material used by the due
diligence. If the overall programme has backup and archiving procedures which are
applicable to due diligence, then this section need only refer to those.
This section needs to differentiate between routine backups against equipment
failures or operational accidents, and the formal archiving of controlled baselines at
milestones and delivery points:
 all legally significant items or specific issues for safety related projects should be
separately identified in this section
 disaster recovery and business continuity requirements relevant here are
confined to the completion of the due diligence exercise
- [SUP.P150] - Manage backup / archiving of material.
7.5 Quality control records
Define the requirements for the control and retention of all types of quality control
records, including: review records and meeting records.
- [SUP.P200] - Manage project quality
- [DO.P120] - Review.
The table in the following section summarises the types of reviews and associated
review records for a typical due diligence exercise.
This table MUST be reviewed and updated in order to address the specific
needs of each individual due diligence.
7.5.1 Review types and records
Key items to be Type of Reviewed Approval Review record

reviewed review against
Contract/ITP Formal ITT, proposal, CU, VLM, Recorded as part of Win
(external) SOW HLM Business
Contract changes Formal New CU, VLM, Change note
(external) requirements HLM [SUP.P130]
Due diligence project Formal Contract, DDM, VLM, Review record
and quality plan statement of HLM, (QA) [DO.P120]
work, Cortex
Due diligence report Formal (see Contract, ITT, DDM, VLM, Review record
note 1) proposal HLM, CU [DO.P120]
(see note 1)
Due diligence analysis Formal Requirements DDM, VLM, Review record
specification HLM [DO.P120]
Customer Informal N/A DDM, CU N/A
interview/meeting external
minutes
Key to table: CU = customer; VLM = Vertical Line Manager; HLM = horizontal Line Manager; DDM = Due
Diligence Manager; QA = quality assurance office for the subsidiary;
CGI USE ONLY
Projet : &PROJET
Note 1: The customer is only involved in the review of the due diligence report if it is a formal deliverable under
the contract/ITP, and only after it has passed all internal reviews.
7.6 Systems safety (if applicable)
Define the process for maintaining and controlling any safety procedures required
by the due diligence.
A separate safety management plan may be produced, in which case this section only
needs to refer out to the specific plan for details.
- [RUN.P130] – System safety management
- CMP-LCG032 – Safety related systems
7.7 Security (if applicable)
Define the process for maintaining and controlling any security procedures required
by the due diligence. This process must comply with any information security
standards applied by the customer.
Define the process for ensuring compliance with data protection and confidentially
requirements.
- [SUP.P40] –Manage security.
7.8 Health & safety of staff (if applicable)
Define the process for maintaining and controlling any health & safety procedures
required by the Due Diligence – eg for staff working out on site.

- [SUP.P50] –Manage health & safety.
7.9 Other support processes
This section is not mandatory but is the place to detail any other special lifecycle and
support procedures that are required. Delete if not needed.
Examples of other support processes that may need to be considered, either here or
appended to the relevant sections above, include:
 transport and accommodation logistics for staff
 physical security / access controls to sites.

CGI USE ONLY
Projet : &PROJET
8 Management processes
8.1 Contract change control
Define the procedures for contract change control with both the customer and any
sub-contractors to cover controlling changes in the scope of the due diligence,
assessing their impact and passing on cost and timescale adjustments to the
customer in a timely manner.

- [SUP.P130] - Manage change.
8.2 Customer complaints and satisfaction measurement
Define the procedure for handling customer complaints about the conduct of the due
diligence. Address the requirements for the measurement of customer satisfaction
with the due diligence – typically, this will be in conjunction with the account
management processes and bid/programme management, and as a part of the overall
management of the Company’s relationship with the customer.

- [MRL.P80] - Manage customer’s complaints
- [MRL.P90] - Manage customer’s satisfaction planning controls
8.3 Planning and estimating
Define the approach taken to planning the due diligence and the control over the due
diligence project and quality plan. define how due diligence effort and timescale is
estimated and tracked.

