Project Governance:
Accountability and Risk
Management
Participant notes
This short course can be counted towards one of Governance
Institute of Australia’s Certificates (see over page for details).
© Governance Institute of Australia Ltd 2015
ABN 49 008 615 950
Short courses and Certificates
This short course constitutes one of Governance Institute of Australia’s Certificate courses on
successfully passing the online exam.
For more information, or to enrol in the Certificate course, please contact Governance Institute in
your state or visit www.governanceinstitute.com.au→Learning→Short courses & Certificates→
Request Short courses and Certificates handbook.
Professional development at Governance Institute of Australia
For further information regarding your study options, please refer to the ‘conclusion’ section within
these notes to explore your study options.
In-house training
Governance Institute also offers flexible in-house training solutions that specifically meet your
business needs. For more information, please contact Governance Institute in your state.
Disclaimer
Note that the materials for this course are issued to participants on the following conditions:
•
Neither Governance Institute of Australia nor its course authors and presenters purport to provide
legal or other expert advice on the subject matter contained in these materials or in their tutorial
presentation.
•
Neither Governance Institute of Australia nor its course authors and presenters are responsible
for the results of any action taken on the basis of the information in these materials or in their
tutorial presentation or any errors or omissions therein.
•
Governance Institute of Australia and its course authors and presenters disclaim any liability to
any person in respect of the consequences of anything done by any person in reliance upon the
contents of these course materials or their tutorial presentation.
Acknowledgments
Written and designed by:
David Berechree, Director, KPMG
Chris Wells FGIA, Project Director, Infrastructure Energy and Resources
Revised by:
Robert Posener, Managing Director, PMComplete Pty Ltd
Damian McKenzie-McHarg, Lawyer and Governance Risk Consultant
Copyright
Copyright strictly reserved. No part of these course materials covered by copyright should be reproduced or copied in any form or by any means
without the written permission of Governance Institute of Australia
© Governance Institute of Australia Ltd 2015
Contents
1
Introduction
1
1.1
1.2
What is the background to this course?
What is the aim of this course?
1
1
2
Definitions, principles and key elements of project governance
1
2.1
2.2
2.3
2.4
2.5
2.6
2.7
Corporate governance
What is a project?
Terminology
Project governance principles
What is project management?
Managing projects
Why is governance important?
1
2
4
7
11
11
12
3
Governance challenges
13
3.1
3.2
3.3
3.4
3.5
The business case
Project management lifecycle
Project management plan (PMP) and project registers
Program management office (PMO)
Project management standards and methodologies
13
15
15
16
17
4.
Project structure, roles, committees and functions
20
4.1
4.2
4.3
Project governance structures
Project roles
Project steering committee role and functions
20
21
24
5
Project status and progress reporting
29
5.1
5.2
5.3
5.4
5.5
The need for control
Project status and progress reporting
Project scope management
Time management
Cost management
29
29
35
36
37
6
Quality and risk management
40
6.1
6.2
Project quality assurance versus quality control
Risk management
40
40
7
Engagement and communication
45
7.1
7.2
7.3
7.4
Stakeholder management
Stakeholder analysis
Challenges of engagement
Communication
45
46
46
47
8
Measuring success
48
8.1
Project performance measurement
48
9
Conclusion
50
9.1
Good project governance
50
10
Resources
52
10.1
10.2
10.3
10.4
10.5
10.6
Legislation and regulators
Standards and guidelines
Governance Institute resources
Reference books
Reports and journal articles
Other resources
52
53
54
55
55
56
Project Governance: Accountability and Risk Management
1
INTRODUCTION
1.1
What is the background to this course?
The management of projects can be simple or complex, depending upon a range of factors (including
type, size, culture and numbers of people involved).
There are three common threads in the governance of a project:
1. Risk - Every project faces risks and it is often said that ‘the reason why we have project
managers is to minimise risk’. Minimising risk leads to more project successes
2. Governance - The requirement to ensure that project governance is correct. Who makes the
important decisions, how quickly and who is empowered to do what needs to be clearly
defined at the start of a project. Correct and workable governance is one of the leading
factors in ensuring that the project will be a success not only as a specific initiative, but in
terms of whether the project contributes to the organisation’s broader objectives
3. Accountability- Different enterprises have different accountability cultures. You can’t have
empowerment without accountability. Having clear (and correct) project accountabilities and
responsibilities also contributes significantly to the likelihood of a project being successful.
Because they are easily measured, many organisations still believe that getting the triple constraints
(of scope, time and cost) right is the way to measure project success — but this is too simplistic.
There is a better way, and this is examined in this course.
1.2
What is the aim of this course?
The aim of Project Governance: Accountability and Risk Management is to overview the elements,
objectives and governance priorities of project governance.
The key objectives are to:
•
examine the principles underpinning project governance
•
explore the key risk areas of scope, time and cost management
•
identify quality control approaches
•
assess reporting requirements
2
DEFINITIONS, PRINCIPLES AND KEY
ELEMENTS OF PROJECT
GOVERNANCE
2.1
Corporate governance
Justice Owen in the HIH Royal Commission defined corporate governance as ‘the framework of
rules, relationships, application systems and processes within and by which authority is exercised
and controlled in corporations’.
Governance Institute of Australia
1
Project Governance: Accountability and Risk Management
The ASX Corporate Governance Council (in the Corporate Governance Principles and
Recommendations, 3rd edition) describes corporate governance as encompassing the mechanisms
by which companies, and those in control, are held to account. Further, it articulates that corporate
governance influences how the objectives of the company are set and achieved, how risk is
monitored and assessed, and how performance is optimised. Effective corporate governance
structures encourage companies to create value, through entrepreneurialism, innovation,
development and exploration, and provide accountability and control systems commensurate with the
risks involved.
The Governance Institute believes that governance means the method by which an organisation is
run or governed, over and above its basic legal obligations. It has four critical elements which are
outlined in the following sections.
Transparency
The starting point is transparency of purpose. This clarifies why the organisation exists, what its
objectives are and what the measures of achievement are. It also means transparency of process so
that all stakeholders understand how things are done, as well as why.
Accountability
Who is responsible and to whom? What are they responsible for? What are the consequences if the
rules are violated? Accountability is a normal part of the exercise of responsibility. It enables those
conferring responsibility to monitor its exercise.
Stewardship
This involves the organisational decision-making undertaken so that those controlling the destiny of
an organisation do so not for their own benefit, but rather for the benefit of the range of individuals
and groups who have an interest in the affairs of the organisation, that is, the stakeholders.
Integrity
This refers to a culture committed to ethical behaviour and, the prudent discharge of responsibilities
for, and on behalf of, all stakeholders.
In any organisation, it is vital that the corporate governance framework extends to the project
activities undertaken.
2.2
What is a project?
A simple definition from the Project Management Institute’s A Guide to the Project Management
Body of Knowledge (PMBOK® Guide, 2004, 3rd edition, p 5) is: ‘A project is a temporary endeavour
undertaken to create a unique product, service, or result.’ Various other definitions exist, including
the following from Standards Australia (DR 01845 Draft for public comment, p 7):
A unique process, consisting of a set of coordinated and controlled activities with start and
finish dates, undertaken to achieve an objective conforming to specific requirements, including
the constraints of time, cost and resources.
2
Governance Institute of Australia
Project Governance: Accountability and Risk Management
The key features of a project can be articulated as follows:
•
It is discrete — it is a unique process with a defined scope and activity, so by nature it is a
temporary endeavour with a definite beginning and a definite end. ‘Temporary’ does not generally
apply to the product, service or result created by the project. Most projects are undertaken to
create a lasting outcome and/or to realise specific benefits.
•
It has a defined start and end point — the end is reached when the project’s outcomes and
benefits have been realised, or it becomes clear that the project’s objectives will not or cannot be
met, or the need for the project no longer exists and the project is closed. This does not mean that
the project is short in duration, as many projects last for several years. In every case, however,
the duration of a project is finite. Projects are not ongoing efforts.
•
It has a specified end deliverable — a project creates unique deliverables, which are products,
services or results. Projects can create:
– a deliverable that is produced, is quantifiable, and can be either an end item in itself, or a
component item
– a capability or capacity to perform a service, such as a new business function
– a result, such as outcomes, documents or IT systems.
•
It is unique, either in its end deliverable or its environment — an important characteristic of project
deliverables is ‘uniqueness’. However, the presence of repetitive elements does not change the
fundamental uniqueness of the project work.
Organisations perform work to achieve a set of objectives. Generally, work can be categorised as
either projects or processes, although the two sometimes overlap. They share many of the same
characteristics, in that they are:
•
performed by people
•
constrained by limited resources and time
•
planned, executed and controlled.
However, projects and processes differ primarily in that processes (normal operations) are ongoing
and repetitive, while projects are temporary and unique. The objectives of projects and processes are
fundamentally different. The purpose of a project is to realise its outcomes and benefits and then
close. Conversely, the object of an ongoing process is to sustain the business. Projects are different
because the project closes when its specific outcomes and benefits have been realised. Processes
are gradually adapted and improved or change in response to new objectives, but in either case, the
work continues. The value creation process is illustrated in Figure 1.
Governance Institute of Australia
3
Project Governance: Accountability and Risk Management
Figure 1: The value chain
Illustration
2.3
Terminology
Many terms used in project management have different meanings depending upon the methodology
being followed. Some common terms that have more than one meaning, depending on the
methodology, are outlined in the following sections.
Critical success factor (CSF)
Meaning 1 (incorrect): The measures that will be used to judge if a project was a success. This is
the definition of ‘success measure’.
Meaning 2 (correct): The factors that should be in place to ensure that the project will be a success
(for example, good project governance).
Issue
Meaning 1 (PRINCE2): A materialised risk.
Meaning 2 (PMBOK®): Something that needs to be resolved sometime, but not necessarily now.
This is also known as ‘a parking lot’, so that we don’t forget to resolve this issue.
Meaning 3: Any situation, action, problem or question arising during performance of the project,
which cannot be efficiently or effectively resolved within the project team.
4
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Task
Meaning 1 (Microsoft Project): A project activity that needs to be managed and occurs on the project
schedule).
Meaning 2 (Agile): Anything that needs to be done on the project including action items, defect
repairs, issues, risks, testing, changes and variations and schedulable activities.
Work breakdown structure (WBS)
Meaning 1 (PMBOK®): A hierarchical list of project deliverables, also known as ‘work products’, (that
is, a list of nouns).
Meaning 2 (PRINCE2 and Microsoft Project): A hierarchical list of project tasks to be performed (that
is, a list of verbs).
Similarly, there are many project management terms that are essentially synonymous. Some
common terms that have the same meaning include:
•
‘float’ and ‘slack’
•
‘goal’ and ‘objective’
•
‘deliverable’ and ‘product’ and ‘work product’ and ‘output’
•
‘schedule’ and ‘work plan’
•
‘task’ and ‘activity’
•
‘phase’ and ‘stage’ and ‘management stage’ and ‘sprint’ and ‘epic’
•
‘baseline’ and ‘budget’
•
‘achievement’ and ‘actual’
•
‘estimate’ and ‘forecast’
•
‘request for change’ and ‘change request’
•
‘error’ and ‘defect’ and ‘bug’
•
‘specification’ and ‘requirement’ and ‘product backlog item (PBI)’
•
‘quality review’ and ‘review’ and ‘inspection’
•
‘log’ and ‘register’
•
‘product release’ and ‘release’
•
‘product breakdown structure (PBS)’ and ‘work breakdown structure (WBS)’
•
‘net risk’ and ‘residual risk’
•
‘risk likelihood’ and ‘risk probability’
•
‘risk consequence’ and ‘risk impact’
•
‘positive risk’ and ‘opportunity’.
Also, there are terms that appear to be the same, but have slight differences. Some common terms
that have slightly different meanings include the following.
Governance Institute of Australia
5
Project Governance: Accountability and Risk Management
Change and variation
A change is an addition, change or deletion from the project’s major deliverable’s requirements.
A variation is an addition, change or deletion from the project’s environment. Examples include the
following:
•
Organisation: For example, the new system now has to be useable by the marketing department
as well as the sales department.
•
Geographic: For example, the new system now has be useable by our New Zealand sister
company staff.
•
Project lifecycle: For example, the project now has to provide a warranty period.
•
Methodology: For example, the methodology was changed while the project was in-flight, to now
require an additional phase or report.
Organisations must take care to define the terms that they are using, because the high turnover in
staff brings new personnel who have different backgrounds and experiences and assuming a
definition can lead to unintended consequences.
Correct terminology, used correctly
The term ‘project objective’ is not used in this project management language because:
•
these tend to be ‘motherhood statements’ that every project has and are all implied in the project
manager’s role
•
the focus should be more on delivering outcomes and benefits.
Examples of the confusion caused by poorly-defined objectives project include to:
•
deliver before time
•
deliver under budget
•
realise all of the planned outcomes
•
realise all of the planned benefits
•
manage the project according to the methodology
•
achieve a satisfaction rating of 5 from all stakeholders surveyed at the end of the
project
•
have no incomplete activities in any of the project registers when the project is closed
•
have no miscommunications during the life of the project
•
have no priority 1 and 2 defects unrepaired when the new system goes into production
•
have no priority 1 and 2 defects found in production within the warranty period (that is,
first 90 days)
•
have no project team members voluntarily leave the project
•
have no contractual issues with the selected vendor.
The terms used throughout this course are based on the PMBOK® definitions.
6
Governance Institute of Australia
Project Governance: Accountability and Risk Management
2.4
Project governance principles
Guidance on project governance is established in Australia primarily through Information Technology
(IT) standards development via Standards Australia. This includes:
•
AS 8015–2005 — Corporate governance of Information and Communication Technology (ICT)
•
DR 08145 — Corporate governance of projects involving IT investments (draft standard).
Standard Australia’s AS 8015–2005 provides a governance model for boards and senior
management of organisations in relation to their responsibilities in guiding and monitoring the use of
information technology (IT). The Standard is designed to assist them in making appropriate decisions
and it recommends that directors govern IT through three main tasks:
1. evaluating the current and future use of IT
2. directing preparation and implementation of plans and policies to ensure that use of
IT meets business objectives
3. monitoring conformance to policies, and performance against the plans
Figure 2 illustrates the AS 8015-2005 approach.
Figure 2: AS 8015–2005: Model for corporate governance of ICT
Source: AS 8015–2005. Reproduced with permission
The draft standard for corporate governance of projects involving IT investments (DR 08145)
explains how to apply this process model when investing in new or changed IT. Although this is
focused on projects with an IT component, the principles can be easily applied to projects of a
general nature.
