Project Governance: Accountability and Risk Management Participant notes This short course can be counted towards one of Governance Institute of Australia’s Certificates (see over page for details). © Governance Institute of Australia Ltd 2015 ABN 49 008 615 950 Short courses and Certificates This short course constitutes one of Governance Institute of Australia’s Certificate courses on successfully passing the online exam. For more information, or to enrol in the Certificate course, please contact Governance Institute in your state or visit www.governanceinstitute.com.au→Learning→Short courses & Certificates→ Request Short courses and Certificates handbook. Professional development at Governance Institute of Australia For further information regarding your study options, please refer to the ‘conclusion’ section within these notes to explore your study options. In-house training Governance Institute also offers flexible in-house training solutions that specifically meet your business needs. For more information, please contact Governance Institute in your state. Disclaimer Note that the materials for this course are issued to participants on the following conditions: • Neither Governance Institute of Australia nor its course authors and presenters purport to provide legal or other expert advice on the subject matter contained in these materials or in their tutorial presentation. • Neither Governance Institute of Australia nor its course authors and presenters are responsible for the results of any action taken on the basis of the information in these materials or in their tutorial presentation or any errors or omissions therein. • Governance Institute of Australia and its course authors and presenters disclaim any liability to any person in respect of the consequences of anything done by any person in reliance upon the contents of these course materials or their tutorial presentation. Acknowledgments Written and designed by: David Berechree, Director, KPMG Chris Wells FGIA, Project Director, Infrastructure Energy and Resources Revised by: Robert Posener, Managing Director, PMComplete Pty Ltd Damian McKenzie-McHarg, Lawyer and Governance Risk Consultant Copyright Copyright strictly reserved. No part of these course materials covered by copyright should be reproduced or copied in any form or by any means without the written permission of Governance Institute of Australia © Governance Institute of Australia Ltd 2015 Contents 1 Introduction 1 1.1 1.2 What is the background to this course? What is the aim of this course? 1 1 2 Definitions, principles and key elements of project governance 1 2.1 2.2 2.3 2.4 2.5 2.6 2.7 Corporate governance What is a project? Terminology Project governance principles What is project management? Managing projects Why is governance important? 1 2 4 7 11 11 12 3 Governance challenges 13 3.1 3.2 3.3 3.4 3.5 The business case Project management lifecycle Project management plan (PMP) and project registers Program management office (PMO) Project management standards and methodologies 13 15 15 16 17 4. Project structure, roles, committees and functions 20 4.1 4.2 4.3 Project governance structures Project roles Project steering committee role and functions 20 21 24 5 Project status and progress reporting 29 5.1 5.2 5.3 5.4 5.5 The need for control Project status and progress reporting Project scope management Time management Cost management 29 29 35 36 37 6 Quality and risk management 40 6.1 6.2 Project quality assurance versus quality control Risk management 40 40 7 Engagement and communication 45 7.1 7.2 7.3 7.4 Stakeholder management Stakeholder analysis Challenges of engagement Communication 45 46 46 47 8 Measuring success 48 8.1 Project performance measurement 48 9 Conclusion 50 9.1 Good project governance 50 10 Resources 52 10.1 10.2 10.3 10.4 10.5 10.6 Legislation and regulators Standards and guidelines Governance Institute resources Reference books Reports and journal articles Other resources 52 53 54 55 55 56 Project Governance: Accountability and Risk Management 1 INTRODUCTION 1.1 What is the background to this course? The management of projects can be simple or complex, depending upon a range of factors (including type, size, culture and numbers of people involved). There are three common threads in the governance of a project: 1. Risk - Every project faces risks and it is often said that ‘the reason why we have project managers is to minimise risk’. Minimising risk leads to more project successes 2. Governance - The requirement to ensure that project governance is correct. Who makes the important decisions, how quickly and who is empowered to do what needs to be clearly defined at the start of a project. Correct and workable governance is one of the leading factors in ensuring that the project will be a success not only as a specific initiative, but in terms of whether the project contributes to the organisation’s broader objectives 3. Accountability- Different enterprises have different accountability cultures. You can’t have empowerment without accountability. Having clear (and correct) project accountabilities and responsibilities also contributes significantly to the likelihood of a project being successful. Because they are easily measured, many organisations still believe that getting the triple constraints (of scope, time and cost) right is the way to measure project success — but this is too simplistic. There is a better way, and this is examined in this course. 1.2 What is the aim of this course? The aim of Project Governance: Accountability and Risk Management is to overview the elements, objectives and governance priorities of project governance. The key objectives are to: • examine the principles underpinning project governance • explore the key risk areas of scope, time and cost management • identify quality control approaches • assess reporting requirements 2 DEFINITIONS, PRINCIPLES AND KEY ELEMENTS OF PROJECT GOVERNANCE 2.1 Corporate governance Justice Owen in the HIH Royal Commission defined corporate governance as ‘the framework of rules, relationships, application systems and processes within and by which authority is exercised and controlled in corporations’. Governance Institute of Australia 1 Project Governance: Accountability and Risk Management The ASX Corporate Governance Council (in the Corporate Governance Principles and Recommendations, 3rd edition) describes corporate governance as encompassing the mechanisms by which companies, and those in control, are held to account. Further, it articulates that corporate governance influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimised. Effective corporate governance structures encourage companies to create value, through entrepreneurialism, innovation, development and exploration, and provide accountability and control systems commensurate with the risks involved. The Governance Institute believes that governance means the method by which an organisation is run or governed, over and above its basic legal obligations. It has four critical elements which are outlined in the following sections. Transparency The starting point is transparency of purpose. This clarifies why the organisation exists, what its objectives are and what the measures of achievement are. It also means transparency of process so that all stakeholders understand how things are done, as well as why. Accountability Who is responsible and to whom? What are they responsible for? What are the consequences if the rules are violated? Accountability is a normal part of the exercise of responsibility. It enables those conferring responsibility to monitor its exercise. Stewardship This involves the organisational decision-making undertaken so that those controlling the destiny of an organisation do so not for their own benefit, but rather for the benefit of the range of individuals and groups who have an interest in the affairs of the organisation, that is, the stakeholders. Integrity This refers to a culture committed to ethical behaviour and, the prudent discharge of responsibilities for, and on behalf of, all stakeholders. In any organisation, it is vital that the corporate governance framework extends to the project activities undertaken. 2.2 What is a project? A simple definition from the Project Management Institute’s A Guide to the Project Management Body of Knowledge (PMBOK® Guide, 2004, 3rd edition, p 5) is: ‘A project is a temporary endeavour undertaken to create a unique product, service, or result.’ Various other definitions exist, including the following from Standards Australia (DR 01845 Draft for public comment, p 7): A unique process, consisting of a set of coordinated and controlled activities with start and finish dates, undertaken to achieve an objective conforming to specific requirements, including the constraints of time, cost and resources. 