- [MPJ.P30] - Plan project
- [MPJ.P40] - Detail project process
- [MPJ.P50] - Review plans
- [SUP.P200] - Manage project quality
- [RUN.P130] - Systems safety management
- CSM-PP-PD - Plan project - process description
- CSM-DPP-PD - Detail project process - process description.
8.4 Work delegation and monitoring
Define the processes and procedures for allocation, recording, monitoring and
acceptance of planned work.

- [MPJ.P30] - Plan project
- [MPJ.P60] - Track progress
- [MPJ.P80] - Control project
- [DO.P10] - Apply work instructions
- [SUP.P10] - Initiate support work processes.
CGI USE ONLY
Projet : &PROJET
8.5 Subcontract/supplier controls
Define the processes and procedures to be applied to sub-contractors.
Note that subcontractors, suppliers and partners must be regarded as stakeholders in

the project – see also section 9.1 (Identification of stakeholders).

- [BUY.P30] - Qualify Subcontractor
- [BUY.P70] - Buy & Proceed
- [SUP.P130] – Manage Change
- [SUP.P210] – Manage stakeholders
- [BUY.P85] – Manage Subcontractors
- [BUY.P90] - Order Acceptance and Supplier Performance Update.
8.6 Risk management
Define the processes and procedures to be used for risk management, both for the
due diligence as an exercise and the risk management associated with the
bid/programme as a whole (refer to the programme risk management procedures).
NB this section defines only the process, not where the risks themselves are defined,
nor their containment/contingency plans. See section 1.4 for related risk documents
eg (risk register)

- [SUP.P180] - Manage risks
- CSM-LCG038 - Managing project risk.
8.7 Status reporting
Define the status reporting procedures for the due diligence, both internally and to
the customer. where the due diligence is being tracked as part of a larger
programme, this section need only refer out to the programme reporting procedures,
but stating how the due diligence activity’s progress is fed into them

- [MPJ.P90] - Report project status
- CSM-TP-PD - Track project - process description
- CSM-LCG022 - Customer reporting.
8.8 Metrics
Define:
 the progress or quality measurements to be collated within the project

 the applicable requirements for the collection of ‘standard metrics’ (as defined
for all the subsidiary or business unit activities)
 any stakeholder requirements for specific measurements to be collected
CGI USE ONLY
Projet : &PROJET
 the mechanisms and any tools that will be used to gather them
 the project staff and methods that they will use to analyse, report and take
action on them
 the methods and mechanisms used to store the defined metrics
 the frequency of collation
 when they will be analysed, and how they’ll feed into the company’s
measurements and business process improvement activities.
For each identified metric, this section must define both the characteristics of the
metric to be collected, and the reason for its collection.

- [RUN.GF116.10] The global metrics lifecycle
- [SUP.P190] - Manage measurements collation.
The default process in [SUP.P190] may be further supported by local business
procedures.
8.9 Communication of knowledge
At appropriate times during the due diligence, the Due Diligence Manager should
identify items of interest to other parts of CGI (subsidiary, business unit, ILoB,
QA ...); specifically any improvements that can be made to the due diligence process
and templates. This is documented in the ‘lessons learned’ section of the due
diligence analysis. The gate 1 review meeting will review this and ensure that
adequate actions are, or have been, taken.
The harvest plan is first drafted during the bid phases, highlighting documents,
deliverables which are identified as being of wider interest. These should be noted
here and the PSR should comment on current status until completed, approved and
submitted to Our Knowledge. The harvest plan will cover both deliverables, metrics
and potential lessons learned.

- [MPJ.P110] - Disseminate project information
- [MPJ.P130] - Close project
- [SUP.P210] – Manage stakeholders.
8.10 Other management processes
This section is not mandatory but is the place to identify any other special
procedures that are required. Delete if not required.