Evaluate
Directors should evaluate investment decisions and expected project outcomes and benefits to
ensure that they are aligned with business objectives.
Governance Institute of Australia
7
Project Governance: Accountability and Risk Management
While directors may not be involved at a detailed level in most projects, they should evaluate the
overall portfolio of projects involving investment in IT, as well as the major IT investment in making
judgments on whether the benefits and risks associated with the investment are justified. Directors
should take account of both current and future business needs, as well as opportunities and risks
arising from technology.
Ongoing evaluation of projects and investment decisions should be undertaken at all levels of
delegated authority to ensure that projects only initiate and continue if the organisation receives
value from the investment.
The board and senior management of an organisation should periodically assess the effectiveness of
the governance arrangements.
Direct
Directors and senior managers should direct the establishment of a framework for project
governance appropriate to the size and risks of the organisation. This includes:
•
clearly defined policies, processes, procedures, check lists, standards, guidelines and templates,
as well as responsibilities and accountabilities for project decision-making
•
agreed criteria and mechanisms for project priority-ranking
•
strategies for the development of project management capability within the organisation.
Directors should encourage a culture of good governance of IT in their organisation by requiring
managers to provide timely information, to comply with direction and to conform to the principles in
the framework.
Monitor
Directors, senior managers and those with the delegated authority for governance of projects should
monitor, through appropriate measurement systems, the performance of projects involving
investment in IT against approved plans and business cases. This includes monitoring the progress,
delivery, and quality and risks across the portfolio of projects, ensuring that reporting mechanisms
highlight major issues and risks.
Directors should also monitor the performance of the project governance mechanism as a whole, and
by requiring processes such as independent assessments and post-project reviews to determine
whether the organisation has the capacity and capability to deal with the risk and complexity of the
projects being undertaken.
In considering all these elements, it should be noted that projects involving major IT investments can
be complex and fraught with risk for the organisation. There are many examples of failed IT projects
that have led to huge financial losses (where projects are abandoned or huge cost overruns and
delays are incurred) and losses due to an inability to provide basic IT dependant services.
AS 8015–2005 Principles
AS 8015 sets out six principles for good corporate governance of ICT, which apply to most
organisations. However, the application of the principles will vary depending on the size and specific
business operations of organisations, as articulated by AS 8015.
•
Principle 1 — Establish clearly understood responsibilities for ICT.
Ensure that individuals and groups within the organisation understand and accept their
responsibilities for ICT.
•
Principle 2 — Plan ICT to best support the organisation.
Ensure that the project plans fit the current and ongoing needs of the organisation and that the
project plans support the corporate plans.
8
Governance Institute of Australia
Project Governance: Accountability and Risk Management
•
Principle 3 — Acquire ICT validly.
Ensure that the project acquisitions are made for approved reasons in the approved way; on the
basis of appropriate and ongoing analysis. Ensure that there is appropriate balance between
costs, risk, long-term benefits.
•
Principle 4 — Ensure that ICT performs well, whenever required.
Ensure that ICT is fit for its purpose in supporting the organisation, is kept responsive to changing
business requirements, and provides support to the business at all times when required by the
business.
•
Principle 5 — Ensure that ICT confirms with formal rules.
Ensure that ICT conforms will all external regulations and complies with all internal policies and
practices.
•
Principle 6 — Ensure that ICT use respects human factors.
Ensure that ICT meets the current and evolving needs of all the ‘people in the process’.
GoPM
In addition to AS 8015, good guidance is provided by the Association for Project Management (APM)
in the UK through their publication Directing Change: A Guide to Governance of Project Management
(GoPM).
In this Guide, the governance of project management concerns those areas of corporate governance
that are specifically related to project activities. Effective governance of project management ensures
that an organisation’s project portfolio is aligned to the organisation’s objectives, is delivered
efficiently and is sustainable. Governance of project management also supports the means by which
the board, and other major project stakeholders, are provided with timely, relevant and reliable
information.
Figure 3: GoPM
Source: Association for Project Management, 2004, Directing Change: A Guide to Governance of Project Management.
Reproduced with permission.
Figure 3 illustrates that project governance is a subset of corporate governance. It also represents
that most of the methodologies and activities involved with the day-to-day management of individual
projects lie outside the direct concern of corporate governance.
Governance Institute of Australia
9
Project Governance: Accountability and Risk Management
Based on governance requirements and on the discipline of project management, the following
principles have been identified by GoPM as necessary for effective governance of project
management:
•
The board has overall responsibility for governance of project management.
•
The roles, responsibilities and performance criteria for the governance of project management
must be clearly defined.
•
There are disciplined governance arrangements, supported by appropriate methodology and
controls in place, and these are applied throughout the project lifecycle.
•
A coherent and supportive relationship is demonstrated between the overall business objectives
and strategies and the project portfolio.
•
All projects have an approved plan containing authorisation points at which the business case is
reviewed and approved. Decisions made at authorisation points are recorded and communicated.
•
Members of delegated authorisation bodies have sufficient representation, competence, time,
authority and resources to enable them to make appropriate decisions.
•
The project business case is supported by relevant and realistic information that provides a
reliable basis for making authorisation decisions.
•
The board or its delegated agents decide when independent scrutiny of projects and the project
management methodology is required, and implement such scrutiny accordingly.
•
There are clearly defined criteria for reporting project status and progress and for the escalation of
risks and issues to the levels required by the organisation.
•
The organisation fosters a culture of improvement and of frank internal disclosure of project
information.
•
Project stakeholders are engaged at a level that is commensurate with their importance to the
organisation and in a manner that fosters trust.
The GoPM Guide directs how a board might address four main components of the governance of
project management, namely:
•
portfolio direction
•
project sponsorship
•
project management effectiveness and efficiency
•
disclosure and reporting.
The Guide also offers practical questions that should help decide what actions to take to comply with
these principles.
There are other Standards that impact on both corporate and project governance, including the
following:
•
Control Objectives for Information and Technology (COBIT)
•
Sarbanes-Oxley Act of 2002 (US)
•
The Committee of Sponsoring Organisations of the Treadway Commission (COSO)
•
The Open Group Architecture Framework (TOGAF).
10
Governance Institute of Australia
Project Governance: Accountability and Risk Management
2.5
What is project management?
A Guide to the Project Management Body of Knowledge (PMBOK® Guide) defines project
management as the application of knowledge, skills, tools and techniques to project activities to meet
project requirements. Project management is accomplished through the application and integration of
the project management processes of initiating, planning, executing, monitoring and controlling, and
closing, as illustrated in Figure 4.
Figure 4: Project management process
Source: PMBOK® Guide -Reproduced with permission
Managing a project includes:
•
identifying requirements
•
establishing clear and realisable outcomes and benefits
•
balancing the competing demands for quality, scope, risk, time and cost
•
adapting the specifications, plans, and approach to the different concerns and expectations of the
various stakeholders.
It involves the management of all the elements of the project, including:
•
planning
•
monitoring and control
•
people.
High-quality projects deliver the required product, service or outcomes and benefits within scope, on
time, and within budget. This is often described as a ‘triple constraint’ — project scope, time and cost
— in managing competing project requirements. Project quality is affected by balancing these factors
as well as risk.
2.6
Managing projects
Why do are some projects successful and some projects fail? Surveys regularly highlight the high
incidence of project failure. The results from the KPMG International Program Management Survey in
2003 highlighted that 57 per cent of organisations surveyed internationally have experienced at least
one project failure (using their own definition of success/failure). Of those organisations able to
determine the magnitude of the project failure(s), the average cost of project failure was US$10.4
million.
The major reasons for failure were described as:
•
unclear/changing scope requirements
•
poor project management
•
poor resource management
•
poor cost management.
Governance Institute of Australia
11
Project Governance: Accountability and Risk Management
Poor project management is frequently given as a reason for project failure. This highlights that
project management is no longer a ‘nice to have’ optional extra; it must be a core competency of an
organisation.
In 2005, KPMG’s Global IT Project Management Survey observed that there was an increase in
project activity, with an increase in the number of new projects, project complexity and total project
budgets. However, it was noted that there was still variability in organisations’ ability to deliver value
from these investments. In other words, projects are not delivering on their promises. Specifically:
•
49 per cent of participants experienced at least one project failure in the previous 12 months.
•
In this same period, only 2 per cent of organisations realised planned benefits all the time.
•
86 per cent of organisations lost up to 25 per cent of planned benefits across their entire project
portfolio.
To the detriment of stakeholders, organisations are making commitments, but not always delivering
on outcomes.
Governance plays a key role in fostering project success and delivering value. Effective project
governance needs to run end-to-end, starting at least with an in-depth business case. On the positive
side, the survey found that business cases are the norm in the majority of organisations. However,
specific aspects believed to be critical for a business case were often omitted. For example, how can
you make effective decisions when you do not know the project scope, major risks or major
assumptions? These were missing in over one third of organisations.
In addition, while rigour might surround the initial approval of funds, governance then tends to ‘fall
away’. Often projects get access to the entire funds upfront, rather than being staged, subject to the
achievement of particular milestones.
Often executive involvement is too focused on project-approval activities. Once funds are released,
most organisations do not continue the same rigour through ongoing governance processes,
including active executive involvement and monitoring and measuring benefits actually realised.
For example, only 13 per cent of organisations provide funding to projects following the achievement
of milestones, with 61 per cent still providing funding up front in a lump sum (even if over multiple
budgetary periods). Pay for performance is rare. Furthermore, only 20 per cent of organisations had
any formal criteria to cancel projects or put them on hold.
The support and involvement of top management are generally accepted as a critical success factor
in achieving success. Yet, while 30 per cent of projects report to the board, the degree of awareness
can generally be challenged.
Fifty-one per cent indicated boards have only a limited awareness of project benefits and risks. Of
equal concern is that 20 per cent of executives also have only this basic level of awareness.
Commentary still referred to the lack of executive involvement, and this was the third most popular
reason offered for project failure.
For all significant projects, the board’s decision-making process is critical, with key considerations
being budget, timelines and benefits. In the integrated governance model, the board’s role does not
stop with the initial project approval.
2.7
Why is governance important?
Governance is the layer that sits between making a commitment and achieving it. It is the process of
assessing, directing and monitoring whether outcomes and/or benefits are being realised (or likely to
be realised) from projects. Governance is as much about performance as it is about compliance and
control.
12
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Good governance over projects means establishing effective processes that extend throughout the
lifecycle, including:
•
initiating projects with a robust business case
•
funding projects which will yield the greatest value
•
funding based on achievement of agreed milestones
•
ongoing monitoring of project’s performance
•
measuring the value received
•
closing projects that are unlikely to deliver agreed outcomes and/or benefits.
Effective project governance cannot occur in isolation and needs to be an integral part of an
organisation’s overall governance framework. The governance debate has inherently brought a
stronger focus on improving the governance over projects, but this has arguably not progressed as
rapidly or as extensively as other governance domains, since project governance relies on the
integration of all other areas.
Ultimately, governance over projects seeks to provide answers to some key organisational questions:
•
How closely aligned are our projects with our business objectives and strategy?
•
Do we clearly understand the value we will receive from our project investment and when will we
receive it?
•
What are our major project risks?
•
How do all of our projects impact each other?
•
Which project should have priority over others?
•
Which are our underperforming projects?
•
What is our organisation’s capability and capacity to deliver and absorb all this change?
3
GOVERNANCE CHALLENGES
3.1
The business case
The business case is a description of the reasons for the project and the justification for undertaking
the project, based on the estimated cost of the project, the risks and the expected benefits. The
business case addresses the entire scope of change to the business that is impacted by the project.
The business case is the most important set of information for the project. It drives the decisionmaking processes and is used continually to align the project’s progress to the business objectives
and benefits that are defined within the business case.
The business case should be developed at the beginning of the project and maintained throughout
the life of the project, being reviewed by the project governance committee at each key decision
point, such as completion of each major phase.
The business case is expected to include:
•
an explanation of the reasons the project outcomes and benefits are needed
•
an outline of the various options that have been considered to deliver the required outcome, with
the ‘do nothing‘ option as the starting option. The recommended option should be indicated,
together with a summary of the reasons why it is recommended
•
identification of the benefits that it is claimed will be realised by the project’s outcomes and
benefits, in measurable terms which can be assessed after the project has been closed
Governance Institute of Australia
13
Project Governance: Accountability and Risk Management
•
a summary of the major risks facing the project that, if they materialise, would seriously affect
delivery of the outcomes and benefits, including details of how these risks will be managed
•
an investment appraisal showing the balance between the project’s costs against the financial
value of the benefits over a period of time, with the baseline for the investment appraisal being the
‘do nothing’ option (that is, a cost/benefit analysis)
•
an evaluation and final recommendation of the business case
•
the overall framework and approach for executing the project
•
the resource staffing levels necessary to perform project work
•
the project management infrastructure necessary to control the project effectively
•
the project scope
•
major deliverables
•
the schedule
•
resources
•
accommodation requirements
•
IT requirements
•
administrative support requirements
•
organisational structure.
The example below outlines the main points which would typically be covered in a business case
report:
Example Business Case Structure
14
1.
Executive summary
2.
Project strategy
3.
Project objectives
4.
Assumption analysis
5.
Benefits realisation analysis
6.
Break-Even/Payback analysis
7.
Cost /Benefit Analysis
8.
CAPEX / OPEX - cost allocation should include the following:-
9.
Cash flow analysis
10.
Capability analysis
11.
Do nothing analysis
12.
Impact assessment
13.
Procurement analysis
14.
Resourcing analysis
15.
Risk and contingency analysis
16.
Schedule analysis
Governance Institute of Australia
Project Governance: Accountability and Risk Management
3.2
Project management lifecycle
Between the start and the end, a project transitions through a defined lifecycle and project
management processes support the project lifecycle, as illustrated in Figure 5.
Figure 5: Project management processes
Source: PMBOK® Guide. Reproduced with permission.
3.3
Project management plan (PMP) and project registers
Key to any project is an effective project management plan. Note that this is a Word document — not
a Microsoft Project schedule. This document describes the processes by which the project will be
run. There should be one section in this document for each of the project management knowledge
areas (for example, time management, cost management, etc).
As an example, the time management section might include the following:
•
A project schedule will be developed and approved within one month of the project starting.
•
The project sponsor must approve the project schedule.
•
The project schedule baseline must be frozen immediately the business case is approved.
•
The project schedule will then be placed under formal change control.
•
The project schedule baseline may only be reset after formal approval by the project sponsor.
•
The project schedule must be reviewed with the project team members on a weekly basis.