2 Governance Institute of Australia Project Governance: Accountability and Risk Management The key features of a project can be articulated as follows: • It is discrete — it is a unique process with a defined scope and activity, so by nature it is a temporary endeavour with a definite beginning and a definite end. ‘Temporary’ does not generally apply to the product, service or result created by the project. Most projects are undertaken to create a lasting outcome and/or to realise specific benefits. • It has a defined start and end point — the end is reached when the project’s outcomes and benefits have been realised, or it becomes clear that the project’s objectives will not or cannot be met, or the need for the project no longer exists and the project is closed. This does not mean that the project is short in duration, as many projects last for several years. In every case, however, the duration of a project is finite. Projects are not ongoing efforts. • It has a specified end deliverable — a project creates unique deliverables, which are products, services or results. Projects can create: – a deliverable that is produced, is quantifiable, and can be either an end item in itself, or a component item – a capability or capacity to perform a service, such as a new business function – a result, such as outcomes, documents or IT systems. • It is unique, either in its end deliverable or its environment — an important characteristic of project deliverables is ‘uniqueness’. However, the presence of repetitive elements does not change the fundamental uniqueness of the project work. Organisations perform work to achieve a set of objectives. Generally, work can be categorised as either projects or processes, although the two sometimes overlap. They share many of the same characteristics, in that they are: • performed by people • constrained by limited resources and time • planned, executed and controlled. However, projects and processes differ primarily in that processes (normal operations) are ongoing and repetitive, while projects are temporary and unique. The objectives of projects and processes are fundamentally different. The purpose of a project is to realise its outcomes and benefits and then close. Conversely, the object of an ongoing process is to sustain the business. Projects are different because the project closes when its specific outcomes and benefits have been realised. Processes are gradually adapted and improved or change in response to new objectives, but in either case, the work continues. The value creation process is illustrated in Figure 1. Governance Institute of Australia 3 Project Governance: Accountability and Risk Management Figure 1: The value chain Illustration 2.3 Terminology Many terms used in project management have different meanings depending upon the methodology being followed. Some common terms that have more than one meaning, depending on the methodology, are outlined in the following sections. Critical success factor (CSF) Meaning 1 (incorrect): The measures that will be used to judge if a project was a success. This is the definition of ‘success measure’. Meaning 2 (correct): The factors that should be in place to ensure that the project will be a success (for example, good project governance). Issue Meaning 1 (PRINCE2): A materialised risk. Meaning 2 (PMBOK®): Something that needs to be resolved sometime, but not necessarily now. This is also known as ‘a parking lot’, so that we don’t forget to resolve this issue. Meaning 3: Any situation, action, problem or question arising during performance of the project, which cannot be efficiently or effectively resolved within the project team. 4 Governance Institute of Australia Project Governance: Accountability and Risk Management Task Meaning 1 (Microsoft Project): A project activity that needs to be managed and occurs on the project schedule). Meaning 2 (Agile): Anything that needs to be done on the project including action items, defect repairs, issues, risks, testing, changes and variations and schedulable activities. Work breakdown structure (WBS) Meaning 1 (PMBOK®): A hierarchical list of project deliverables, also known as ‘work products’, (that is, a list of nouns). Meaning 2 (PRINCE2 and Microsoft Project): A hierarchical list of project tasks to be performed (that is, a list of verbs). Similarly, there are many project management terms that are essentially synonymous. Some common terms that have the same meaning include: • ‘float’ and ‘slack’ • ‘goal’ and ‘objective’ • ‘deliverable’ and ‘product’ and ‘work product’ and ‘output’ • ‘schedule’ and ‘work plan’ • ‘task’ and ‘activity’ • ‘phase’ and ‘stage’ and ‘management stage’ and ‘sprint’ and ‘epic’ • ‘baseline’ and ‘budget’ • ‘achievement’ and ‘actual’ • ‘estimate’ and ‘forecast’ • ‘request for change’ and ‘change request’ • ‘error’ and ‘defect’ and ‘bug’ • ‘specification’ and ‘requirement’ and ‘product backlog item (PBI)’ • ‘quality review’ and ‘review’ and ‘inspection’ • ‘log’ and ‘register’ • ‘product release’ and ‘release’ • ‘product breakdown structure (PBS)’ and ‘work breakdown structure (WBS)’ • ‘net risk’ and ‘residual risk’ • ‘risk likelihood’ and ‘risk probability’ • ‘risk consequence’ and ‘risk impact’ • ‘positive risk’ and ‘opportunity’. Also, there are terms that appear to be the same, but have slight differences. Some common terms that have slightly different meanings include the following. Governance Institute of Australia 5 Project Governance: Accountability and Risk Management Change and variation A change is an addition, change or deletion from the project’s major deliverable’s requirements. A variation is an addition, change or deletion from the project’s environment. Examples include the following: • Organisation: For example, the new system now has to be useable by the marketing department as well as the sales department. • Geographic: For example, the new system now has be useable by our New Zealand sister company staff. • Project lifecycle: For example, the project now has to provide a warranty period. • Methodology: For example, the methodology was changed while the project was in-flight, to now require an additional phase or report. Organisations must take care to define the terms that they are using, because the high turnover in staff brings new personnel who have different backgrounds and experiences and assuming a definition can lead to unintended consequences. Correct terminology, used correctly The term ‘project objective’ is not used in this project management language because: • these tend to be ‘motherhood statements’ that every project has and are all implied in the project manager’s role • the focus should be more on delivering outcomes and benefits. Examples of the confusion caused by poorly-defined objectives project include to: • deliver before time • deliver under budget • realise all of the planned outcomes • realise all of the planned benefits • manage the project according to the methodology • achieve a satisfaction rating of 5 from all stakeholders surveyed at the end of the project • have no incomplete activities in any of the project registers when the project is closed • have no miscommunications during the life of the project • have no priority 1 and 2 defects unrepaired when the new system goes into production • have no priority 1 and 2 defects found in production within the warranty period (that is, first 90 days) • have no project team members voluntarily leave the project • have no contractual issues with the selected vendor. The terms used throughout this course are based on the PMBOK® definitions. 6 Governance Institute of Australia Project Governance: Accountability and Risk Management 2.4 Project governance principles Guidance on project governance is established in Australia primarily through Information Technology (IT) standards development via Standards Australia. This includes: • AS 8015–2005 — Corporate governance of Information and Communication Technology (ICT) • DR 08145 — Corporate governance of projects involving IT investments (draft standard). Standard Australia’s AS 8015–2005 provides a governance model for boards and senior management of organisations in relation to their responsibilities in guiding and monitoring the use of information technology (IT). The Standard is designed to assist them in making appropriate decisions and it recommends that directors govern IT through three main tasks: 1. evaluating the current and future use of IT 2. directing preparation and implementation of plans and policies to ensure that use of IT meets business objectives 3. monitoring conformance to policies, and performance against the plans Figure 2 illustrates the AS 8015-2005 approach. Figure 2: AS 8015–2005: Model for corporate governance of ICT Source: AS 8015–2005. Reproduced with permission The draft standard for corporate governance of projects involving IT investments (DR 08145) explains how to apply this process model when investing in new or changed IT. Although this is focused on projects with an IT component, the principles can be easily applied to projects of a general nature. Evaluate Directors should evaluate investment decisions and expected project outcomes and benefits to ensure that they are aligned with business objectives. Governance Institute of Australia 7 Project Governance: Accountability and Risk Management While directors may not be involved at a detailed level in most projects, they should evaluate the overall portfolio of projects involving investment in IT, as well as the major IT investment in making judgments on whether the benefits and risks associated with the investment are justified. Directors should take account of both current and future business needs, as well as opportunities and risks arising from technology. Ongoing evaluation of projects and investment decisions should be undertaken at all levels of delegated authority to ensure that projects only initiate and continue if the organisation receives value from the investment. The board and senior management of an organisation should periodically assess the effectiveness of the governance arrangements. Direct Directors and senior managers should direct the establishment of a framework for project governance appropriate to the size and risks of the organisation. This includes: • clearly defined policies, processes, procedures, check lists, standards, guidelines and templates, as