What IPA Reviewers Actually Look For at Gate 3

Back to all posts

Gate 3 is the investment decision. It's the point where the programme asks for the money. And it's the gate where more programmes stumble than any other — because the evidence requirements are higher than anything that came before.

Gates 1 and 2 assess whether a programme has a credible strategic rationale and whether the outline business case holds together. The bar is relatively low. A coherent narrative, a reasonable cost range, evidence of stakeholder alignment. Gate 3 is different. Gate 3 asks: is this programme ready to commit public money at scale? The Full Business Case needs to demonstrate not just that the programme makes sense, but that every claim in the document is traceable to evidence.

Having been on both sides of this — preparing programmes for Gate 3 and sitting on review teams that assess them — the gap between what teams think reviewers want and what reviewers actually check is where most problems start.

What Gate 3 actually tests

Teams preparing for Gate 3 tend to focus on whether the Full Business Case reads well. They polish the executive summary, tighten the narrative, make sure the formatting is consistent. None of that matters to a review team.

What matters is whether the business case is evidenced. The Five Case Model — Strategic, Economic, Commercial, Financial, Management — provides the structure. Each case has specific criteria that the IPA expects to see addressed. But reviewers don't read the document from start to finish and score each section independently. They pull threads.

This is the part that catches teams off guard. A gateway review is not a document review. It's an evidence review that uses documents as its source material.

The thread-pulling technique

Here's how it works in practice. A reviewer opens the risk register and picks a high-severity risk — say, supply chain constraints on a critical material. Then they check: is this risk reflected in the cost contingency? Is it built into the schedule with appropriate float? Does the management case describe how this risk is being governed? Is there a named risk owner? Are there recent minutes showing the risk was discussed at programme board?

That's one thread. A single risk, traced across five or six documents. If the thread holds — if the evidence is consistent and traceable — the reviewer moves on. If it doesn't, they pull another thread from the same area. Two broken threads in the same domain and the review team has a finding.

The most common reason for AMBER/RED ratings at Gate 3 isn't poor analysis. It's cross-document inconsistency. Each document passes its own review, but together they tell contradictory stories.

This is why teams that prepare each case in isolation — Strategic Case written by strategy, Financial Case written by finance, Management Case written by the PMO — consistently underperform at Gate 3. The individual documents may be competent. But the programme-level story falls apart under thread-pulling because nobody checked whether the pieces fit together.

Five things Gate 3 reviewers always check

Every review team has its own focus areas, shaped by the programme's sector, scale, and history. But five checks come up on virtually every Gate 3 review.

1. Optimism bias methodology

Not the number — the methodology. "We applied 24% optimism bias uplift" tells a reviewer nothing. They want to know: which reference class did you use? What adjustments did you make for programme-specific factors? Is the methodology documented and traceable? Did you use the HMT supplementary guidance or an alternative approach, and if so, why? The number itself is less important than the audit trail behind it.

2. Benefits realisation framework

"A benefits realisation framework will be developed during the next phase" is the single most common sentence in Gate 3 business cases. It is also the sentence most likely to trigger an AMBER finding. By Gate 3, reviewers expect to see baselines measured, a monitoring and evaluation design in place, responsible owners assigned to each benefit, and a credible plan for how benefits will be tracked post-delivery. Intentions don't count. Evidence does.

3. Governance evidence

Every programme has a governance structure diagram. Boxes connected by lines, showing boards, committees, and reporting relationships. Reviewers look past the diagram and ask: is there evidence that this governance actually functions? Board minutes showing decisions were made. Action logs showing decisions were followed through. Escalation records showing the governance structure was used when problems arose. Structure without evidence of function is just a drawing.

4. Cross-document consistency

Schedule durations matching the assumptions in the cost estimate. Risk register entries reflected in the contingency allocation. Benefits claimed in the Strategic Case quantified in the Economic Case. Resource requirements in the Management Case aligned with the Financial Case headcount costs. Reviewers don't check every number, but they check enough to know whether the documents were written as a coherent set or assembled from disconnected workstreams.

5. Outstanding actions from Gate 2

Every previous gateway review produces recommendations and actions. At Gate 3, the review team checks whether Gate 2 actions were closed — and whether there's evidence of closure, not just an assertion. "Action 4: Closed" in a tracker is not evidence. A document showing the work was done, approved, and incorporated into the business case is evidence. Programmes that carry unresolved actions from Gate 2 into Gate 3 signal that they don't take the assurance process seriously. Reviewers notice.

How to prepare

The single most effective preparation for Gate 3 is a dry run. Not a read-through. Not a peer review of individual documents. A proper dry run where someone plays the reviewer, picks threads, and pulls them until they break.

Start with the risk register. Pick the top five risks and trace each one across every document in the bundle. Where does the thread break? Where is a risk described in the register but absent from the contingency calculation? Where is a mitigation action listed but not reflected in the schedule? Those breaks are your findings — and you want to find them before the review team does.

Then do the same with benefits. Pick the three largest monetised benefits and trace them from the Strategic Case through the Economic Case to the Management Case. Can you follow the logic from strategic objective to quantified benefit to monitoring plan without a gap? If not, fix it.

The programmes that pass Gate 3 first time aren't the ones with the best-written documents. They're the ones that found their own gaps first, fixed them, and could demonstrate that they had a systematic process for quality assurance. Reviewers can tell the difference between a programme that prepared and one that hoped for the best.

Programmes that conduct a structured dry run — with thread-pulling, cross-document checks, and evidence tracing — are significantly more likely to achieve a GREEN or AMBER/GREEN rating at Gate 3 than those relying on document-by-document peer review alone.

If you don't have someone internally who's sat on a review team and knows what thread-pulling looks like in practice, bring someone in who has. The cost of a two-day dry run is trivial compared to the cost of a RED rating and a six-month delay to your investment decision.