•
The project schedule must be updated with both actuals and re-estimates within one day of its
weekly team review.
•
Vendors are required to submit updated project schedules in Microsoft Project 2007 format by
close of business every Friday.
Governance Institute of Australia
15
Project Governance: Accountability and Risk Management
•
The status and progress of the project schedule must be reported in the monthly project steering
committee meeting pack.
•
Any potential change to the project schedule that may cause the next major milestone or the
project end date to be missed by more than 5 per cent must be escalated to the project sponsor
as soon as it is identified.
The project management plan usually remains static during the life of the project. It is augmented by
separate project registers that are ‘live’ and are updated on a regular basis, sometimes daily.
Examples of common project registers include:
•
Action items register
•
Funding register
•
Assumptions register
•
Issues register
•
Benefits register
•
Lessons learnt register
•
Changes and variations register
•
Objectives register
•
Constraints and obstacles register
•
Outcomes register
•
Contingency reserves register
•
Pecuniary interests register
•
Contracts register
•
Procurable items register
•
Critical success factors register
•
RASCI chart
•
Defects register
•
Reviews register
•
Delays register
•
Risks register
•
Deliverables register
•
Risk materialisations register
•
Disputes register
•
Schedule
•
Documents register
•
Stakeholder assessments register
•
Expectations register
•
Success measures register
•
External dependencies register
•
Test scripts register
Not all projects have all of these registers. Keeping the changeable information in separate registers
rather than buried in a Word document, enables separation of the static information from the dynamic
information, and the employment of sophisticated project management tools (or just Microsoft Excel)
to manage the registers, reduce the amount of duplication and ensure that there is a single version of
the truth.
3.4
Program management office (PMO)
A project office is a function supporting a number of projects with prime responsibility for assembling,
coordinating, tracking, monitoring, maintaining and distributing key project information. The project
office is essentially an administrative function.
An evolution of the project office is the program management office (PMO), which is a strategic
function for consolidated tracking and reporting of multiple projects’ performance, communications,
coordination, ownership of project management policies, processes, procedures, check lists,
standards, guidelines and templates (also known as ‘the project methodology’), coordinating
interdependencies and prioritising projects, mentoring project managers, mentoring project sponsors
and managing the project management community of practice. The PMO is a ‘strategic’ function that
should cover a portfolio of projects.
16
Governance Institute of Australia
Project Governance: Accountability and Risk Management
3.5
Project management standards and methodologies
PMBOK® Guide
The Project Management Institute’s A Guide to the Project Management Body of Knowledge (ie the
PMBOK® Guide) is regarded as one of the project management profession’s most essential
resources — a global standard for the industry. It assists organisations in creating and shaping their
project management methodology. The PMBOK® Guide is not designed to function as a step-bystep, ‘how-to’ book, but rather to identify that subset of the project management body of knowledge
that is generally recognised as good practice.
The PMBOK® Guide has been recognised by several well-respected organisations, including the
American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers
(IEEE), the International Organization for Standardization (ISO) and Standards Australia (SA).
The PMBOK® Guide is organised into three sections:
1.
The Project Management Framework, which provides a basic structure for understanding
project management.
2.
The Standard for Project Management of a Project, which specifies all the project
management processes that are used by the project team to manage a project.
3.
The Project Management Knowledge Areas, which organises the 44 project management
processes into 10 Knowledge Areas.
Notes:
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Governance Institute of Australia
17
Project Governance: Accountability and Risk Management
The PMBOK® Guide is currently in its fifth edition, released in 2012.
Figure 6: PMBOK Knowledge Areas
Source: Project Management
Institute, 2004, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Pennsylvania, 3rd ed.
PRINCE2
PRINCE2 (which stands for PRojects IN Controlled Environments) is recognised as the international
de facto methodology for project management, as it provides a flexible and adaptable approach to
project management. It is a project management methodology designed to provide a framework
addressing the wide variety of disciplines and activities required within a project. The focus
throughout PRINCE2 is on the business case, which describes the rationale and justification for the
project. The business case drives all the project management processes, from initial project set-up
through to successful finish.
PRINCE was first developed by the UK government in 1989 as the standard approach to IT project
management for the UK government. Since then, the methodology has been enhanced to become a
generic, best-practice approach suitable for the management of all types of projects, and has been
widely adopted and adapted by both the public and private sectors in the UK and globally. PRINCE2
is a generic, adaptable, simple-to-follow project management methodology. It addresses how to
organise, manage and control projects and it is aimed at enabling the project manager to
successfully deliver the right deliverables, on time and within budget. It follows a lifecycle approach to
project management.
18
Governance Institute of Australia
Project Governance: Accountability and Risk Management
However, PRINCE2 does not address all aspects of project management (for example, procurement
leadership and people management skills, detailed coverage of project management tools and
techniques.
The PRINCE2 methodology is documented in the publication Managing Successful Projects with
PRINCE2. This core book is supported by a number of complementary publications which add
guidance on how to tailor the methodology, how to manage people in a PRINCE2 project, and
outlining the benefits to a business when adopting a PRINCE2 approach.
Figure 7: PRINCE2
Source: Office of Government Commerce (UK), 2009, Managing Successful Projects with PRINCE2.
Agile
There are a number of Agile methodologies. The Agile methodologies provide an alternative to more
traditional approaches and most are designed for software development. Some only address
software development and do not address risks, outcomes, benefits, organisational change
(transformation), etc.
Agile does not mean ‘no documentation’. Its underlying mantra is ‘if it doesn’t add value, don’t do it’.
It therefore requires significantly less formality than other methodologies.
Organisations must have formal guidelines for when it is appropriate to use Agile methodologies.
Governance Institute of Australia
19
Project Governance: Accountability and Risk Management
While Agile methodologies employ a strong empowerment model, they still require project
governance.
4.
PROJECT STRUCTURE, ROLES,
COMMITTEES AND FUNCTIONS
4.1
Project governance structures
Projects are typically part of an organisation that is larger than the project. The maturity of the
organisation with respect to its project management methodology, culture, style, organisational
structure and PMO (see section 3.4) can also influence the project.
While there are some organisations whose operations consist primarily of projects and they are
structured along project lines, in the main, traditional functional organisational structures are used.
Therefore, every project should be aware of how the ‘host’ organisation’s structure and management
policies and processes affect the project structure.
Most organisations have developed unique and describable cultures. These cultures are reflected in
numerous factors, including, but not limited to:
•
shared values, norms, beliefs and expectations
•
policies, processes and procedures
•
view of authority relationships
•
work ethic and working hours
•
risk management maturity
•
failure, fear, fault, frankness, fearless, favourites and fun (7Fs) culture
Where multiple organisations are involved or there are cross-government agencies, additional
considerations will also be required to ensure that the project organisation structure is appropriate.
For additional discussion on the implications of organisational structure, refer to section 2.3 of the
PMBOK® Guide.
Within any project organisational structure, a number of key roles exist.
20
Governance Institute of Australia
Project Governance: Accountability and Risk Management
A generic project structure is outlined in Figure 8.
Figure 8: Project structure
Illustration
Generic project organisational structure
This project structure can be adapted to accommodate a range of project factors, including:
•
the size of the project
•
the range of stakeholders required to be integrated into the project
•
arrangements with project consultants or significant suppliers to the project
•
multiple organisations as business owners.
4.2
Project roles
The following list of project roles gives an indication of the type of accountabilities, responsibilities
and tasks generally allocated to those people involved in a project. As projects vary, including during
the timeframe of the project, the roles required will also vary, including the responsibilities and tasks
associated with those roles.
The following information provides an overview and a starting point for the roles required in a project.
The most crucial aspect is to have clearly assigned roles and responsibilities and clarity of
accountability within the project governance structure.
Project sponsor
The sponsor is the link between project management and governance and is accountable for:
•
delivery of overall project outcomes and benefits
•
buy-in and acceptance of the project within the organisation.
The sponsor must have authority and credibility within the organisation (that is, senior management).
Governance Institute of Australia
21
Project Governance: Accountability and Risk Management
Responsibilities include:
•
championing the project within the organisation
•
chairing the project steering committee
•
approving the project management plan and any subsequent changes to it
•
supporting the project manager in his/her responsibilities
•
providing advice and consent on scope changes and variations.
Project steering committee
Having a project steering committee is optional. If there is no project steering committee, then the
project sponsor assumes the role and responsibilities of the project steering committee. On first
inspection, this may seem to impose an additional time burden on an already time-poor senior
manager. However, it tends to be less because there is a lot less discussion and a single person
makes the decisions.
Key decision 1
Does the project steering committee make decisions or does it make recommendations to the project
sponsor? Who then makes the decisions?
Key decision 2
Does the project sponsor just another member of the project steering committee with an equal vote
or does the project sponsor have right of veto over the project steering committee?
Key decision 3
Is the project steering committee there to ‘steer the project’ (that is, looking down) or is it there to
‘steer the usage of the capabilities and outcomes delivered by the project’ into the wider organisation
(that is, looking sideways)?
The project steering committee is accountable for making timely and effective decisions that relate to
the project. The project steering committee members must have appropriate seniority and authority
to allow clear and timely decision-making, guidance and communication.
The project steering committee should be limited to a core group of individuals to represent the
business owners, with additional resources to be involved as required. Any additional members of
the project steering committee should be clear of their accountabilities and whose interests they are
representing.
Responsibilities include:
•
monitoring by exception
•
ensuring the proper checks and balances (financial and professional) are in place and functioning
•
resolving issues escalated by the project team
•
making decisions requested by the project team in a timely manner
•
verifying the achievement of deliverables and milestones
•
committing resources and budget on an enterprise-wide basis
•
authorising changes to the schedule baseline and/or cost budget
•
supporting the project manager
•
authorising the project team to make decisions
•
ensuring that the project delivers the required outcomes and benefits
22
Governance Institute of Australia
Project Governance: Accountability and Risk Management
•
educating peers and staff on the merits of the project
•
reviewing and approving quality and risk advisory reports.
Project manager
The project manager is accountable for accurately defining and appropriately resourcing the project,
and driving resolution of issues and risks across the organisation. The project manager must:
•
be able to influence and control project resources
•
have authority and credibility within the organisation
•
have sufficient project management skill and experience.
Responsibilities include:
•
coordinating the project team and managing internal and senior organisation relationships
•
coordinating reference and working group activities with the project team
•
coordinating consultant activities with the project team and other project groups
•
monitoring and controlling project activities that are assigned to or the responsibility of the
organisation
•
managing the project in accordance with the project management plan
•
identifying dependencies and initiating action plans as necessary
•
recommending initiatives and action to address identified gaps, issues and risks
•
accurately reporting project status and progress to the project sponsor and the project steering
committee, and escalating issues, risks and decisions as appropriate
•
ensuring effective delivery of elements of the project (as required)
•
managing all third parties contracted during the project lifecycle (as required).
Project team
The project team is led by the project manager and is accountable for the delivery of the project
deliverables relevant to their respective roles. The project team should comprise people who have:
•
management skills and experience
•
relevant technical skills and experience
•
relevant knowledge and understanding of the business.
The project team is responsible for completing the required activities for delivering project
deliverables.
Working groups
Working groups consist of specialist subgroups, established as required by the project, to produce
specified project deliverables. Accountability is for the delivery of specific deliverables within a
specific time under the direction of the project manager or member of the project team.
Governance Institute of Australia
23
Project Governance: Accountability and Risk Management
Reference groups/advisory board
Reference groups are established by the project to provide working forums or specialist advice to the
project team. There are usually limited specific accountabilities for these groups, with them being
available for input and guidance. Involvement of reference groups is usually on an ‘as required’ basis
and may involve the following activities:
•
participating in appropriate meetings and workshops
•
providing input and feedback on specific subject matters.
Consultants
Project consultants are engaged from outside the organisation to provide specialist advice or other
expertise to the project team. Accountabilities for these roles will vary from providing ad hoc advice to
being accountable for the delivery of specific project deliverables. The involvement of consultants
may be kept separate from the project team, or integrated within the project, similar to a contractor
role.
Quality and risk advisers
Large or complex projects generally engage one or more quality consultants to perform quality and
risk advisory roles. Typically, consultants in these roles are accountable for providing independent
advice over the quality assurance process and major risks associated with the project. This can
encompass a one-off type of review, but the role also tends to include an ongoing periodic monitoring
role.
The role primarily encompasses two elements as follows:
1.
Independent reporting on the status of the project, assessing progress to date
against the project plan and compliance with the stated process being followed.
2.
Proactive input to the project regarding enhancement to the project quality
assurance processes being employed, with a view to making it a success.
4.3
Project steering committee role and functions
For a larger project, an effective project steering committee may be important for the project’s
success. The primary function of a project steering committee is to take responsibility for the
business activities associated with a project, including ultimate responsibility for ’steering’ the
project’s major deliverable into use within the organisation. Members of a project steering committee
ensure these areas are being adequately addressed and the project remains in control. In practice,
these responsibilities involve five main functions:
•
approving changes and variations to the project and its supporting documentation
•
monitoring and review of the project’s performance
•
providing assistance to the project when required
•
resolving conflicts between the project and other projects as well as the wider organisation
•
formally accepting the project deliverables.
24
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Approval of changes and variations to the project
The project steering committee is responsible for approving major project documentation.
Specifically, the project steering committee approves:
•
prioritisation of project outcomes and benefits
•
cost budget
•
schedule baseline
•
major deliverables
•
schedule and budget constraints
•
risk minimisation strategies.
The project steering committee is also responsible for any major changes and variations to the
project. It should be provided with the following information in support of a proposed change:
•
nature and reason for the change or variation
•
impact of the change
•
revised project management plan, schedule, cost and resources if appropriate
•
suggested actions for the project steering committee to consider.
Changing or emergent issues may require the project scope to be adapted so that the project meets
the original or modified outcomes and benefits. The project steering committee is responsible for
approving or rejecting these changes to the project and for ensuring that additional resources are
provided for incorporating these changes, if required.
Monitoring and review of the project’s performance
The project steering committee reviews the status and progress of the project at least at the end of
each phase and determines whether the project team should progress to the next phase. It may also
do this on a monthly basis or on an ad hoc basis.
The review focuses on major project documentation and any variations in the key components, such
as outcomes and benefits, risk, schedule, costs, resources and deliverable quality.
Good project governance also includes access to a full suite of formal project reviews that can be
performed if desired. Some of the following reviews should be made mandatory for every project,
while others can just be optional. Projects that are reporting ‘green all around’ should be reviewed, as
well as those reporting ‘red’ (ie ‘troubled projects’) to:
•
ensure that they really are ‘green’, and
•
identify what is going ‘right’ so that this can be replicated in future projects.