CGI USE ONLY
Projet : &PROJET
9 Organisational processes
Describe any procedures that extend beyond the due diligence and are normally
catered for by other CGI, customer or third party functions in connection with the
due diligence. If this plan is not deliverable to the customer, section 9 can be deleted,
however the words in italics must still be addressed in writing the plan
CGI's assurance activities are designed to ensure that the requirements of our
customers are being met and that the work is being conducted within the Cortex
system. These activities focus on:
 identifying commercial, technical and quality (CTQ) risks and ensuring that they
are appropriately managed
 providing independent confirmation of the operation of Cortex through
monitoring and auditing across all our operations
 providing specific processes for special considerations that apply, such as
security, safety and export management.
9.1 Identification and involvement of stakeholders
For each phase and process of the service identify the particular stakeholders who
need to be involved.

- [SUP.P210] – Manage stakeholders.
9.2 Line monitoring
Define the specific line management monitoring activities that are regularly applied
to this due diligence.

- [RUN.P60] - Delivery management.
9.3 Quality assurance
Define the quality assurance activities carried out in CGI as far as they affect the
due diligence. For example CTQ audit of the bid.

> [RUN.GF112] Group quality assurance function.
9.4 Other organisational processes
Define any other specific process and procedures that apply to the due diligence
(such as export management) and identify:
 Organisations and roles
 Any CGI or external standards that are applicable to the organisational
processes and the extent to which they apply.
CGI USE ONLY
Projet : &PROJET
10 Charges plan
The section does NOT address issues of how costs relate to the contract value. These
are covered in the next section below.
If the plan is deliverable to the customer, then this section should be omitted
from any deliverable copies.
10.1 Professional costs
Give the staffing costs with time for the due diligence by inclusion of a plot of staff
charges versus time or a standard staff charges plan form.
The staff charges plan will normally be included as an appendix for ease of
generation of the document. The text in the section should summarise the forecast
total cost and any special features that arise, such as warranty provisions or unusual
inflation provisions.
10.2 Materials and expenses costs
Give the materials and expenses costs with time for the due diligence by inclusion of
a plot of materials and expenses costs versus time or a materials and expenses
charges plan.
The materials and expenses charges plans will normally be included as an appendix
for ease of generation of the document. The text in the section should summarise the
forecast total cost and any special features that arise, such as warranty provisions or
unusual inflation provisions.
10.3 Contingency provisions
Include the amounts to be set aside for contingencies against specific identified risks
related to the successful completion of due diligence.
This section should tabulate the contingency costs and likelihood of specific risks
identified in the section 1.4 of this plan and/or the risk register.

CGI USE ONLY
Projet : &PROJET
11 Financial plans
If this plan is deliverable to the customer, then only the first two subsections
(contract value and payments) of this section should be included in any
deliverable copies.
This section is only applicable if the customer is paying for the due diligence
under a separate project number. (It excludes other parts of the bid or resulting
programme).
11.1 Contract value
State the contract value (for due diligence) and provide any commentary on changes
in the pipeline.
The contract value should be that for which signed cover has been obtained. The
commentary should cover any other changes to value that may be foreseen, but
which don’t yet have written cover.
11.2 Payments
Give the following:

 the payment schedule (ie the amounts to be invoiced and when invoices can be
submitted)
 payment terms (ie how long our customer has to pay invoices)
 any retention of payments until acceptance (if applicable)
 bonds or other financial instruments which might affect project finances (if
applicable)
 any price indexation (if applicable).
The payments should be detailed in a table of amounts and associated dates or
milestones.
11.3 Cashflow
Give the planned cashflow and any cashflow charges that are anticipated by the
inclusion of a cashflow time plan (plot or report) and a commentary on any
significant points. The time plan will identify the key risk milestone dates (as
described in section 3.2), and the dates of any other milestones related to payments
or penalties.
11.4 Financial status
Summarise the financial status including forecast profit or loss by the inclusion of a
financial status report (plan) and a financial trends chart plot to summarise the
changes with time. Provide a commentary to explain any differences between the
plan and QMS columns.