well as responsibilities and accountabilities for project decision-making • agreed criteria and mechanisms for project priority-ranking • strategies for the development of project management capability within the organisation. Directors should encourage a culture of good governance of IT in their organisation by requiring managers to provide timely information, to comply with direction and to conform to the principles in the framework. Monitor Directors, senior managers and those with the delegated authority for governance of projects should monitor, through appropriate measurement systems, the performance of projects involving investment in IT against approved plans and business cases. This includes monitoring the progress, delivery, and quality and risks across the portfolio of projects, ensuring that reporting mechanisms highlight major issues and risks. Directors should also monitor the performance of the project governance mechanism as a whole, and by requiring processes such as independent assessments and post-project reviews to determine whether the organisation has the capacity and capability to deal with the risk and complexity of the projects being undertaken. In considering all these elements, it should be noted that projects involving major IT investments can be complex and fraught with risk for the organisation. There are many examples of failed IT projects that have led to huge financial losses (where projects are abandoned or huge cost overruns and delays are incurred) and losses due to an inability to provide basic IT dependant services. AS 8015–2005 Principles AS 8015 sets out six principles for good corporate governance of ICT, which apply to most organisations. However, the application of the principles will vary depending on the size and specific business operations of organisations, as articulated by AS 8015. • Principle 1 — Establish clearly understood responsibilities for ICT. Ensure that individuals and groups within the organisation understand and accept their responsibilities for ICT. • Principle 2 — Plan ICT to best support the organisation. Ensure that the project plans fit the current and ongoing needs of the organisation and that the project plans support the corporate plans. 8 Governance Institute of Australia Project Governance: Accountability and Risk Management • Principle 3 — Acquire ICT validly. Ensure that the project acquisitions are made for approved reasons in the approved way; on the basis of appropriate and ongoing analysis. Ensure that there is appropriate balance between costs, risk, long-term benefits. • Principle 4 — Ensure that ICT performs well, whenever required. Ensure that ICT is fit for its purpose in supporting the organisation, is kept responsive to changing business requirements, and provides support to the business at all times when required by the business. • Principle 5 — Ensure that ICT confirms with formal rules. Ensure that ICT conforms will all external regulations and complies with all internal policies and practices. • Principle 6 — Ensure that ICT use respects human factors. Ensure that ICT meets the current and evolving needs of all the ‘people in the process’. GoPM In addition to AS 8015, good guidance is provided by the Association for Project Management (APM) in the UK through their publication Directing Change: A Guide to Governance of Project Management (GoPM). In this Guide, the governance of project management concerns those areas of corporate governance that are specifically related to project activities. Effective governance of project management ensures that an organisation’s project portfolio is aligned to the organisation’s objectives, is delivered efficiently and is sustainable. Governance of project management also supports the means by which the board, and other major project stakeholders, are provided with timely, relevant and reliable information. Figure 3: GoPM Source: Association for Project Management, 2004, Directing Change: A Guide to Governance of Project Management. Reproduced with permission. Figure 3 illustrates that project governance is a subset of corporate governance. It also represents that most of the methodologies and activities involved with the day-to-day management of individual projects lie outside the direct concern of corporate governance. Governance Institute of Australia 9 Project Governance: Accountability and Risk Management Based on governance requirements and on the discipline of project management, the following principles have been identified by GoPM as necessary for effective governance of project management: • The board has overall responsibility for governance of project management. • The roles, responsibilities and performance criteria for the governance of project management must be clearly defined. • There are disciplined governance arrangements, supported by appropriate methodology and controls in place, and these are applied throughout the project lifecycle. • A coherent and supportive relationship is demonstrated between the overall business objectives and strategies and the project portfolio. • All projects have an approved plan containing authorisation points at which the business case is reviewed and approved. Decisions made at authorisation points are recorded and communicated. • Members of delegated authorisation bodies have sufficient representation, competence, time, authority and resources to enable them to make appropriate decisions. • The project business case is supported by relevant and realistic information that provides a reliable basis for making authorisation decisions. • The board or its delegated agents decide when independent scrutiny of projects and the project management methodology is required, and implement such scrutiny accordingly. • There are clearly defined criteria for reporting project status and progress and for the escalation of risks and issues to the levels required by the organisation. • The organisation fosters a culture of improvement and of frank internal disclosure of project information. • Project stakeholders are engaged at a level that is commensurate with their importance to the organisation and in a manner that fosters trust. The GoPM Guide directs how a board might address four main components of the governance of project management, namely: • portfolio direction • project sponsorship • project management effectiveness and efficiency • disclosure and reporting. The Guide also offers practical questions that should help decide what actions to take to comply with these principles. There are other Standards that impact on both corporate and project governance, including the following: • Control Objectives for Information and Technology (COBIT) • Sarbanes-Oxley Act of 2002 (US) • The Committee of Sponsoring Organisations of the Treadway Commission (COSO) • The Open Group Architecture Framework (TOGAF). 10 Governance Institute of Australia Project Governance: Accountability and Risk Management 2.5 What is project management? A Guide to the Project Management Body of Knowledge (PMBOK® Guide) defines project management as the application of knowledge, skills, tools and techniques to project activities to meet project requirements. Project management is accomplished through the application and integration of the project management processes of initiating, planning, executing, monitoring and controlling, and closing, as illustrated in Figure 4. Figure 4: Project management process Source: PMBOK® Guide -Reproduced with permission Managing a project includes: • identifying requirements • establishing clear and realisable outcomes and benefits • balancing the competing demands for quality, scope, risk, time and cost • adapting the specifications, plans, and approach to the different concerns and expectations of the various stakeholders. It involves the management of all the elements of the project, including: • planning • monitoring and control • people. High-quality projects deliver the required product, service or outcomes and benefits within scope, on time, and within budget. This is often described as a ‘triple constraint’ — project scope, time and cost — in managing competing project requirements. Project quality is affected by balancing these factors as well as risk. 2.6 Managing projects Why do are some projects successful and some projects fail? Surveys regularly highlight the high incidence of project failure. The results from the KPMG International Program Management Survey in 2003 highlighted that 57 per cent of organisations surveyed internationally have experienced at least one project failure (using their own definition of success/failure). Of those organisations able to determine the magnitude of the project failure(s), the average cost of project failure was US$10.4 million. The major reasons for failure were described as: • unclear/changing scope requirements • poor project management • poor resource management • poor cost management. Governance Institute of Australia 11 Project Governance: Accountability and Risk Management Poor project management is frequently given as a reason for project failure. This highlights that project management is no longer a ‘nice to have’ optional extra; it must be a core competency of an organisation. In 2005, KPMG’s Global IT Project Management Survey observed that there was an increase in project activity, with an increase in the number of new projects, project complexity and total project budgets. However, it was noted that there was still variability in organisations’ ability to deliver value from these investments. In other words, projects are not delivering on their promises. Specifically: • 49 per cent of participants experienced at least one project failure in the previous 12 months. • In this same period, only 2 per cent of organisations realised planned benefits all the time. • 86 per cent of organisations lost up to 25 per cent of planned benefits across their entire project portfolio. To the detriment of stakeholders, organisations are making commitments, but not always delivering on outcomes. Governance plays a key role in fostering project success and delivering value. Effective project governance needs to run end-to-end, starting at least with an in-depth business case. On the positive side, the survey found that business cases are the norm in the majority of organisations. However, specific aspects believed to be critical for a business case were often omitted. For example, how can you make effective decisions when you do not know the project scope, major risks or major assumptions? These were missing in over one third of organisations. In addition, while rigour might surround the initial approval of funds, governance then tends to ‘fall away’. Often projects get access to the entire funds upfront, rather than being staged, subject to the achievement of particular milestones. Often executive involvement is too focused on project-approval activities. Once funds are released, most organisations do not continue the same rigour through ongoing governance processes, including active executive involvement and monitoring and measuring benefits actually realised. For example, only 13 per cent of organisations provide funding to projects following the achievement of milestones, with 61 per cent still providing funding up front in a lump sum (even if over multiple budgetary periods). Pay for performance is rare. Furthermore, only 20 per cent of organisations had any formal criteria to cancel projects or put them on hold. The support and involvement of top management are generally accepted as a critical success factor in achieving success. Yet, while 30 per cent of projects report to the board, the degree of awareness can generally be challenged. Fifty-one per cent indicated boards have only a limited awareness of project benefits and risks. Of equal concern is that 20 per cent of executives also have only this basic level of awareness. Commentary still referred to the lack of executive involvement, and this was the third most popular reason offered for project failure. For all significant projects, the board’s decision-making process is critical, with key considerations being budget, timelines and benefits. In the integrated governance model, the board’s role does not stop with the initial project approval. 2.7 Why is governance important? Governance is the layer that sits between making a commitment and achieving it. It is the process of assessing, directing and monitoring whether outcomes and/or benefits are being realised (or likely to be realised) from projects. Governance is as much about performance as it is about compliance and control. 12 Governance Institute of Australia Project Governance: Accountability and Risk Management Good governance over projects means establishing effective processes that extend throughout the lifecycle, including: • initiating projects with a robust business case • funding projects which will yield the greatest value • funding based on achievement of agreed milestones • ongoing monitoring of project’s performance • measuring the value received • closing projects that are unlikely to deliver agreed outcomes and/or benefits. Effective project governance cannot occur in isolation and needs to be an integral part of an organisation’s overall governance framework. The governance debate has inherently brought a stronger focus on improving the governance over projects, but this has arguably not progressed as rapidly or as extensively as other governance domains, since project governance relies on the integration of all other areas. Ultimately, governance over projects seeks to provide answers to some key organisational questions: • How closely aligned are our projects with our business objectives and strategy? • Do we clearly understand the value we will receive from our project investment and when will we receive it? • What are our major project risks? • How do all of our projects impact each other? • Which project should have priority over others? • Which are our underperforming projects? • What is our organisation’s capability and capacity to deliver and absorb all this change? 3 GOVERNANCE CHALLENGES 3.1 The business case The business case is a description of the reasons for the project and the justification for undertaking the project, based on the estimated cost of the project, the risks and the expected benefits. The business case addresses the entire scope of change to the business that is impacted by the project. The business case is the most important set of information for the project. It drives the decisionmaking processes and is used continually to align the project’s progress to the business objectives and benefits that are defined within the business case. The business case should be developed at the beginning of the project and maintained throughout the life of the project, being reviewed by the project governance committee at each key decision point, such as completion of each major phase. The business case is expected to include: • an explanation of the reasons the project outcomes and benefits are needed • an outline of the various options that have been considered to deliver the required outcome, with the ‘do nothing‘ option as the starting option. The recommended option should be indicated, together with a summary of the reasons why it is recommended • identification of the benefits that it is claimed will be realised by the project’s outcomes and benefits, in measurable terms which can be assessed after the project has been closed Governance Institute of Australia 13 Project Governance: Accountability and Risk Management • a summary of the major risks facing the project that, if they materialise, would seriously affect delivery of the outcomes and benefits, including details of how these risks will be managed • an investment appraisal showing the balance between the project’s costs against the financial value of the benefits over a period of time, with the baseline for the investment appraisal being the ‘do nothing’ option (that is, a cost/benefit analysis) • an evaluation and final recommendation of the business case • the overall framework and approach for executing the project • the resource staffing levels necessary to perform project work • the project management infrastructure necessary to control the project effectively • the project scope • major deliverables • the schedule • resources • accommodation requirements • IT requirements • administrative support requirements • organisational structure. The example below outlines the main points which would typically be covered in a business case report: Example Business Case Structure 14 1. Executive summary 2. Project strategy 3. Project objectives 4. Assumption analysis 5. Benefits realisation analysis 6. Break-Even/Payback analysis 7. Cost /Benefit Analysis 8. CAPEX / OPEX - cost allocation should include the following:- 9. Cash flow analysis 10. Capability analysis 11. Do nothing analysis 12. Impact assessment 13. Procurement analysis 14. Resourcing analysis 15. Risk and contingency analysis 16. Schedule analysis Governance Institute of Australia Project Governance: Accountability and Risk Management 3.2 Project management lifecycle Between the start and the end, a project transitions through a defined lifecycle and project management processes support the project lifecycle, as illustrated in Figure 5. Figure 5: Project management processes Source: PMBOK® Guide. Reproduced with permission. 3.3 Project management plan (PMP) and project registers Key to any project is an effective project management plan. Note that this is a Word document — not a Microsoft Project schedule. This document describes the processes by which the project will be run. There should be one section in this document for each of the project management knowledge areas (for example, time management, cost management, etc). As an example, the time management section might include the following: • A project schedule will be developed and approved within one month of the project starting. • The project sponsor must approve the project schedule. • The project schedule baseline must be frozen immediately the business case is approved. • The project schedule will then be placed under formal change control. • The project schedule baseline may only be reset after formal approval by the project sponsor. • The project schedule must be reviewed with the project team members on a weekly basis. • The project schedule must be updated with both actuals and re-estimates within one day of its weekly team review. • Vendors are required to submit updated project schedules in Microsoft Project 2007 format by close of business every Friday. Governance Institute of Australia 15 Project Governance: Accountability and Risk Management • The status and progress of the project schedule must be reported in the monthly project steering committee meeting pack. • Any potential change to the project schedule that may cause the next major milestone or the project end date to be missed by more than 5 per cent must be escalated to the project sponsor as soon as it is identified. The project management plan usually remains static during the life of the project. It is augmented by separate project registers that are ‘live’ and are updated on a regular basis, sometimes daily. Examples of common project registers include: • Action items register • Funding register • Assumptions register • Issues register • Benefits register • Lessons learnt register • Changes and variations register • Objectives register • Constraints and obstacles register • Outcomes register • Contingency reserves register • Pecuniary interests register • Contracts register • Procurable items register • Critical success factors register • RASCI chart • Defects register • Reviews register • Delays register • Risks register • Deliverables register • Risk materialisations register • Disputes register • Schedule • Documents register • Stakeholder assessments register • Expectations register • Success measures register • External dependencies register • Test scripts register Not all projects have all of these registers. Keeping the changeable information in separate registers rather than buried in a Word document, enables separation of the static information from the dynamic information, and the employment of sophisticated project management tools (or just Microsoft Excel) to manage the registers, reduce the amount of duplication and ensure that there is a single version of the truth. 