The project management plan should detail:
•
the types of reviews necessary
•
when the reviews should take place
•
who is responsible for arranging and managing the reviews
•
who will undertake the reviews and who is responsible for accepting the reports produced by the
reviews.
Ideally, an independent (of the project, but not necessarily an external to the organisation) body or
person conducts these types of reviews and the cost for the reviews should be included in the project
cost budget.
Governance Institute of Australia
25
Project Governance: Accountability and Risk Management
Types of reviews include:
•
project start-up review
•
business case review
•
project health check
•
stage gate review
•
project closure review
•
post-project review
•
benefits realisation review.
A review conducted at the end of a project is a useful way of identifying issues and concerns that
may be relevant to other projects. These should be recorded in the lessons learnt register and will
form part of the organisation’s continuous improvement process. Often projects that have radically
gone wrong are audited, but many useful lessons can be gained from reviewing every project.
Depending on the needs or requirements of the project steering committee and project sponsor, one
or more of the following may be assessed:
•
Performance against planned outcomes and benefits.
•
Performance against cost budget.
•
Performance against schedule baseline.
•
Performance, quality and/or fitness for purpose of the deliverables.
•
Effectiveness of the methodologies followed.
•
Lessons learnt by key stakeholders.
•
Any other criteria (for example, critical success factors, success measures, etc), as determined by
the project steering committee, project sponsor or other funding or governing body.
These areas of review can be grouped into four categories. The project steering committee and/or
project sponsor may choose either to evaluate all categories or only selected categories.
The four categories are:
1.
project performance review
2.
project deliverable quality review
3.
project outcomes and benefits realisation review
4.
project management methodology review
Providing assistance to the project when required
The project steering committee assists the project sponsor business owner(s) and project manager in
completing the project by ensuring that the project is adequately resourced and has the backing of
people with authority.
Project steering committee members should be active advocates for the project’s outcomes and
benefits and help facilitate broad support for it. If project steering committee members represent the
interests of some or all stakeholder groups, they should facilitate the communication of these
interests. They may also help illustrate to stakeholders how the project serves these interests.
At times, outside of project steering committee meetings, the project team may also seek the
particular knowledge or experience of individual project steering committee members.
26
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Acceptance of project deliverables
Following review and/or acceptance by the project sponsor and/or business owner(s), the project
steering committee formally reviews and accepts project deliverables. Once these deliverables have
been accepted by the project steering committee, any changes must be formally approved.
To achieve this function effectively, project steering committee members must have a broad
understanding of project management concepts and the specific approach adopted by the project
team.
Project steering committee membership
For project steering committees to work effectively, the right people must be involved. Project
steering committee membership should be based on individuals’ skills and attributes, rather than on
their formal roles, and members may maintain membership of a project steering committee even if
their role within the organisation changes. However, representatives of important stakeholder groups
also should be included. Areas that may need to be represented include:
Refer Example - Project Ownerships
•
Project owner(s)
•
Application system owner(s)
•
Process owner(s)
•
Service owner(s)
•
Client owner(s)
•
Vendor owner(s)
•
Asset owner(s)
•
Product owner(s)
•
Data owner(s)
Project steering committee meetings
A project steering committee meets regularly throughout the lifecycle of a project to keep track the
progress of the project. The project manager should attend these meetings to be a source of
information for project steering committee members and to be kept informed of project steering
committee decisions. Ideally, the project sponsor should chair the project steering committee
meetings.
The project steering committee has responsibility for the project until the project’s outcomes and
benefits are realised. These outcomes and benefits may not be realised until after the project
manager and team have completed their involvement.
Notes:
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Governance Institute of Australia
27
Project Governance: Accountability and Risk Management
Figure 9: Empowered project team structure
Team Review Board
Architecture Consultant
Business Leader
Infrastructure Co-ordinator
Methodology Consultant
Project Co-ordinator
Project Director
Technical Leader
Vendor Manager
Project Support
Group
Project Team
Business Leader
Technical Leader
Business Staff
Technical Staff
Sponsor
IC
VM
(opt)
Business Leader
Project Review Board
Business Leader
Methodology Consultant
Project Co-ordinator
Project Director
Technical Leader
Sponsor
Technical Leader
PD
Architecture Cons.
Inspectors
Infrastructure Co-ord.
Methodology Consultant
Project Co-ordinator
Project Director
Sponsor
Insp.
Business Staff
Technical Staff
Inspectors
Business Staff
Technical Staff
Auditor
Vendor Staff
Facilitator
MC
AC
Project Co-ordinator
Vendor Manager
Interested Parties
Project Participants
Facilitator
Project Support Group
Project Team
The Board
Auditors
IT Department
Customers
Supporting Departments
Vendors
Related Companies
Governments
Senior Management
Stakeholders
Interested Parties
Project Participants
Project Review Board
Project Team
Team Review Board
Illustration
Notes:
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
28
Governance Institute of Australia
Project Governance: Accountability and Risk Management
5
PROJECT STATUS AND PROGRESS
REPORTING
5.1
The need for control
There are three dimensions of control that exist within a project, as represented in Figure 10.
Figure 10: Three dimensions of control
Illustration
These three dimensions are interrelated:
•
A change in scope will invariably have implications for the cost of the project and/or the time it
takes.
•
A reduction in the time available will usually cause a cutback in deliverables, or increased cost of
overtime.
•
Cutbacks to the cost budget of a project will invariably reduce the deliverables of the project.
These three dimensions form the basis of reporting on the project against time, cost and delivering
the scope of the project.
There are usually other aspects that can impact on these three main dimensions (for example,
quality, risk and re-use).
5.2
Project status and progress reporting
Formalised regular reporting on the status and progress of the project is an integral part of the
communications management of the project. The frequency of status and progress reporting as well
as format may vary, depending on the size of the project and any special requirements of the project
steering committee and/or project sponsor but is usually defined by the methodology being followed.
Project status reporting is regular, formalised reporting on the progress of the project against the
business case, project management plan and project registers. Usually it is reported by the project
manager to the project steering committee, project sponsor or other business owners, depending on
the size and management structure of the project.
Governance Institute of Australia
29
Project Governance: Accountability and Risk Management
In order to make appropriate decisions, the project steering committee, project sponsor and/or
business owner needs to be informed properly about the status of the project. The project manager
should establish this reporting as part of the management activities for the project.
Another purpose for the project status report is to provide an ongoing history of the project, which
becomes very useful in terms of tracking progress, evaluating trends and reviewing project
compliance. Project status reports form part of the project review processes, both during and after
closing of the project.
It is extremely important to present this information in a consistent and useable manner. Some form
of visual ‘dashboard’ showing ‘traffic lights’ (ie red, amber and green as well as blue indicating ‘not
rated’) rating every one of the project management knowledge areas is preferable. Additional
information supporting each rating should be supplied as an appendix to the main project status and
progress report in such a way that readers only have to read it if they feel compelled to do so.
Figures 11 and 12 are illustrations of visual ‘dashboards’.
Figure 11: Example of a project status ‘dashboard’
Illustration
Notes:
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
30
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Figure 12: Example of a project status ‘dashboard’
Illustration
Generally, the project status and progress reporting content would be structured chronologically as
follows.
Report header
The report header includes the:
•
project name
•
project manager
•
percentage complete
•
date of report
•
period covered by the report
•
overall satisfaction barometer.
Project description
The project description includes the:
•
project purpose
•
project alignment
•
planned project outcomes and benefits.
Project performance
The project performance is illustrated using dashboard indicators for:
•
integration
•
scope
Governance Institute of Australia
31
Project Governance: Accountability and Risk Management
•
time
•
cost
•
quality
•
human resource
•
stakeholder
•
risk
•
communications
•
procurement
•
organisational change (transformation)
•
configuration management
•
deliverables.
The report would then provide the following information:
•
Executive summary of project status.
•
Description of what should have been completed for the last reporting period, together with
impacts of any achievement and non-achievement.
•
Description of what is being done to get the project back on track.
•
Description of what is planned for the next reporting period.
•
Decisions required of the project steering committee.
•
Date of next meeting.
The report concludes with appendices, one for each of the ‘traffic lights’, providing:
•
detailed explanation of status
•
baseline versus actual versus forecast
•
information in relation to major items only.
The satisfaction barometer, an example of which is illustrated in Figure 13, is a simple device for
eliciting, measuring and recording stakeholder satisfaction. It is a number between 1 and 9 that is
captured from each stakeholder each month. This tool provides useful ‘soft’ information, and
facilitates a targeted, fact-based dialogue with the project sponsor to ensure that the project sponsor
remains ‘happy’.
Notes:
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
32
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Figure 13: Project satisfaction barometer
The frequency of status reporting will vary, depending on the size of the project and the requirements
of the project steering committee and/or project sponsor. Importantly, the project status report forms
an integral part of the project, as information for the report is drawn from the project’s project
management processes.
Meetings should be scheduled regularly to discuss project status and progress, either verbally or
based on the written status report. The meetings should be often enough that progress could be
reported against a number of milestones since the last meeting. Ideally, the timing for the meetings
should be linked to key milestone dates.
In addition to regular status reporting throughout the project, end of phase and key milestone
reporting should also be performed to inform the project steering committee of the results of a phase.
The project steering committee can compare the results in terms of the deliverables, cost and time
against its approved baseline for that phase. This enables the project steering committee to commit
to future phases with the informed knowledge of performance of the preceding phase.
Notes:
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Governance Institute of Australia
33
Project Governance: Accountability and Risk Management
An example is provided in Table 1.
Table 1: Key milestone reporting
Milestones scheduled for achievement since last report and performance against
those milestones:
Baseline
Date 1
Estimated
Date
Advertise RFT for stakeholder
communication and organisational
change management completed
24 Aug 08
15 Dec 08
Advertising
will not now
occur until
2009
Draft non-functional requirements
completed
31 May 09
31 May 09
31 May 09
Business rules repository completed
31 May 09
31 May 09
31 May 09
Milestone
Achievement
Milestones scheduled for achievement over the next reporting period and changes in
those milestones with respect to the previous schedule:
Baseline
Date 1
Previous
Estimated
Date
End of day reconciliation process
implemented
1 Feb 09
31 May 09
31 Jul 09
Draft use cases completed
31 May 09
30 Jun 09
31 Jul 09
Expression of Interest for the
redevelopment of the system released
1 Jul 09
n/a
1 Jul 09
Milestone
Current Estimated Date
Impact of achievement/non-achievement of milestones for the remaining period of
the project:
Milestone
1
Impact
End of day implemented
Implementation date dependent upon related
update to system
Functional/non-functional business
requirements completed
Both the business requirements must be finalised
prior to issuing an RFT to redevelop the system
Business rules extraction from source
code completed
Finalisation required prior to issuing an RFT to
redevelop the system
EOI released
Delay in the release of the EOI will affect the
release of the RFT
Baseline dates as outlined in Project Plan
34
Governance Institute of Australia
Project Governance: Accountability and Risk Management
5.3
Project scope management
Project scope management includes the processes required to ensure that the project includes all
the work required, and only the work required, to complete the project successfully. Project scope
management is primarily concerned with defining and controlling what is and is not included in the
project.
The business case establishes the baseline scope for the project and is used to define the project
scope statement. This should include clear, documented benefits for the project, defined major
deliverables and criteria for their completion. It is important to explicitly define constraints,
assumptions, inclusions and exclusions to the scope of the project. The project scope statement
provides a common understanding of the project scope among all project stakeholders and describes
the project’s outcomes and benefits. It also enables the project team to perform more detailed
planning, guides the project team’s work during execution, and provides the baseline for evaluating
whether requests for changes or additional work are within the project’s boundaries.
The degree and level of detail to which the project scope statement defines what work will be
performed and what work is excluded, can determine how well the project management team can
control the overall project scope. Managing the project scope, in turn, can determine how well the
project management team can plan, manage, and control the execution of the project.
The project scope statement should include such items as:
•
project outcomes
•
project benefits
•
work breakdown structure (WBS)
– major deliverable scope description
– deliverable acceptance criteria
– project requirements
•
project boundaries
•
project constraints (eg fund limitation)
•
project assumptions.
The project scope statement establishes the baseline for ongoing performance measurement and
change control.
Two of the most common reasons for projects failing are:
1. not recognising changes and variations
2. not effectively managing changes and variations.
Management of changes and variations is a key element of controlling project scope.
Effective change and variation management means that all project participants should be
encouraged to document proposed changes or variations as they arise — rapid communication,
action and feedback reduce risk. Project team members also need to understand the change
management process, which should include a comprehensive register for control and communication
addressing all outstanding and completed items.
Ineffective recognition and/or management of changes and variations is/are a common cause of
project difficulties. Without a clearly agreed process, the probability of scope ‘creep’ is dramatically
increased, with consequent pressure on time, cost, resource and quality.
Governance Institute of Australia
35
Project Governance: Accountability and Risk Management
5.4
Time management
Project time management includes the process required to accomplish timely completion of the
project. This process addresses activity definition, sequencing, resource estimating, duration
estimating, schedule development and control.
Defining schedule activities involves identifying and documenting the work that is planned to be
performed. This process will identify the deliverables at the lowest level in the work breakdown
structure (WBS).Every item (noun) in the work breakdown structure will have one or more activities in
the schedule.
The project manager must ensure that the structure of detailed work follows phases and activities
established in the project methodology and needed to realise the outcomes and benefits, ensuring
there is no redundancy between or among detailed work plans. The sequencing of tasks and phases
that are interdependent is a critical aspect of time management.
Activity plan
The schedule should be broken down into phases with detailed work/activity plans and linked to
milestones and review points, as illustrated in Figure 14.
Figure 14: Activity plan
Illustration
When creating a schedule, good practice is to split phases into activities and split activities into subactivities. Small activities are easier to estimate and manage than larger phases.
Activities should:
•
usually be no less than one work day
•
usually be no more than five work days
•
usually have no more than one resource assigned to perform it.
Activities must be defined so that they are:
•
designed to produce a deliverable as part of an activity
•
the responsibility of an individual
•
finite with defined criteria for the start and end
•
a manageable unit of work
•
easily understood
36
Governance Institute of Australia
Project Governance: Accountability and Risk Management
•
measurable
•
be in the form of verb then noun (for example, ‘develop requirements specification’)
•
not embed contingency (contingency should be shown overtly as separate activities).
Milestones must be defined so that they are:
•
linked to physical completion of a deliverable
•
do not represent work activity
•
do not have any resources assigned
•
liberally placed throughout the schedule
•
occurring at least one per month
•
in the form of noun, then past participle (for example, ‘requirements specification completed).