CGI USE ONLY
Projet : &PROJET
Appendix A - - Due diligence issues log

The following is an example format for an issue log. It is presented as a table, but
may be easier to implement as a spreadsheet.
Issue Raised Description Status Resolution

No Date By Type Current Date By
IS.001
IS.002
IS.003
... Etc
Issue numbers are allocated sequentially from IS.001.

Raised date is the date on which the issue was initially raised.
Raised by is the initials of the due diligence team member who raised the issue
Type is one of ‘missing’, ‘inconsistent’, ‘inaccurate’ or ‘service’.
Description is a statement of the issue
Status current is the current status, which his one of raised, closed, duplicate or mitigated
Status date is the date when the status was last changed
Status by is the initials of the person who last changed the status
Resolution is any further information – usually associated with a change of status.

CGI USE ONLY

Servd DDPPQP Od211 - V03

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Servd DDPPQP Od211 - V03

Uploaded by

Copyright:

Available Formats

DUE DILIGENCE PROJECT AND QUALITY BD : &DO

Due diligence project and quality plan

Due Diligence Manager

725347437.doc Propriété de CGI 1 / 33

WARNING: customer visible plans

This is NOT suitable for distribution to a customer in this format. In order to

Remove the text ‘CGI use only’

Remove the following (sub-)sections from the document:

this warnings section

If formal customer agreement to the document is required by the contract,

For certain types of contract it may be necessary to replace some of these

Plans must not be circulated to a customer - even in draft - before ALL

725347437.doc Propriété de CGI 2 / 33

1 Introduction and summary............................................................................................................ 5

8.2 Customer complaints and satisfaction measurement.......................................................27

725347437.doc Propriété de CGI 4 / 33

1 Introduction and summary

Provide a brief overview of the customer and their business.

The main objectives of the due diligence are:

Amend the above list as required

1.3 Success factors

 Conducting the due diligence process in a professional manner which will

1.4 Risks identified

 customer staff availability to attend meetings due to work and holiday

 limited hours of access to customer data room containing their documentation

 restrictions on copying specific confidential customer documents.

1.6 Referenced documents

Title Reference Version/issue date

ITP from <customer > <filing> Dated <xx/xx/xxxx>

Title Reference Version/issue date

1.7 Document scope

725347437.doc Propriété de CGI 7 / 33

2 Scope of supply - deliverables and dependencies

2.1.1 Due diligence report

2.1.2 Due diligence analysis

This output is a document that identifies:

2.1.3 Issues log

2.1.4 Updated risk register

725347437.doc Propriété de CGI 8 / 33

Dependency Owner Timescale Description

725347437.doc Propriété de CGI 9 / 33

3 Plan, approach and work breakdown structure

 The key milestones (identified in section 3.2) with dates

 The interdependencies between the work packages, milestones and major

Provide comments on any unusual features or salient points in the plans.

3.3 Work breakdown structure / life cycle processes

Work Package Description Outputs

725347437.doc Propriété de CGI 10 / 33

Work Package Description Outputs

3.4 Initiate due diligence (WP1000)

3.5 Due diligence investigations (WP2000)

The purpose of the investigation is to gain an in-depth quantitative and qualitative

The investigation will be conducted by means of:

 examination of the customer documents provided

725347437.doc Propriété de CGI 11 / 33

The investigation is to cover both the responsibilities owned/undertaken directly by

3.5.2 Investigate applications (WP2100)

This stream covers the business purpose, reliability, build technology,

 <application 1> and its supporting database

Identify and reference checklists to be used.

3.5.3 Investigate infrastructure (WP2200)

1. Numbers, type, configuration and location of desktop systems

725347437.doc Propriété de CGI 12 / 33