3.4 Program management office (PMO) A project office is a function supporting a number of projects with prime responsibility for assembling, coordinating, tracking, monitoring, maintaining and distributing key project information. The project office is essentially an administrative function. An evolution of the project office is the program management office (PMO), which is a strategic function for consolidated tracking and reporting of multiple projects’ performance, communications, coordination, ownership of project management policies, processes, procedures, check lists, standards, guidelines and templates (also known as ‘the project methodology’), coordinating interdependencies and prioritising projects, mentoring project managers, mentoring project sponsors and managing the project management community of practice. The PMO is a ‘strategic’ function that should cover a portfolio of projects. 16 Governance Institute of Australia Project Governance: Accountability and Risk Management 3.5 Project management standards and methodologies PMBOK® Guide The Project Management Institute’s A Guide to the Project Management Body of Knowledge (ie the PMBOK® Guide) is regarded as one of the project management profession’s most essential resources — a global standard for the industry. It assists organisations in creating and shaping their project management methodology. The PMBOK® Guide is not designed to function as a step-bystep, ‘how-to’ book, but rather to identify that subset of the project management body of knowledge that is generally recognised as good practice. The PMBOK® Guide has been recognised by several well-respected organisations, including the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), the International Organization for Standardization (ISO) and Standards Australia (SA). The PMBOK® Guide is organised into three sections: 1. The Project Management Framework, which provides a basic structure for understanding project management. 2. The Standard for Project Management of a Project, which specifies all the project management processes that are used by the project team to manage a project. 3. The Project Management Knowledge Areas, which organises the 44 project management processes into 10 Knowledge Areas. Notes: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Governance Institute of Australia 17 Project Governance: Accountability and Risk Management The PMBOK® Guide is currently in its fifth edition, released in 2012. Figure 6: PMBOK Knowledge Areas Source: Project Management Institute, 2004, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Pennsylvania, 3rd ed. PRINCE2 PRINCE2 (which stands for PRojects IN Controlled Environments) is recognised as the international de facto methodology for project management, as it provides a flexible and adaptable approach to project management. It is a project management methodology designed to provide a framework addressing the wide variety of disciplines and activities required within a project. The focus throughout PRINCE2 is on the business case, which describes the rationale and justification for the project. The business case drives all the project management processes, from initial project set-up through to successful finish. PRINCE was first developed by the UK government in 1989 as the standard approach to IT project management for the UK government. Since then, the methodology has been enhanced to become a generic, best-practice approach suitable for the management of all types of projects, and has been widely adopted and adapted by both the public and private sectors in the UK and globally. PRINCE2 is a generic, adaptable, simple-to-follow project management methodology. It addresses how to organise, manage and control projects and it is aimed at enabling the project manager to successfully deliver the right deliverables, on time and within budget. It follows a lifecycle approach to project management. 18 Governance Institute of Australia Project Governance: Accountability and Risk Management However, PRINCE2 does not address all aspects of project management (for example, procurement leadership and people management skills, detailed coverage of project management tools and techniques. The PRINCE2 methodology is documented in the publication Managing Successful Projects with PRINCE2. This core book is supported by a number of complementary publications which add guidance on how to tailor the methodology, how to manage people in a PRINCE2 project, and outlining the benefits to a business when adopting a PRINCE2 approach. Figure 7: PRINCE2 Source: Office of Government Commerce (UK), 2009, Managing Successful Projects with PRINCE2. Agile There are a number of Agile methodologies. The Agile methodologies provide an alternative to more traditional approaches and most are designed for software development. Some only address software development and do not address risks, outcomes, benefits, organisational change (transformation), etc. Agile does not mean ‘no documentation’. Its underlying mantra is ‘if it doesn’t add value, don’t do it’. It therefore requires significantly less formality than other methodologies. Organisations must have formal guidelines for when it is appropriate to use Agile methodologies. Governance Institute of Australia 19 Project Governance: Accountability and Risk Management While Agile methodologies employ a strong empowerment model, they still require project governance. 4. PROJECT STRUCTURE, ROLES, COMMITTEES AND FUNCTIONS 4.1 Project governance structures Projects are typically part of an organisation that is larger than the project. The maturity of the organisation with respect to its project management methodology, culture, style, organisational structure and PMO (see section 3.4) can also influence the project. While there are some organisations whose operations consist primarily of projects and they are structured along project lines, in the main, traditional functional organisational structures are used. Therefore, every project should be aware of how the ‘host’ organisation’s structure and management policies and processes affect the project structure. Most organisations have developed unique and describable cultures. These cultures are reflected in numerous factors, including, but not limited to: • shared values, norms, beliefs and expectations • policies, processes and procedures • view of authority relationships • work ethic and working hours • risk management maturity • failure, fear, fault, frankness, fearless, favourites and fun (7Fs) culture Where multiple organisations are involved or there are cross-government agencies, additional considerations will also be required to ensure that the project organisation structure is appropriate. For additional discussion on the implications of organisational structure, refer to section 2.3 of the PMBOK® Guide. Within any project organisational structure, a number of key roles exist. 20 Governance Institute of Australia Project Governance: Accountability and Risk Management A generic project structure is outlined in Figure 8. Figure 8: Project structure Illustration Generic project organisational structure This project structure can be adapted to accommodate a range of project factors, including: • the size of the project • the range of stakeholders required to be integrated into the project • arrangements with project consultants or significant suppliers to the project • multiple organisations as business owners. 