When establishing dependencies between activities, project teams should ask ‘What needs to be
finished before this activity can start?’ and ‘What activities can start once this one is finished?’ It is
recommended that you minimise long strings of dependent activities, and execute activities in parallel
where possible and consider gaps and overlaps (this is known as ‘float’ and ‘critical path’).
Scheduling should minimise the total elapsed time, while maximising resource utilisation and
smoothing resources’ peaks and troughs. Consideration needs to be given to the constraints of
activity dependencies and resource availability. This is an iterative process.
Base lining involves taking a snapshot of the schedule at the start of the project after developing the
schedule, reviewing it and approving it. Throughout the project, actual achievement is recorded and
compared against the baseline.
Re-base lining should only be undertaken when the project sponsor and/or project steering
committee agrees to do so.
There are a number of reasons schedules go wrong, including:
•
bowing to pressure from the project steering committee to bring the project end date forward,
without risks being fully understood or mitigated
•
duration and effort estimates are optimistic
•
some of the work effort is left out of the schedule
•
dependencies are not identified correctly
•
scope creep
•
insufficient contingency.
Many projects don’t have a schedule! Instead, they have external estimated dates and optimistic
marketing wishes.
5.5
Cost management
Project cost management includes the process involved in planning, estimating, budgeting and
controlling costs so that the project can be completed within the approved budget. Project cost
management is primarily concerned with the cost of the resources needed to complete schedule
activities, together with any procured items or services. However, it should also consider the effect of
project decisions on the cost of using, maintaining and supporting the project, service or result of the
project.
Governance Institute of Australia
37
Project Governance: Accountability and Risk Management
When developing a project’s cost budget, consideration of what project resources will be required is
necessary. These will typically include:
•
human — the project team, internal resources and external resources (suppliers, contractors, etc)
•
equipment — this may range from heavy equipment, to computers, to specialised test
instruments and software
•
material — the materials needed for a project, which may range from USB sticks and stationery
to concrete
•
financial — the support needed to obtain funding and track benefits
•
contingency – the amount required to address cost estimate risks.
On business projects, the most significant costs are usually people-related.
When defining the project cost baseline, the project needs to consider:
•
internal versus external costs
•
costs with associated benefits, versus costs with no associated benefits
•
cost sharing with other projects and/or application systems
•
capital expenditure (CAPEX) versus operating costs (OPEX)
•
cost contingency provisions
•
timing of costs
•
availability of funds
•
hidden costs
•
milestone progress payments to suppliers.
Costs should be linked to the schedule and resource plans.
Estimating schedule activity costs involves identifying activity duration, assigning a resource to the
activity and then multiplying the resource’s unit cost rate by the duration to derive the cost of the
resources needed to complete each schedule activity. When preparing activity effort and duration
estimates:
•
estimate effort for each activity based on known productivity factors (for example, from a historical
data base of past projects)
•
add effort for support and overhead activities
•
add time contingency (based on the riskiness of the individual activities and ensuring that float is
taken into account as well as not adding contingency on top of contingency)
•
add resources available
•
calculate duration
•
add management and other support time
•
calculate costs.
Earned value technique
An established technique for cost performance measurement is the earned value technique, which
compares the cumulative value of the budgeted cost of work performed (earned) at the original
allocated budget amount, to both the budgeted cost of work scheduled (planned) and to the actual
cost of the work performed (actual). This technique is especially useful for cost management,
resource management and schedule management.
38
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Earned value is a project management technique for assessing actual project performance and
extrapolating this out to see by how much we will be over or under schedule and cost at the end of
the project. It measures what it should have cost us at this point in time versus what it has cost us. It
is NOT ‘how much revenue have we billed nor an accrual for revenue billing’. Earned value requires
accounting processes to measure budget, forecast and actual costs and percentage complete on a
monthly and timely basis.
An important part of cost control is to determine the cause of a variance, the magnitude of the
variance, and to decide if the variance requires corrective action.
The earned value technique uses three basic measurements:
1. planned cost — the budgeted cost of work scheduled (PV)
2. actual cost — the actual cost of work performed (AV)
3. earned value — the budgeted cost of work performed (EV)
From these three measurements, four performance metrics are derived:
•
cost variance = EV–AV
•
schedule variance = EV–PV
•
cost performance index = EV÷AV
•
schedule performance index = EV÷PV.
Earned value reporting can be used to graphically present the cost management trends of the
project, as illustrated in Figure 15.
Figure 15: Earned value versus planned value
Planned Value
2/
08
29
/0
1/
08
31
/0
2/
07
31
/1
1/
07
30
/1
0/
07
31
/1
30
/0
31
/0
9/
07
$1,000
$900
$800
$700
$600
$500
$400
$300
$200
$100
$0
8/
07
Thousands
Adaptation Release 5
Earned Value
Illustration
This earned value chart is similar to, but not the same as charting actual costs versus baseline costs.
Governance Institute of Australia
39
Project Governance: Accountability and Risk Management
6
QUALITY AND RISK MANAGEMENT
6.1
Project quality assurance versus quality control
Quality in any project is achieved when all deliverables are produced:
•
according to specifications and standards
•
to stakeholders’ needs and expectations
•
fit for purpose (meaning that they can actually contribute to organisational objectives in a
sustained and ongoing sense)
Achieving a balance between these variables is difficult, but critical to project success. It is
impossible to maximise simultaneously the project’s scope, quality, costs and schedule. A project
can be completed very quickly and at low cost, but quality will undoubtedly suffer. Similarly, a highquality project can be completed with a tight cost, but the project schedule will be elongated as
factors such as overtime and extra high cost resources are kept to a minimum. The project
manager’s role is to optimise all three factors.
As a means of determining if the users’ needs are being satisfied, quality focuses on three areas:
•
goals — Is the project achieving its outcomes, benefits and alignment?
•
methods — Are appropriate methodologies, policies, processes, procedures, check lists,
standards, guidelines and templates used effectively during the project lifecycle?
•
performance — Is the comparison of actual/achievement to baseline/budget a positive
experience?
Standards are a vital component in satisfying user needs. It is only through effective policies,
processes, procedures, check lists, standards and guidelines that the appropriate balance between
goals, methods and performance can be achieved. The policies, processes, procedures, check lists,
standards and guidelines defined in the project management plan provide the framework for
managing quality. By following this, quality becomes an integrated component of the project
management process.
There is a difference between quality assurance and quality control. Quality assurance is a
function that defines, then manages quality. Quality control is the process of measuring deliverables
against agreed measures and is far more relevant to evaluating project outcomes.
6.2
Risk management
There are always risks associated with a project. Project risk can arise both from the project itself (if
conceptually flawed) and, more commonly, its implementation. The purpose of risk management is to
ensure levels of risk and uncertainty are properly managed, so that the project is completed
successfully.
Risk is defined in AS/NZS ISO 31000:2009 as:
The effect of uncertainty on outcomes and benefits (such as pre-determined goals) at project
(level)
As the context is the impact on realising outcomes and benefits, risk management should consider
both:
•
maximising upside (things we can do more effectively)
•
minimising downside (things that may constrain).
40
Governance Institute of Australia
Project Governance: Accountability and Risk Management
In undertaking a risk assessment, an important concept is that of assessing gross risk versus net
risk:
•
Gross risk is the rating of a risk without having regard to the project controls and treatment
strategies established to manage it. It allows us to understand the importance of each risk to the
project (that is, what are the important risks to manage well?)
•
Net (residual) risk is the rating of a risk after the project controls and treatment strategies in place
to manage it have been performed. It allows us to assess the capacity to influence and the
effectiveness of controls (in other words, how well are we managing risks and where can we
improve?)
Risk identification and rating
As risks are identified and the potential causes and consequences analysed, each risk is rated on the
basis of likelihood (‘probability’) and consequence (‘impact’), in order to determine a risk priority for
that risk.
The likelihood that the project will be exposed to each specific risk is determined considering factors
such as:
•
anticipated frequency
•
the external environment
•
the procedures, tools and skills currently in place
•
team commitment, morale, attitude
•
history of previous events.
One common likelihood rating scale is as illustrated in Table 2.
Table 2: Likelihood rating scale
Almost certain
5
Is expected to occur in most circumstances
Likely
4
Will probably occur in most circumstances
Moderate
3
Might occur at some time
Unlikely
2
Could occur at some time
Rare
1
May occur only in exceptional circumstances
Another common likelihood rating scale is: 0 per cent to 100 per cent.
Project risks are assessed in terms of the consequence of their impact on project outcomes and
benefits. Indirect financial consequences such as reputation, management effort and productivity are
also considerations. In addition, the cost, schedule, resource and quality impacts are considered.
The following table can be used to guide the assessment of consequences of each identified risk.
One common consequence rating scale is depicted in Table 3.
Governance Institute of Australia
41
Project Governance: Accountability and Risk Management
Table 3: Assessment of consequences
Consequence factors
Consequence category
Insignificant
(1)
Minor
(2)
Moderate
(3)
Major
(4)
Catastrophic
(5)
Reputation
of project
Slight impact/
isolated
impact
Segmente
d incidents
Systematic
incidents
Negative
public
exposure
with
significant
impact
Dramatic
undermining
of stakeholder
confidence
Manageme
nt/ project
governance
effort
An event, the
impact of
which can be
absorbed
through
normal
activity
An event,
the
consequen
ces of
which can
be
absorbed
but
manageme
nt effort is
required to
minimise
the impact
A
significant
event
which can
be
managed
under
normal
circumstan
ces
A critical
event
which with
proper
manageme
nt can be
endured
A disaster
with potential
to lead to the
collapse of
the project
Productivity
Minimal
impact
Impact <
10%
Impact
10%–25%
Impact
25%–50%
Impact > 50%
Impact on
project
budget
< $50k
$50k–
$100k
$100k–
$500k
$500k–
$1.5m
>$1.5m
Another common consequence rating scale is: 0 -10.
Through this analysis the risk priority for each of the identified risks is then calculated by multiplying
the consequence and likelihood rankings. The relationship of these factors and the resultant risk
rating is demonstrated in Table 4.
Table 4: Consequence and likelihood rankings
Consequences
Likelihood
Insignificant
Minor
Moderate
Major
Catastrophic
Almost certain
High
High
Extreme
Extreme
Extreme
Likely
Moderate
High
High
Extreme
Extreme
Moderate
Low
Moderate
High
Extreme
Extreme
Unlikely
Low
Low
Moderate
High
Extreme
Rare
Low
Low
Moderate
High
High
The risks identified and analysed are documented in the project’s risk register.
42
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Risks can also be presented in a risk profile with the movement in risks monitored over time as
illustrated in Figure 16.
Figure 16: Example of a risk profile monitored over time
Gross Risk
Almost certain
6
1
7
8
2
4
5
10
13
14
21
26
29
12
15
18
22
28
Likelihood
Likely
Moderate
9
11
23
27
19
20
17
24
25
Unlikely
3
Extreme
High
Moderate
Low
16
Rare
Insignificant
Minor
Moderate
Major
Catastrophic
Consequence
Net Risk
Almost certain
Likelihood
Likely
Extreme
High
Moderate
Low
6
7
19
3
9
10
11
1
2
4
12
14
17
22
5
13
21
23
26
27
29
8
Moderate
Unlikely
20
24
25
15
28
18
16
Rare
Insignificant
Minor
Moderate
Major
Catastrophic
Consequence
Governance Institute of Australia
43
Project Governance: Accountability and Risk Management
Transition from Gross Risk to Net Risk
(Extreme Risks only)
Almost certain
1
7
8
Likelihood
Likely
7
8
Moderate
Unlikely
3
10
26
29
14
2
4
5
10
13
14
21
26
29
1
2
4
5
13
21
3
Extreme
High
Moderate
Low
16
16
Rare
Insignificant
Minor
Moderate
Major
Catastrophic
Consequence
Risk management process
The main elements of the formal risk management process are described in AS/NZS ISO
31000:2009.
Basically, project risks should be identified, documented and analysed to enable risk management
actions to be developed, as shown in Figure 17.
Figure 17: Risk management process
Source: AS/NZS ISO 31000:2009
44
Governance Institute of Australia
Project Governance: Accountability and Risk Management
‘Risk treatment’ refers to developing for each of the major risks the following:
•
Avoidance plan – what are we going to do to ensure that this risk doesn’t materialise?
•
Mitigation plan – what are we going to do to minimise the consequences and/or the likelihood of
this risk?
•
Contingency plan – what are we going to do when this risk materialises?
In addition, there are options to avoid the risk altogether by deciding not to start or continue with the
activity (where this is practicable), sharing the risk with another party (for example, with a supplier preferably by mutual consent) or a conscious choice to retain the risk.
Treatment options for risks having positive outcomes (opportunities) are similar in concept to those
for treating risks with negative outcomes, although the interpretation and implications are clearly
different.
Risk management actions should consider balancing the costs of performing the risk treatment
against the costs that might be incurred if the risk materialises.
7
ENGAGEMENT AND
COMMUNICATION
7.1
Stakeholder management
It is important to develop an understanding of the values and issues that stakeholders have, in order
to address them and keep everyone involved for the duration of the project. If a project does not have
the necessary support from those providing resources and those who will be utilising the
deliverables, it is unlikely to be successful. The creation of a coalition of interest and support for the
project is important.
The stakeholders in a project are those individuals or organisations whose interests are impacted by,
or who can impact on the interests of, the project. The potential stakeholder community surrounding
a project can be difficult to identify because:
•
It is often a large, diffuse and amorphous series of groups.
•
The interests of stakeholders are usually so varied.
For the purposes of formalised stakeholder management procedures, classifying stakeholders into
groups is a useful tool and allows management strategies for like groups to be developed and
implemented. It also helps with identifying what the project requires from each group and what
actions they should be undertaking.
The management strategies adopted may be formal, informal, detailed or broad, depending on the
needs and size and complexity of the project. Stakeholder management activities will consume
project resources, therefore these activities should concentrate on what will contribute to the project’s
success or on where lack of communication will lead to project failure.
The nature of someone’s stake in a project will be peculiar to the circumstances of the project.
Classification of stakeholders may, and probably will, change as the project progresses.
Governance Institute of Australia
45
Project Governance: Accountability and Risk Management
7.2
Stakeholder analysis
Those entities that have an interest in a project should be identified and the nature of their interests
analysed. To undertake a project without a thorough understanding of every interest that is held in
the project is, very risky, and also professionally unacceptable. There are three forms of stakeholder
analysis that should be carried out during a project. These include:
1. foundation analysis — performed during project initiation
2. regular updates completed at the end of every phase
3. ad hoc updates carried out whenever events suggest that there has been a change
to the stakeholder environment
This analysis is best carried out by the project team in consultation with potential stakeholders or
representatives of potential stakeholder groups. It includes the following:
•
Identifying/reviewing all stakeholders.
•
Analysing the nature of each stakeholder’s interest (or stake).
•
Categorising/confirming as key and non-key, and prioritising based purely on your own judgments
about the ‘importance of the stakeholder’.
•
Performing/reviewing buy-in analysis for key stakeholders, that is, what is required to engage
them in the project and gain their commitment, and how to communicate with them.
Stakeholder analysis is used for a variety of purposes, including the following:
•
Management of change (transformation) — as a precursor to buy-in analysis.
•
Management of risk — threats are often uncovered (directly or indirectly) from an examination of
stakeholders.
•
Management of issues — analysis of stakeholders is one of the most fruitful sources of major
issues for a project.
•
Project promotion and marketing — knowledge of stakeholders helps focus marketing and
promotional activities in support of the project.
7.3
Challenges of engagement
Tactics for achieving and sustaining stakeholder engagement and commitment include the following:
•
Active involvement of all who can impact on or be impacted by, the project in the definition and
planning stages.
•
Support from the project manager for stakeholders who are impacted by, or who can impact
on, the realisation of the project’s outcomes and benefits. The project manager should establish
credibility and engender trust. Apart from having demonstrable skills, expertise and experience,
ways of legitimising actions include:
– establishing good personal relationships — expertise alone does not inspire trust and
credibility
– illustrating that actions are being driven by the needs of the stakeholders and that their needs
and requirements are being considered seriously
– using the recommendations of consultants, or established formal methodologies, to support
the project
– involving senior executives as project champions to lend the project authority.
46
Governance Institute of Australia
Project Governance: Accountability and Risk Management
•
Project communication and persuasion — others should be aware of the project and interested
in its proposed outcomes and benefits early in the project lifecycle, if their cooperation and
involvement are required later. The communication strategy should appreciate differences in
separate stakeholder groups and cater for their requirements.
7.4
Communication
The two major types of project communications are:
1. project status and progress reporting
2. project organisation change (transformation) communications
Communication is a major component of a successful project. The best way to approach
communication is to develop a clearly planned approach. Without effective communication, key
stakeholders could miss out on vital information and may not understand why change is needed.
In large and/or complex projects, all communication takes place in the context of an overall
communication strategy. It should involve the organisation’s communications manager or a
communication and marketing professional, depending on the nature of the key stakeholders
identified, the focus of the project or program of projects and the number of stakeholders needing
communications.
It is imperative that any project communication strategy that is developed defines the following:
•
Target audience — think about each stakeholder group and the target audience within it.
Determine whether their communication needs are:
– mandatory (for example, project status and progress reports, project steering committee and
reference group meetings)
– informational (for example, forums, project information on website)
– marketing purposes (for example, newsletter, one-on-one meetings, presentations on
outcomes and benefits, milestone celebrations, project memorabilia).
•
Research requirements — the need for research will vary with the complexity, cost and nature of
the project. Determine what types of research will be required.
•
Key messages — what are the three or four key points you want stakeholders to understand and
act on and/or be aware of? Consider what outcomes and benefits, such as educating, reassuring,
informing or consulting, your messages are intended to achieve.
•
Communication strategies — what are you going to do to get your messages across? (For
example, for a large complex project, is a major marketing campaign required? For a small
project, is it sufficient to give a presentation to staff that will be impacted by the change?)
•
Communication mechanisms/tools — which methodology and tool would be most appropriate
to implement your strategies? How are you going to get your messages across, and which tools
will suit which stakeholders? How will you solicit, obtain and process feedback (that is,
communications is two-way) and how will you know that your message is received and
understood correctly?
•
Priorities — who will be responsible for implementing each action and when?
•
Budget requirements — what are the costs associated with each action, and how much is
required and appropriate?
•
Monitoring and evaluation — whether and to what extent the outcomes and benefits have been
realised, and if not, why not?
•
Distinction between marketing and communication strategies in that:
– the communication strategy is aimed at ensuring ongoing commitment and support by all key
stakeholders for all aspects of the project
Governance Institute of Australia
47
Project Governance: Accountability and Risk Management
– the marketing strategy is aimed at ensuring project customers fully utilise the deliverables from
the project.
While both have an element of ‘selling’, marketing is focused on ‘selling’ the deliverables of the
project to the customers. Communication strategies are focused on ‘selling’ the project to the key
stakeholders.
Remember the following ‘golden rules’:
•
just the right amount of communications
•
bad news early
•
no surprises
•
bring solutions, not problems
•
open and honest communications
•
drive out fear (of retribution or punishment) (7Fs #1)
•
no blame or fault (it is just so) (7Fs #2)
•
it is OK to fail (just learn from it) (7Fs #3)
•
frank communications (don’t hide bad news or dress it up) (7Fs #4)
•
fearless conversations with senior management (don’t be intimidated by rank) (7Fs #5)
•
favourites (hot-buttons, barrow-pushing and pet employees) (7Fs #6)
•
fun (having) (7Fs #7).
8
MEASURING SUCCESS
8.1
Project performance measurement
Regardless of the size or complexity of the project, a measurement of the project’s success against
well-defined success measures is necessary. Establishing success measures helps with the
measurements taken during the project and after the project has finished.
These measurements include:
•
determining whether key success measures are being met
•
how well managed the project is
•
whether the specified project deliverables have been completed and/or accepted and the
outcomes and benefits realised.
Project management involves three stages of measurement as follows:
1. Pre-project measurements which generate the baseline metrics.
2. Measurements taken during the project which reveal whether key success
measures are being met.
3. Post-project measurements which reveal whether the completed project has
delivered the specified project.
48
Governance Institute of Australia
Project Governance: Accountability and Risk Management
As a general rule, evaluation of project performance can occur by way of:
•
an ongoing basis throughout the project by the project manager, project team members and the
project steering committee formally and informally assessing the project’s performance
•
independent (external or internal to the organisation) assessment of project performance by
suitably qualified personnel (for example, an external project management consultant or another
project manager or a member of the PMO)
•
a review undertaken at the end of a phase to enable the project steering committee to determine if
the project should proceed to the next phase
•
an external one-off review to determine if the project should continue — this type of review is
normally commissioned by the project steering committee if it has concerns whether the project
should be aborted
•
reviews conducted at the end and/or after the project is completed.
Establishing baseline metrics
It is important to establish pre-project metrics (measurements) for the success measures that will be
used to evaluate a project. These metrics should include evaluating how successfully the project was
executed, and to what degree the project realised its planned outcomes and benefits.
The baseline metrics should be documented in the success measures register, and should include:
•
planned outcomes
•
planned benefits
•
planned success measures
•
project deliverables
•
milestones
•
cost
•
resources
•
risks.
Determining if a project is in control
Project control is the process whereby evaluation is made to determine the degree to which the
project management plan is being followed. The focus is on if the project will be a success:
•
regular re-confirmation that all of the planned outcomes and benefits can be realised.
Evaluation can occur:
•
throughout the project by the project manager, project team members and the project sponsor
and/or project steering committee formally and informally assessing the project’s performance on
an ongoing basis
•
by individual (external or internal to the organisation) assessment of project performance by
suitably qualified personnel (for example, an external project management consultant or another
project manager or a member of the PMO)
•
by review undertaken at the end of a phase to enable the project steering committee to determine
if the project should proceed to the next phase
•
by external one-off review to determine if the project should continue — this type of review is
normally commissioned by the project steering committee if it has concerns whether the project
should be aborted.
Governance Institute of Australia
49
Project Governance: Accountability and Risk Management
For this reason, a project status and progress report should always include reporting against the
agreed performance measures for the project, to enable it to monitor effectively the project’s
management and progress. Control can be demonstrated by showing the existence of a project
management plan (including within it an outcomes and benefits realisation plan), and the satisfactory
realisation of the planned outcomes and benefits.
Assessing if a project has been or will be successful
Each stakeholder on each project may have their own version of success even if success measures
have been formally defined. This may change over the project lifecycle.
Some common success measures include:
•
on time
•
under budget
•
not using any management reserve
•
not using any contingency
•
all planned outcomes realised
•
all planned benefits realised
•
agreed quality of deliverables is achieved
•
deliverables are fit for purpose
•
conforms to all policies, processes and procedures
•
stakeholder expectations were respected and managed
This type of evaluation is usually conducted at the end of the project.
9
CONCLUSION
9.1
Good project governance
Good project governance is not just a subset of good corporate governance — it is also a vital part of
an organisation’s risk management and accountability framework.
Good project governance means:
•
establishing effective processes that are followed throughout the project lifecycle
•
initiating projects with a robust business case
•
ongoing monitoring of projects and measuring the value received
•
closing projects that are unlikely to deliver their planned outcomes, benefits and alignment
•
having an effective project sponsor
•
proactively managing stakeholders’ perception of your project
•
proactively managing risk
•
building quality into the deliverables
•
formalised, regular project status and progress reporting
•
measurement of the project’s success against well-defined success measures.
50
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Now is a perfect time to reflect on your role within the organisation and decide whether you are fully
equipped to carry out this important function. Governance Institute of Australia offers a number of
professional development courses.
Suggested pathways, to attain and consolidate your career qualifications and experience are outlined
below:
Courses
Benefits
Individual courses
The short courses cover a wide range of topics in
governance, risk management and Not-for-profits
In half a day gain the essential skills to apply in the
workplace to drive responsible performance
Improve skills and knowledge in corporate governance
and risk management
Meet compulsory CPD requirements (for all
Governance Institute Certificate members)
Short courses
For information or to obtain a handbook visit Governance Institute of Australia’s Short courses at
www.governanceinstitute.com.au → Learning → Short courses & Certificates → Request Short courses and
Certificates handbook
Certificates
Certificate in Governance Practice – six course
requirement which comprises of:
Two compulsory course and four elective courses
Certificate in Governance and Risk Management
– six course requirement which comprises of:
Four compulsory courses and two elective course
Certificate in Governance for Not-for-Profits
– six course requirement which comprises of:
Five compulsory courses and one elective course
Certificated membership
Post nominal GIA(Cert) on successful completion and
application for membership
Recognition of study – a maximum of two course
exemptions for a second certificate
Meet compulsory CPD requirements (for all
Governance Institute Certificate members)
For information or to obtain a handbook visit Governance Institute of Australia’s Certificates in Governance and
Risk Management at www.governanceinstitute.com.au → Learning → Short courses & Certificates → Request
Short courses and Certificates handbook
Post Graduate Certificate or Graduate Diploma (Risk)
Graduate Certificate of Applied Risk Management
Pass four subjects
(or)
Graduate Diploma of Applied Risk Management
and Corporate Governance
Pass six subjects
Provides a solid understanding of risk management
frameworks and compliance principles at an
organisational and global level with practical
application in the workplace
Associate and Fellow membership
Meet compulsory CPD requirements (for all
Governance Institute Associate members)
For information regarding Governance Institute of Australia’s advanced certificate qualification please visit
www.governanceinstitute.com.au → Learning → Postgraduate courses or contact National Education Manager
(t) 1800 251 849 (e) education@governanceinstitute.com.au
Governance Institute of Australia
51
Project Governance: Accountability and Risk Management
Courses
Post Graduate
Graduate Diploma of Applied Corporate
Governance*
Pass six subjects
Benefits
Associate and Fellow membership
Post nominal AGIA or FGIA on successful completion
and application for membership
Meet compulsory CPD requirements (for all
Governance Institute members)
*You may be eligible to enrol in the Graduate Diploma outside of this pathway
For information regarding Governance Institute of Australia’s fully accredited post-graduate qualification please
visit www.governanceinstitute.com.au → Learning → Postgraduate courses → Graduate Diploma of Applied
Corporate Governance → Request our postgraduate education handbook or contact National Education
Manager (t) 1800 251 849 (e) education@governanceinstitute.com.au
We suggest you explore Governance Institute’s study options with your chairman, chief executive or
director about how this training fits within the framework of your role and your organisation.
If you have any further questions please email: training@governanceinstitute.com.au.
10 RESOURCES
A crucial part of the role of officers and directors of any organisation is to keep up-to-date with
changes in legislation and regulations and current risk management issues and debate. There are a
variety of useful resources available examining current risk and risk management topics — including
websites, reference books, practice guides, reports and journal articles. Many useful resources are
accessible online. The following sections are designed to provide some useful starting points for
undertaking independent research into the areas of risk and risk management.
10.1
Legislation and regulators
Accessing legislation online
•
Australian Government, ComLaw, www.comlaw.gov.au
•
Australian Law Portal, www.lawportal.com.au
•
Australasian Legal Information Institute (AustLii), www.austlii.edu.au
•
ACT Government, ACT legislation register, www.legislation.act.gov.au
•
Government of Western Australia, Western Australian legislation, www.legislation.wa.gov.au
•
Government of South Australia, South Australian legislation, www.legislation.sa.gov.au
•
New South Wales Government, NSW legislation, www.legislation.nsw.gov.au
•
Northern Territory Government, Northern Territory legislation, www.dcm.nt.gov.au
•
Queensland Government, Queensland legislation, www.legislation.qld.gov.au
•
Victorian Government, Victorian legislation and Parliamentary documents,
www.legislation.vic.gov.au
•
United States of America Federal Law, The Sarbanes–Oxley Act of 2002
52
Governance Institute of Australia
Project Governance: Accountability and Risk Management
Regulatory websites
•
Australian Government, Business, www.business.gov.au
•
Australian National Audit Office (ANAO), www.anao.gov.au
•
Australian Prudential Regulation Authority (APRA), www.apra.gov.au
•
Australian Securities and Investments Commission (ASIC), www.asic.gov.au
•
Australian Securities Exchange (ASX), www.asx.com.au
•
Australian Transaction Reports and Analysis Centre (AUSTRAC), www.austrac.gov.au
•
Queensland Government, Business Continuity Planning Guide, www2.business.qld.gov.au
•
Queensland Government, ‘Building Business Resilience’, www2.business.qld.gov.au
•
Safe Work Australia, www.safeworkaustralia.gov.au
Legal publishers/legal information providers
•
CCH, www.cch.com.au
– Australian Corporate Practice Manual, CCH Australia (loose-leaf and online).
•
LexisNexis, www.lexisnexis.com.au
– Australian Corporation Practice, (loose-leaf and online, updated five times per year).
– Australian Corporation Law: Principles and Practice, (hard copy and online).