4.2 Project roles The following list of project roles gives an indication of the type of accountabilities, responsibilities and tasks generally allocated to those people involved in a project. As projects vary, including during the timeframe of the project, the roles required will also vary, including the responsibilities and tasks associated with those roles. The following information provides an overview and a starting point for the roles required in a project. The most crucial aspect is to have clearly assigned roles and responsibilities and clarity of accountability within the project governance structure. Project sponsor The sponsor is the link between project management and governance and is accountable for: • delivery of overall project outcomes and benefits • buy-in and acceptance of the project within the organisation. The sponsor must have authority and credibility within the organisation (that is, senior management). Governance Institute of Australia 21 Project Governance: Accountability and Risk Management Responsibilities include: • championing the project within the organisation • chairing the project steering committee • approving the project management plan and any subsequent changes to it • supporting the project manager in his/her responsibilities • providing advice and consent on scope changes and variations. Project steering committee Having a project steering committee is optional. If there is no project steering committee, then the project sponsor assumes the role and responsibilities of the project steering committee. On first inspection, this may seem to impose an additional time burden on an already time-poor senior manager. However, it tends to be less because there is a lot less discussion and a single person makes the decisions. Key decision 1 Does the project steering committee make decisions or does it make recommendations to the project sponsor? Who then makes the decisions? Key decision 2 Does the project sponsor just another member of the project steering committee with an equal vote or does the project sponsor have right of veto over the project steering committee? Key decision 3 Is the project steering committee there to ‘steer the project’ (that is, looking down) or is it there to ‘steer the usage of the capabilities and outcomes delivered by the project’ into the wider organisation (that is, looking sideways)? The project steering committee is accountable for making timely and effective decisions that relate to the project. The project steering committee members must have appropriate seniority and authority to allow clear and timely decision-making, guidance and communication. The project steering committee should be limited to a core group of individuals to represent the business owners, with additional resources to be involved as required. Any additional members of the project steering committee should be clear of their accountabilities and whose interests they are representing. Responsibilities include: • monitoring by exception • ensuring the proper checks and balances (financial and professional) are in place and functioning • resolving issues escalated by the project team • making decisions requested by the project team in a timely manner • verifying the achievement of deliverables and milestones • committing resources and budget on an enterprise-wide basis • authorising changes to the schedule baseline and/or cost budget • supporting the project manager • authorising the project team to make decisions • ensuring that the project delivers the required outcomes and benefits 22 Governance Institute of Australia Project Governance: Accountability and Risk Management • educating peers and staff on the merits of the project • reviewing and approving quality and risk advisory reports. Project manager The project manager is accountable for accurately defining and appropriately resourcing the project, and driving resolution of issues and risks across the organisation. The project manager must: • be able to influence and control project resources • have authority and credibility within the organisation • have sufficient project management skill and experience. Responsibilities include: • coordinating the project team and managing internal and senior organisation relationships • coordinating reference and working group activities with the project team • coordinating consultant activities with the project team and other project groups • monitoring and controlling project activities that are assigned to or the responsibility of the organisation • managing the project in accordance with the project management plan • identifying dependencies and initiating action plans as necessary • recommending initiatives and action to address identified gaps, issues and risks • accurately reporting project status and progress to the project sponsor and the project steering committee, and escalating issues, risks and decisions as appropriate • ensuring effective delivery of elements of the project (as required) • managing all third parties contracted during the project lifecycle (as required). Project team The project team is led by the project manager and is accountable for the delivery of the project deliverables relevant to their respective roles. The project team should comprise people who have: • management skills and experience • relevant technical skills and experience • relevant knowledge and understanding of the business. The project team is responsible for completing the required activities for delivering project deliverables. Working groups Working groups consist of specialist subgroups, established as required by the project, to produce specified project deliverables. Accountability is for the delivery of specific deliverables within a specific time under the direction of the project manager or member of the project team. Governance Institute of Australia 23 Project Governance: Accountability and Risk Management Reference groups/advisory board Reference groups are established by the project to provide working forums or specialist advice to the project team. There are usually limited specific accountabilities for these groups, with them being available for input and guidance. Involvement of reference groups is usually on an ‘as required’ basis and may involve the following activities: • participating in appropriate meetings and workshops • providing input and feedback on specific subject matters. Consultants Project consultants are engaged from outside the organisation to provide specialist advice or other expertise to the project team. Accountabilities for these roles will vary from providing ad hoc advice to being accountable for the delivery of specific project deliverables. The involvement of consultants may be kept separate from the project team, or integrated within the project, similar to a contractor role. Quality and risk advisers Large or complex projects generally engage one or more quality consultants to perform quality and risk advisory roles. Typically, consultants in these roles are accountable for providing independent advice over the quality assurance process and major risks associated with the project. This can encompass a one-off type of review, but the role also tends to include an ongoing periodic monitoring role. The role primarily encompasses two elements as follows: 1. Independent reporting on the status of the project, assessing progress to date against the project plan and compliance with the stated process being followed. 2. Proactive input to the project regarding enhancement to the project quality assurance processes being employed, with a view to making it a success. 4.3 Project steering committee role and functions For a larger project, an effective project steering committee may be important for the project’s success. The primary function of a project steering committee is to take responsibility for the business activities associated with a project, including ultimate responsibility for ’steering’ the project’s major deliverable into use within the organisation. Members of a project steering committee ensure these areas are being adequately addressed and the project remains in control. In practice, these responsibilities involve five main functions: • approving changes and variations to the project and its supporting documentation • monitoring and review of the project’s performance • providing assistance to the project when required • resolving conflicts between the project and other projects as well as the wider organisation • formally accepting the project deliverables. 24 Governance Institute of Australia Project Governance: Accountability and Risk Management Approval of changes and variations to the project The project steering committee is responsible for approving major project documentation. Specifically, the project steering committee approves: • prioritisation of project outcomes and benefits • cost budget • schedule baseline • major deliverables • schedule and budget constraints • risk minimisation strategies. The project steering committee is also responsible for any major changes and variations to the project. It should be provided with the following information in support of a proposed change: • nature and reason for the change or variation • impact of the change • revised project management plan, schedule, cost and resources if appropriate • suggested actions for the project steering committee to consider. Changing or emergent issues may require the project scope to be adapted so that the project meets the original or modified outcomes and benefits. The project steering committee is responsible for approving or rejecting these changes to the project and for ensuring that additional resources are provided for incorporating these changes, if required. Monitoring and review of the project’s performance The project steering committee reviews the status and progress of the project at least at the end of each phase and determines whether the project team should progress to the next phase. It may also do this on a monthly basis or on an ad hoc basis. The review focuses on major project documentation and any variations in the key components, such as outcomes and benefits, risk, schedule, costs, resources and deliverable quality. Good project governance also includes access to a full suite of formal project reviews that can be performed if desired. Some of the following reviews should be made mandatory for every project, while others can just be optional. Projects that are reporting ‘green all around’ should be reviewed, as well as those reporting ‘red’ (ie ‘troubled projects’) to: • ensure that they really are ‘green’, and • identify what is going ‘right’ so that this can be replicated in future projects. The project management plan should detail: • the types of reviews necessary • when the reviews should take place • who is responsible for arranging and managing the reviews • who will undertake the reviews and who is responsible for accepting the reports produced by the reviews. Ideally, an independent (of the project, but not necessarily an external to the organisation) body or person conducts these types of reviews and the cost for the reviews should be included in the project cost budget. Governance Institute of Australia 25 Project Governance: Accountability and Risk Management Types of reviews include: • project start-up review • business case review • project health check • stage gate review • project closure review • post-project review • benefits realisation review. A review conducted at the end of a project is a useful way of identifying issues and concerns that may be relevant to other projects. These should be recorded in the lessons learnt register and will form part of the organisation’s continuous improvement process. Often projects that have radically gone wrong are audited, but many useful lessons can be gained from reviewing every project. Depending on the needs or requirements of the project steering committee and project sponsor, one or more of the following may be assessed: • Performance against planned outcomes and benefits. • Performance against cost budget. • Performance against schedule baseline. • Performance, quality and/or fitness for purpose of the deliverables. • Effectiveness of the methodologies followed. • Lessons learnt by key stakeholders. • Any other criteria (for example, critical success factors, success measures, etc), as determined by the project steering committee, project sponsor or other funding or governing body. These areas of review can be grouped into four categories. The project steering committee and/or project sponsor may choose either to evaluate all categories or only selected categories. The four categories are: 1. project performance review 2. project deliverable quality review 3. project outcomes and benefits realisation review 4. project management methodology review Providing assistance to the project when required The project steering committee assists the project sponsor business owner(s) and project manager in completing the project by ensuring that the project is adequately resourced and has the backing of people with authority. Project steering committee members should be active advocates for the project’s outcomes and benefits and help facilitate broad support for it. If project steering committee members represent the interests of some or all stakeholder groups, they should facilitate the communication of these interests. They may also help illustrate to stakeholders how the project serves these interests. At times, outside of project steering committee meetings, the project team may also seek the particular knowledge or experience of individual project steering committee members. 26 Governance Institute of Australia Project Governance: Accountability and Risk Management Acceptance of project deliverables Following review and/or acceptance by the project sponsor and/or business owner(s), the project steering committee formally reviews and accepts project deliverables. Once these deliverables have been accepted by the project steering committee, any changes must be formally approved. To achieve this function effectively, project steering committee members must have a broad understanding of project management concepts and the specific approach adopted by the project team. Project steering committee membership For project steering committees to work effectively, the right people must be involved. Project steering committee membership should be based on individuals’ skills and attributes, rather than on their formal roles, and members may maintain membership of a project steering committee even if their role within the organisation changes. However, representatives of important stakeholder groups also should be included. Areas that may need to be represented include: Refer Example - Project Ownerships • Project owner(s) • Application system owner(s) • Process owner(s) • Service owner(s) • Client owner(s) • Vendor owner(s) • Asset owner(s) • Product owner(s) • Data owner(s) Project steering committee meetings A project steering committee meets regularly throughout the lifecycle of a project to keep track the progress of the project. The project manager should attend these meetings to be a source of information for project steering committee members and to be kept informed of project steering committee decisions. Ideally, the project sponsor should chair the project steering committee meetings. The project steering committee has responsibility for the project until the project’s outcomes and benefits are realised. These outcomes and benefits may not be realised until after the project manager and team have completed their involvement. Notes: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Governance Institute of Australia 27 Project Governance: Accountability and Risk Management Figure 9: Empowered project team structure Team Review Board Architecture Consultant Business Leader Infrastructure Co-ordinator Methodology Consultant Project Co-ordinator Project Director Technical Leader Vendor Manager Project Support Group Project Team Business Leader Technical Leader Business Staff Technical Staff Sponsor IC VM (opt) Business Leader Project Review Board Business Leader Methodology Consultant Project Co-ordinator Project Director Technical Leader Sponsor Technical Leader PD Architecture Cons. Inspectors Infrastructure Co-ord. Methodology Consultant Project Co-ordinator Project Director Sponsor Insp. Business Staff Technical Staff Inspectors Business Staff Technical Staff Auditor Vendor Staff Facilitator MC AC Project Co-ordinator Vendor Manager Interested Parties Project Participants Facilitator Project Support Group Project Team The Board Auditors IT Department Customers Supporting Departments Vendors Related Companies Governments Senior Management Stakeholders Interested Parties Project Participants Project Review Board Project Team Team Review Board Illustration Notes: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ 28 Governance Institute of Australia Project Governance: Accountability and Risk Management 5 PROJECT STATUS AND PROGRESS REPORTING 5.1 The need for control There are three dimensions of control that exist within a project, as represented in Figure 10. Figure 10: Three dimensions of control Illustration These three dimensions are interrelated: • A change in scope will invariably have implications for the cost of the project and/or the time it takes. • A reduction in the time available will usually cause a cutback in deliverables, or increased cost of overtime. • Cutbacks to the cost budget of a project will invariably reduce the deliverables of the project. These three dimensions form the basis of reporting on the project against time, cost and delivering the scope of the project. There are usually other aspects that can impact on these three main dimensions (for example, quality, risk and re-use). 5.2 Project status and progress reporting Formalised regular reporting on the status and progress of the project is an integral part of the communications management of the project. The frequency of status and progress reporting as well as format may vary, depending on the size of the project and any special requirements of the project steering committee and/or project sponsor but is usually defined by the methodology being followed. Project status reporting is regular, formalised reporting on the progress of the project against the business case, project management plan and project registers. Usually it is reported by the project manager to the project steering committee, project sponsor or other business owners, depending on the size and management structure of the project. Governance Institute of Australia 29 Project Governance: Accountability and Risk Management In order to make appropriate decisions, the project steering committee, project sponsor and/or business owner needs to be informed properly about the status of the project. The project manager should establish this reporting as part of the management activities for the project. Another purpose for the project status report is to provide an ongoing history of the project, which becomes very useful in terms of tracking progress, evaluating trends and reviewing project compliance. Project status reports form part of the project review processes, both during and after closing of the project. It is extremely important to present this information in a consistent and useable manner. Some form of visual ‘dashboard’ showing ‘traffic lights’ (ie red, amber and green as well as blue indicating ‘not rated’) rating every one of the project management knowledge areas is preferable. Additional information supporting each rating should be supplied as an appendix to the main project status and progress report in such a way that readers only have to read it if they feel compelled to do so. Figures 11 and 12 are illustrations of visual ‘dashboards’. Figure 11: Example of a project status ‘dashboard’ Illustration Notes: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ 30 Governance Institute of Australia Project Governance: Accountability and Risk Management Figure 12: Example of a project status ‘dashboard’ Illustration