– Australian Journal of Corporate Law, (hard copy or online).
– Butterworths Corporation Law Bulletin (BCLB), (loose-leaf, CD and online).
•
Thomson Reuters, www.thomsonreuters.com.au
– Companies and Securities Law Journal, (hard copy and online).
10.2
Standards and guidelines
•
ANAO, 2006, Implementation of Programme and Policy Initiatives, Better Practice Guide, pp 17–
21 and 57–74
•
APRA, Prudential Practice Guide (Draft), CPG 220 Risk management
•
APRA, Prudential Standard, CPS 220 Risk management
•
APRA, Prudential Standard, CPS 232 Business continuity management
•
AS 8000–2003 Corporate Governance — Good Governance Principles
•
AS 8015–2005 Corporate Governance of Information and Communication Technology.
•
AS 4817–2006 Project performance measurement using Earned Value
•
AS/NZS ISO 31000:2009 Risk management — Principles and guidelines (Note that its
predecessor, AS/NZS 4360-2004, is still also a useful source of information)
•
AS/NZS 5050:2010 Business continuity — Managing disruption-related risk
•
Association for Project Management, 2004, Directing Change: A Guide to Governance of Project
Management (GoPM)
•
ASX Corporate Governance Council, 2013, Corporate Governance Principles and
Recommendations, 3rd edn
•
COSO, 2004, Enterprise Risk Management - Integrated Framework
Governance Institute of Australia
53
Project Governance: Accountability and Risk Management
•
DR 01845 Draft for Public Comment AS/NZ Standard — Corporate governance of projects
involving information technology investment
•
Office of Government Commerce (UK), 2009, Managing Successful Projects with PRINCE2.
•
Project Management Institute, 2004, A Guide to the Project Management Body of Knowledge
(PMBOK® Guide), 3rd ed.
•
Project Management Institute, 2012, A Guide to the Project Management Body of Knowledge
(PMBOK® Guide), 5th ed.
•
Tasmanian Government, 2011, Project Management Guidelines (version 7.0). (Includes
information on project steering committee roles and functions; stakeholder management and
communication; and project reporting and performance measurement.)
•
ISO 21500:2012, Guidance on project management
•
HB 141-2011 Risk financing guidelines
•
HB 203-2012 Managing environment-related risk
•
ISO Guide 73:2009 Risk management — Vocabulary
•
ISO/IEC 31010:2009 Risk management — Risk assessment techniques
•
Victorian Government, Department of Treasury and Finance, 2011, Victorian Government Risk
Management Framework, www.dtf.vic.gov.au
•
Victorian Managed Insurance Authority (VMIA), Risk management — Developing and
implementing a risk management framework, www.vmia.vic.gov.au
10.3
•
Governance Institute resources
Governance Institute of Australia publications (www.governanceinstitute.com.au/publications)
– Better Communication Between Entities and Proxy Advisory Services
– Continuous Disclosure: Listed Public Companies and Other Disclosing Entities
– Corporate Governance and the Company Secretary
– Document Management
– Duties of Officers and Directors
– Effective AGMs
– Enhancing Board Effectiveness
– Enterprise Risk Management
– Managing Conflicts of Interest in the Not-for-Profit Sector
– Protecting Company Officers
– Public Sector Governance.
•
Governance Institute of Australia’s Good Governance Guides
(www.governanceinstitute.com.au/good-governance-guides)
– Issues to Consider When Constituting Audit and Risk Committees.
•
54
Governance Directions (journal of Governance Institute of Australia)
Governance Institute of Australia
Project Governance: Accountability and Risk Management
10.4
Reference books
Corporate law
•
Adams M, 2001, Essential Management Law, 2nd edn, Cavendish Publishing.
•
Adams M, 2005, Essential Corporate Law, 2nd edn, Cavendish Publishing.
•
Austin R and Ramsay I, 2012, Ford’s Principles of Corporations Law, 15th edn, LexisNexis.
•
Baxt R, Fletcher K and Fridman S, 2008, Corporations and Associations: Cases and Materials,
10th edn, LexisNexis.
•
Griggs L, Clark E and Iredale I, 2010, Managers and the Law: A Guide for Business Decision
Makers, 3rd edn, Thomson Reuters.
•
Harris J, Hargovan A and Adams M, 2013, Australian Corporate Law, 4th edn, LexisNexis.
•
Terry A and Giugni D, 2005, Business and the Law, 4th edn, Thomson.
•
Turner C, 2012, Australian Commercial Law, 29th edn, Thomson Reuters.
Risk management
•
Bernstein P, 1996, Against the Gods: The Remarkable Story of Risk, John Wiley & Sons.
•
Taleb N, 2007, The Black Swan: The Impact of the Highly Improbable, Random House.
•
Vaughan E and Vaughan T, 2013, Fundamentals of Risk and Insurance, Wiley, 11th edn.
•
Keel P and Lucas N, 2007, Reputation Matters: A legal guide to risk management in corporate
communications, CCH.
10.5
Reports and journal articles
•
ASIC, 2013, Risk management systems of responsible entities, Consultation Paper 204,
pp 1, 36–58.
•
Drew S A W and Kendrick T, 2005, ‘Risk Management: The Five Pillars of Corporate
Governance’, 31 Journal of Management 19.
•
Farrell J, 2007, ‘New Use For An Accepted Process’, Financial Executive 48.
•
Fraser J R S, Schoening-Thiessen K and Simkins E J, 2008, ‘A Survey of Enterprise Rick
Management Literature’, Journal of Applied Finance 73.
•
Kappelman L A, Mckeeman R and Zhang L, 2006, ‘Early Warning signs of IT Project Failure: The
Dominant Dozen’, Information Systems Management 31.
•
Helming D and Schanfield A, 2008, ‘12 Top ERM Implementation Challenges’, Internal Auditor 41.
•
Hunton J E, Wright A M and Wright S, 2004, ‘Are Financial Auditors Over-Confident In Their
Ability to Assess Risks Associated with Enterprise Resource Planning Systems?’, 18 Journal of
Information Systems 7.
•
Sumner M, 2000, ‘Risk Factors in Enterprise – Wide Stroke ERP Projects’, 15 Journal of
Information Technology 317.
•
Creedon B, 2011, ‘Protecting your most valuable asset — reputation’, Keeping good companies,
May issue, pp 213–217.
•
Committee of Sponsoring Organisations of the Treadway Commission (COSO), 2004, Enterprise
Risk Management — Integrated Framework, Executive Summary, www.coso.org
•
Department of Finance and Deregulation, 2009, Gateway Review — Lessons Learned, Financial
Management Group, 2nd edn.
Governance Institute of Australia
55
Project Governance: Accountability and Risk Management
•
Economist Intelligence Unit, 2007, Best practice in risk management: A function comes of age.
•
Economist Intelligence Unit, 2007, Business resilience: Ensuring continuity in a volatile
environment.
•
National Institute of Standards and Technology, US Department of Commerce, 2012, Guide for
Conducting Risk Assessments, Special Publication 800-30 Revision 1.
•
Martin L, 2010, ‘Damaged goods’, Keeping good companies, April issue, ICSA International,
pp 152–156.
•
M McPhee I, 2009, ‘Governance and the challenges of whole-of-government initiatives’, Keeping
good companies, February issue, pp 18–23.
•
Walton J, 2005, ‘Ethics: The hardest part of risk management’, Keeping good companies,
December issue, pp 668–672.
•
Van D, 2013, ‘Reputational risk management in the corporate world’, Keeping good companies,
May issue, pp 215–220.
10.6
Other resources
•
Australian Institute of Management, www.aim.com.au
•
Australian Public Service Commission, www.apsc.gov.au
•
Centre for Corporate Law and Securities Regulation, www.cclsr.law.unimelb.edu.au
•
Committee of Sponsoring Organisations of the Treadway Comission (COSO), www.coso.org
•
CEO Forum Group, www.ceoforum.com.au
•
Corporate Governance, www.corpgov.net
•
EBSCO Information Services, www.ebsco.com
•
European Corporate Governance Institute, www.ecgi.org
•
Financial Services Council, www.fsc.org.au
•
Global Association of Risk Professionals, www.garp.org
•
Global Governance Institute, www.globalgovernance.eu
•
Governance and Management, www.governance.com.au
•
Institute of Chartered Accountants Australia, www.charteredaccountants.com.au
•
Institute of Public Administration Australia, www.ipaa.org.au
•
International Corporate Governance Network, www.icgn.org
•
Organisation for Economic Cooperation and Development (OECD), www.oecd.org
•
Risk Management Institution of Australasia, www.rmia.org.au
•
SAI Global, www.saiglobal.com
•
Standards Australia, www.standards.org.au
•
The Institute of Risk Management (UK), www.theirm.org
•
UTS Centre for Corporate Governance, www.ccg.uts.edu.au
56
Governance Institute of Australia
Project Governance:
Accountability and Risk
Management
POWERPOINT PRESENTATION
Project Governance:
Accountability and Risk Management
© Governance Institute of Australia Ltd
This course can be counted as a module towards one of
the Governance Institute’s Certificates
Project Governance: Accountability
and Risk Management
Written and designed by:
•
•
David Berechree, Director, KPMG
Chris Wells FGIA, Project Director, Infrastructure Energy and
Resources
Revised by:
•
•
Robert Posener, Managing Director, PMComplete Pty Ltd
Damian McKenzie-McHarg, Lawyer and Governance Risk
Consultant
© Governance Institute of Australia Ltd
1.2
What is the aim of this course?
The aim of Project Governance is to overview the
elements, objectives and governance priorities of project
governance.
The key objectives are to:
• examine the principles underpinning project
governance
• explore the key risk areas of scope, time and cost
management
• identify quality control approaches
• assess reporting requirements
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
1
2
Definitions, principles and key
elements of project governance
© Governance Institute of Australia Ltd
2.1
Corporate governance
‘Governance’ means the method by which an organisation is
run or governed, over and above its basic legal obligations.
Governance
Institute
Four critical elements of governance:
1. Transparency
2. Accountability
3. Stewardship
4. Integrity
Corporate governance framework should extend to the
project activities undertaken in the organisation
© Governance Institute of Australia Ltd
2.2
What is a project?
A project:
•
•
•
•
is discrete
has a defined start and end point
has a specified end product
is unique, either in its end product or its environment
Outcomes
START
PROJECT
COMPLETE THE PLANNED TASKS
END
PROJECT
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
2
2.3
Project governance terminology
• Critical success factor: the factors that should be in
place to ensure that the project will be a success
• Issue: a risk… which does not need to be resolved
right now …not necessarily by the project team
• Task: an activity which needs to be managed
• Work breakdown structure: hierarchical list
• Change (from requirements) and variation (from the
environment
© Governance Institute of Australia Ltd
2.4
Project governance principles
• There are well-established corporate governance
principles in Australia
• A range of principles is set out in standards for
guidance on project governance:
– AS 8015: Corporate governance of ICT
– DR 08145: Corporate governance of
projects involving IT investments
(draft standard)
– GoPM: A guide to governance
of project management
© Governance Institute of Australia Ltd
2.4 Project governance principles (cont)
• Project governance = decision-making rights
• Guidance on project governance established in Australia,
primarily through information and communications
technology (ICT)
• These principles equally apply to non-ICT projects
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
3
Discussion 1: AS 8015
Six principles for good
governance of ICT:
1. Establish clearly understood
responsibilities for ICT
2. Plan ICT to best support the
organisation
3. Acquire ICT validly
4. Ensure that ICT performs well,
whenever required
5. Ensure ICT conforms with formal
rules
6. Ensure ICT use respects human
factors
In teams of three, and:
From your experience of ICT
projects:
• Identify one example where
ICT projects faltered or failed
• Rank it in order of priority and
note the reason
Nominate your spokesperson.
How well would these principles
have assisted your projects?
© Governance Institute of Australia Ltd
2.5
What is project management?
• Project management is the application of knowledge,
experience, skills, tools and techniques to project
activities to deliver project outcomes and benefits
• It is accomplished through the application and
integration of the project management lifecycle and
processes:
© Governance Institute of Australia Ltd
Discussion 2
Project management – what is ‘success’?
The term ‘outcome’ infers a changed future.
That is, as a result of the project, the [operating system…
world… workplace…] is changed.
How do you define project success?
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
4
2.6 Project management – what is
‘success’?
Are we doing the right projects versus are we doing projects
right?
Efficiency v Effectiveness
© Governance Institute of Australia Ltd
2.6 Project management – what is
‘success’?
Project governance seeks to provide answers to some key
questions:
•
•
•
•
•
•
•
How closely aligned are our projects with our business objectives and
strategies?
Do we clearly understand the value we will receive from our project
investment and when we will receive it?
What are our major project risks?
How do all of our projects impact on each other?
Which projects should have priority over others?
Which are our underperforming projects?
What is our organisation’s capability and capacity to deliver and absorb all
of this change?
© Governance Institute of Australia Ltd
3
Governance challenges
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
5
3.1
The business case framework
Describes justification for the project based on the estimated cost
of the project, against the risks and benefits.
The business case is expected to include:
• an explanation of the reasons
• an outline of the options
• identification of the benefits
• a summary of the major risks
• an investment appraisal
• an evaluation and final recommendation
© Governance Institute of Australia Ltd
Discussion 3 – Case study
Review the project cycle
case example
Refer – Workbook/Addendum 2
© Governance Institute of Australia Ltd
Discussion 3 - Case study Summary
Applying the business case – [6 Principles]
After four years of (1) ‘looking at comparable systems
readily available’, The Customer Information and Billing
System (CIBS) went to (2) international tender.
A (3) global financial services provider (a consortium
with a key IT provider in the UK) was considered to be
the (4) ‘highest-complying tender’ for the $38m system.
At 26 months – (5) 12 months after delivery date - the
known expenditure had reached $60m and the expected
‘go live’ date moved out 12 months.
At 44 months, when the system was declared (6)
unworkable, the Auditor General was asked to conduct a
report which estimated the final cost at $135m.
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
6
Discussion 3: Summary
Six principles for good
governance of ICT:
1. Establish clearly understood
responsibilities for ICT
2. Plan ICT to best support the
organisation
3. Acquire ICT validly
4. Ensure that ICT performs well,
whenever required
5. Ensure ICT conforms with formal
rules
6. Ensure ICT use respects human
factors
Discuss how by applying one
of the six principles of good
governance for this ‘case
study’ would have affected
the project outcome!
Summarise a key process
based on the AS1805
principles
© Governance Institute of Australia Ltd
3.3
Project Management Plan (PMP)
An effective project management plan defines
all of the processes that will be followed on the
project:
•
•
•
•
•
•
•
•
•
•
© Governance Institute of Australia Ltd
3.4
Integration management
Scope management
Time management
Cost management
Quality management
Human resource management
Stakeholder management
Risk management
Communications
Procurement
Project management office (PMO)
PMO is a strategic function where the most common
functions are:
•
•
•
•
•
•
•
•
consolidated tracking and reporting of project performance
communications
ownership of PM policies, processes, procedures, check
lists, standards, guidelines and templates (ie,
methodology)
coordinating interdependencies
prioritising projects
mentoring project managers
mentoring project sponsors
community of PM practice
PMO should cover a portfolio of projects
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
7
3.5
Project management standards
and methodologies
PMBOK
A standard – if you have this problem, you could do this
or that
PRINCE2
A methodology – if you are here in the project lifecycle,
do this and here is the template
Agile
Scrum (and others) – mostly for software development
Refer: Addendum 1
© Governance Institute of Australia Ltd
3.5
Project management standards
and methodologies: PMBOK®
A Guide to the Project Management Body of Knowledge
(PMBOK® Guide)
The PMBOK® Guide is:
–
–
–
regarded as the de facto international standard for
project management
approved as an American National Standard by ANSI
published in Australia by Standards Australia
The PMBOK® Guide is NOT designed to function as a step-bystep ‘how-to’ book, but rather to identify that subset of the
project management body of knowledge that is generally
recognised as good practice
© Governance Institute of Australia Ltd
3.5
Project management standards
and methodologies: PMBOK® (cont)
The PMBOK® Guide is organised into three
sections:
•
•
•
the Project Management Framework, a basic
structure for project management
the Standard for Project Management of a Project,
which specifies all the project management
processes that are used to manage a project
the Project Management Knowledge Areas, which
organises the 44 project management processes into
10 Knowledge Areas
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
8
3.5
Project management standards
and methodologies: PRINCE2
PRINCE2 (Projects in Controlled Environments v2):
•
•
•
•
•
recognised as an international PM methodology
widely adopted and adapted by both the public and
private sectors in many countries, including Australia
It is a generic, adaptable, simple-to-follow project
management methodology
Its focus is on the business case
It covers how to organise, manage and control
projects in 55 Knowledge Areas
© Governance Institute of Australia Ltd
3.5
Project management standards
and methodologies: Agile
• Agile means disciplined fast-tracking
• Agile DOES NOT mean ‘no documentation’
• Its mantra is ‘if it doesn’t add value, don’t do
it’
• Organisations must have explicit guidelines
for when it is appropriate to use Agile
• Employs an empowerment model, but still
requires governance
© Governance Institute of Australia Ltd
4
Project Structure, Roles,
Committees and Functions
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
9
4 Play DVD
DVD: Chairman of the Board
© Governance Institute of Australia Ltd
4
Governance:
At a board meeting …
Questions:
1.
2.
3.
4.
5.
6.
What went right at the meeting?
What went wrong at the meeting?
How is the project performing?
Who is the project governance committee?
Why is the board reviewing this project’s status?
Can the status be easily presented to the project governance
committee?
7.
What is the project meant to achieve?
8.
Where is the project at?
9.
What is the role of the project governance committee?
10. Why should they be interested in the project?
© Governance Institute of Australia Ltd
4
Governance:
Back at the board meeting … (Cont)
• The board/executive is currently not addressing the
issues and is avoiding the problem
• Board accountability for the project:
– Starts with the business case for the project
– Should make clear what it is trying to achieve and the
strategic importance of the project
– Should state the achievable outcomes, benefits and value to
be realised
• Clear responsibility is required:
– Who is the project sponsor at the board/executive level?
– How much effort is being expended by the board?
– What is the role of the board/executive?
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
10
4.1
A generic project governance
structure
© Governance Institute of Australia Ltd
4.2
Project sponsor
• A mandatory project role
• If there is no project sponsor, the project
stops
• Usually a member of the executive
management
• ‘Owns’ the project
• Key link between PM and governance
© Governance Institute of Australia Ltd
4.2 Project steering committee
• Optional – if there is none, then project sponsor
performs this role
• Questions to consider:
– Is it there to ‘steer’ the project (ie, downward-looking)?
– Is it there to ‘steer’ the project’s outcomes, capabilities
and capacities into the wider organisation and to drive
benefits realisation (ie, sideways-looking)?
• Primary function:
– To take responsibility for the business issues associated
with a project, including ultimate responsibility for ensuring
outcomes and benefits are realised
– Members ensure that these issues are being adequately
addressed and the project remains under control
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
11
4.3
Project steering committee role
and functions
Responsibilities of the steering committee include:
•
•
•
•
•
•
approval of changes and variations to the project and its
supporting documentation
monitoring and review of the project’s performance
providing assistance to the project when required
resolving conflicts between project and other projects as
well as the wider organisation
formal acceptance of project deliverables
making required decisions in a timely manner
© Governance Institute of Australia Ltd
5
Project Status
and
Progress Reporting
© Governance Institute of Australia Ltd
5.1
The need for control
Three dimensions of control:
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
12
5.2
Project status and progress
reporting
Project status and progress reporting:
•
•
•
Regular, formalised reporting on the progress of every project
Measured against the business case
Reported by the project manager to the project steering
committee, project sponsor and other interested parties (eg PMO
and business unit heads)
Key points:
•
•
Keep the report focused, perhaps using graphical dashboards
Report on/against physical milestones, NOT on percentage of
work completed
• Frequency of status reporting scheduled regularly (eg monthly)
• End of phase and key milestone reporting prior to
commencement of future phases (at gateway reviews)
*As highlighted by the board in the DVD!
© Governance Institute of Australia Ltd
5.2
Project status and progress
reporting (cont)
Typical content might be:
Report header:
• Project name
• Project manager
• Percentage complete
• Date of report
• Period covered by the report
• Overall satisfaction barometer
Project description:
• Project purpose
• Project alignment
• Planned project outcomes and benefits
© Governance Institute of Australia Ltd
5.2 Project status and progress
reporting (cont)
Project dashboard for:
•
•
•
•
•
•
•
Integration
Scope
Time
Cost
Quality
Human resource
Deliverables
•
•
•
•
•
•
Stakeholder
Risk
Communications
Procurement
Organisation
change
(transformation)
Configuration
management
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
13
5.2
Project status and progress
reporting (cont)
Timely and accurate information
Requires standards as to what constitutes red,
amber, green and blue
© Governance Institute of Australia Ltd
5.3
Project scope management
The business case establishes baseline scope:
•
Defines the ‘project boundaries statement’
•
Defines major deliverables together with criteria for
completion/acceptance as well as roles (RASCI)
•
Explicitly defines:
- all constraints
- all assumptions
- all inclusions
- all exclusions (with reasons why excluded)
•
Establishes the baseline for ongoing performance
measurement and change control
© Governance Institute of Australia Ltd
5.3
Project scope management (cont)
• Ineffective recognition and/or management of
changes and variations is a common cause of
project difficulties
• Without a clearly agreed process, the probability
of ‘scope creep’ is dramatically increased, with
consequent pressure on time, cost, resources
and quality
• It’s the variations that are often missed
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
14
5.4
Time management
© Governance Institute of Australia Ltd
5.4
Time management
The Project Manager must ensure that:
•
•
•
•
© Governance Institute of Australia Ltd
5.4
the structure of detailed work follows phases and activities
established in the project methodology and needed to realise the
outcomes and benefits
there is no redundancy between/among detailed work plans
there are established interdependencies between activities as
well as other projects
activities are defined so they are:
- designed to produce a deliverable
- the responsibility of a single individual
- finite, with defined criteria for their start and end
- a manageable unit of work
- easily understood
- measurable against physical delivery
Time management (cont)
Making the schedule real:
•
Maximum activity duration should be no longer than the
project team’s review cycle (eg one week)
•
There should be at least one milestone per month
•
Sequencing and interdependency of tasks
•
The critical path needs to be identified and rigorously
managed by the project manager
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
15
5.5 Cost management
Costs will typically include the following:
•
•
•
•
•
Human: the project team, internal resources and external
resources (suppliers, contractors, etc)
Equipment/Infrastructure: this may range from heavy
equipment to computers to specialised test instruments and
software
Material: the materials needed for a project, which may range
from USB sticks and stationery to concrete
Financial: the support needed to obtain funding and track
benefits
Contingency: the amount included to address cost estimate
risks.
For business projects, the most significant costs are usually people-related.
© Governance Institute of Australia Ltd
5.5
Cost management (cont)
When defining the project cost budget, consider:
•
•
•
•
•
•
•
•
•
internal versus external costs
costs with associated benefits versus costs with no
associated benefits
cost sharing with other projects/systems
CAPEX versus OPEX
cost contingency provision
timing of costs
availability of funds
hidden costs
milestone progress payments to suppliers
Link the costs with the schedule and resource plans
© Governance Institute of Australia Ltd
5.5
Cost management (cont)
Earned value analysis:
•
•
•
Planned cost — the budgeted cost of work scheduled
(PV)
Actual cost — the actual cost of work performed (AV)
Earned value — the budgeted cost of work performed
(EV)
From these three measurements, four performance metrics
are derived:
1. Cost variance = EV–AV
2. Schedule variance = EV–PV
3. Cost performance index = EV÷AV
4. Schedule performance index = EV÷PV
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
16
6
Quality and Risk Management
© Governance Institute of Australia Ltd
6.1
Project quality assurance
versus quality control
GOALS
Satisfied
needs
METHODS
PERFORMANCE
© Governance Institute of Australia Ltd
6.1
Project quality assurance
versus quality control (cont)
Key quality concepts
Goals
• Achievement of quality must be
• Is the project (going to)
planned.
achieve its planned
outcomes and benefits?
• Quality stems from quality
assurance and quality control
Methods
• Quality assurance is a function that
• Is an appropriate
defines then manages quality
methodology being
used effectively during
• Quality control is the process of
the project lifecycle?
measuring metrics against agreed
measures
Performance
• Comparison of actual to
baseline?
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
17
7
Engagement and Communication
© Governance Institute of Australia Ltd
7
Engagement and communication
Three things you can rely on:
1. Projects rely on people
2. People resist being changed
3. The people aspects of projects are the hardest to
manage
Stakeholders’ perception of your project will determine
how successful it is.
© Governance Institute of Australia Ltd
7.1
Stakeholder management
• Stakeholders are those individuals or
organisations whose interests are impacted by,
or who can impact on the interests of, the project
classifying stakeholders
,anagement strategies adopted may be
formal, informal, detailed or broad,
depending on the needs, size and
complexity of the project
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
18
7.2
Stakeholder analysis
Nature of the interest:
• identify
• analyse
• categorise
For management of:
• change
• risk
• issues
© Governance Institute of Australia Ltd
7.4
Communication
Develop a clearly planned approach:
•
Target audience — What are their communications
needs?
Key messages — What are the three or four key
points you want stakeholders to understand and act
on or be aware of?
Communications strategies — What are you going to
do to get your messages across?
Communications mechanisms/tools — Which
method/tool would be most appropriate to implement
your strategies?
•
•
•
© Governance Institute of Australia Ltd
7.4
Communication (cont’d)
•
•
•
Priorities — Who will be responsible for implementing
each action and when?
Budget requirements — What are the costs associated
with each action, how much is required and
appropriate?
Monitoring and evaluation — Whether and to what
extent the outcomes and benefits have been achieved,
and if not, why not?
Communicate, communicate, communicate
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
19
8
Measuring Success
© Governance Institute of Australia Ltd
8
Measuring success
Performance measurements include the following:
•
•
•
Are key success measures being met?
How well managed is the project?
Have the specified project deliverables been
completed/accepted and the planned outcomes and benefits
realised?
Three stages of measurement:
•
•
•
Pre-project measurements to generate baseline metrics
During the project to assess against success measures
Post-project to determine the success of the project
© Governance Institute of Australia Ltd
8.1
Project performance measurement
Potential baseline metrics include:
•
•
•
•
•
•
•
•
outcomes
benefits
schedule (phases and milestones)
resources
costs
defects
risks
communications delivered
Business case defines outcomes and benefits,
with scope, time, resources and costs
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
20
8.1
Project performance measurement
(cont)
Determining if a project is in control:
•
Is the methodology being followed
appropriately?
Are project registers being updated on a regular
basis (and not just before project reviews)
Do the success measures look like being
realised?
Are project thresholds within agreed
tolerances?
Regularly reconfirm that the planned outcomes
and benefits can be realised
•
•
•
•
The project is out of control if you can’t cancel it
© Governance Institute of Australia Ltd
8.1
Project performance measurement
(cont)
Assessing if a project has been, or will be,
successful Post-project review:
• Project performance review:
-
•
•
what went right?
what went wrong?
what can we learn?
Project output quality review
Project management methodology review
Benefits realisation review:
- project outcome/benefit realisation review
© Governance Institute of Australia Ltd
9
Conclusion
Good project governance:
•
•
•
•
•
Establishes effective policies, processes and
procedures that are followed throughout the project
lifecycle
Initiates projects with a robust business case
Ensures support by a comprehensive project
management plan and associated project registers
Implements ongoing monitoring of projects and
measurement of the value received
Terminates projects that are unlikely to deliver
planned outcomes, benefits and/or alignment
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
21
9
Conclusion (cont)
•
•
Engages an effective project sponsor
Proactively manages stakeholders’ perception of your
project
Proactively manages risk
Proactively manages quality
Uses formalised, regular project status and progress
reporting
Measures the project’s success against well-defined
success measures
•
•
•
•
© Governance Institute of Australia Ltd
10
•
•
•
•
•
•
Resources
Legislation and regulators
Standards and guidelines
Reference books
Reports and journal articles
Industry and professional associations
Governance Institute technical resources
(see www.governanceinstitute.com.au)
© Governance Institute of Australia Ltd
Other Governance Institute courses
• For further related content, see the following
Governance Institute courses:
–
–
–
–
–
–
Governance Essentials
Assessing Analysing and Treating Risk
Meeting Compliance Requirements
Risk Management Frameworks
Business Continuity and Reputation Risk
Not-for-Profit Officers, Directors and the Board
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
22
In-house training?
• In-house training
–
–
–
–
–
–
Customised to your organisation’s specific needs
Meet with your board, executives and staff
Choice of half and full day courses
Held at your premises
You choose the time
Cost effective
© Governance Institute of Australia Ltd
Thank you for attending
Project Governance:
Accountability
and Risk Management
© Governance Institute of Australia Ltd
Project Governance Governance Institute
2015
23