Generally, the project status and progress reporting content would be structured chronologically as follows. Report header The report header includes the: • project name • project manager • percentage complete • date of report • period covered by the report • overall satisfaction barometer. Project description The project description includes the: • project purpose • project alignment • planned project outcomes and benefits. Project performance The project performance is illustrated using dashboard indicators for: • integration • scope Governance Institute of Australia 31 Project Governance: Accountability and Risk Management • time • cost • quality • human resource • stakeholder • risk • communications • procurement • organisational change (transformation) • configuration management • deliverables. The report would then provide the following information: • Executive summary of project status. • Description of what should have been completed for the last reporting period, together with impacts of any achievement and non-achievement. • Description of what is being done to get the project back on track. • Description of what is planned for the next reporting period. • Decisions required of the project steering committee. • Date of next meeting. The report concludes with appendices, one for each of the ‘traffic lights’, providing: • detailed explanation of status • baseline versus actual versus forecast • information in relation to major items only. The satisfaction barometer, an example of which is illustrated in Figure 13, is a simple device for eliciting, measuring and recording stakeholder satisfaction. It is a number between 1 and 9 that is captured from each stakeholder each month. This tool provides useful ‘soft’ information, and facilitates a targeted, fact-based dialogue with the project sponsor to ensure that the project sponsor remains ‘happy’. Notes: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ 32 Governance Institute of Australia Project Governance: Accountability and Risk Management Figure 13: Project satisfaction barometer The frequency of status reporting will vary, depending on the size of the project and the requirements of the project steering committee and/or project sponsor. Importantly, the project status report forms an integral part of the project, as information for the report is drawn from the project’s project management processes. Meetings should be scheduled regularly to discuss project status and progress, either verbally or based on the written status report. The meetings should be often enough that progress could be reported against a number of milestones since the last meeting. Ideally, the timing for the meetings should be linked to key milestone dates. In addition to regular status reporting throughout the project, end of phase and key milestone reporting should also be performed to inform the project steering committee of the results of a phase. The project steering committee can compare the results in terms of the deliverables, cost and time against its approved baseline for that phase. This enables the project steering committee to commit to future phases with the informed knowledge of performance of the preceding phase. Notes: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Governance Institute of Australia 33 Project Governance: Accountability and Risk Management An example is provided in Table 1. Table 1: Key milestone reporting Milestones scheduled for achievement since last report and performance against those milestones: Baseline Date 1 Estimated Date Advertise RFT for stakeholder communication and organisational change management completed 24 Aug 08 15 Dec 08 Advertising will not now occur until 2009 Draft non-functional requirements completed 31 May 09 31 May 09 31 May 09 Business rules repository completed 31 May 09 31 May 09 31 May 09 Milestone Achievement Milestones scheduled for achievement over the next reporting period and changes in those milestones with respect to the previous schedule: Baseline Date 1 Previous Estimated Date End of day reconciliation process implemented 1 Feb 09 31 May 09 31 Jul 09 Draft use cases completed 31 May 09 30 Jun 09 31 Jul 09 Expression of Interest for the redevelopment of the system released 1 Jul 09 n/a 1 Jul 09 Milestone Current Estimated Date Impact of achievement/non-achievement of milestones for the remaining period of the project: Milestone 1 Impact End of day implemented Implementation date dependent upon related update to system Functional/non-functional business requirements completed Both the business requirements must be finalised prior to issuing an RFT to redevelop the system Business rules extraction from source code completed Finalisation required prior to issuing an RFT to redevelop the system EOI released Delay in the release of the EOI will affect the release of the RFT Baseline dates as outlined in Project Plan 34 Governance Institute of Australia Project Governance: Accountability and Risk Management 5.3 Project scope management Project scope management includes the processes required to ensure that the project includes all the work required, and only the work required, to complete the project successfully. Project scope management is primarily concerned with defining and controlling what is and is not included in the project. The business case establishes the baseline scope for the project and is used to define the project scope statement. This should include clear, documented benefits for the project, defined major deliverables and criteria for their completion. It is important to explicitly define constraints, assumptions, inclusions and exclusions to the scope of the project. The project scope statement provides a common understanding of the project scope among all project stakeholders and describes the project’s outcomes and benefits. It also enables the project team to perform more detailed planning, guides the project team’s work during execution, and provides the baseline for evaluating whether requests for changes or additional work are within the project’s boundaries. The degree and level of detail to which the project scope statement defines what work will be performed and what work is excluded, can determine how well the project management team can control the overall project scope. Managing the project scope, in turn, can determine how well the project management team can plan, manage, and control the execution of the project. The project scope statement should include such items as: • project outcomes • project benefits • work breakdown structure (WBS) – major deliverable scope description – deliverable acceptance criteria – project requirements • project boundaries • project constraints (eg fund limitation) • project assumptions. The project scope statement establishes the baseline for ongoing performance measurement and change control. Two of the most common reasons for projects failing are: 1. not recognising changes and variations 2. not effectively managing changes and variations. Management of changes and variations is a key element of controlling project scope. Effective change and variation management means that all project participants should be encouraged to document proposed changes or variations as they arise — rapid communication, action and feedback reduce risk. Project team members also need to understand the change management process, which should include a comprehensive register for control and communication addressing all outstanding and completed items. Ineffective recognition and/or management of changes and variations is/are a common cause of project difficulties. Without a clearly agreed process, the probability of scope ‘creep’ is dramatically increased, with consequent pressure on time, cost, resource and quality. Governance Institute of Australia 35 Project Governance: Accountability and Risk Management 5.4 Time management Project time management includes the process required to accomplish timely completion of the project. This process addresses activity definition, sequencing, resource estimating, duration estimating, schedule development and control. Defining schedule activities involves identifying and documenting the work that is planned to be performed. This process will identify the deliverables at the lowest level in the work breakdown structure (WBS).Every item (noun) in the work breakdown structure will have one or more activities in the schedule. The project manager must ensure that the structure of detailed work follows phases and activities established in the project methodology and needed to realise the outcomes and benefits, ensuring there is no redundancy between or among detailed work plans. The sequencing of tasks and phases that are interdependent is a critical aspect of time management. Activity plan The schedule should be broken down into phases with detailed work/activity plans and linked to milestones and review points, as illustrated in Figure 14. Figure 14: Activity plan Illustration When creating a schedule, good practice is to split phases into activities and split activities into subactivities. Small activities are easier to estimate and manage than larger phases. Activities should: • usually be no less than one work day • usually be no more than five work days • usually have no more than one resource assigned to perform it. Activities must be defined so that they are: • designed to produce a deliverable as part of an activity • the responsibility of an individual • finite with defined criteria for the start and end • a manageable unit of work • easily understood 36 Governance Institute of Australia Project Governance: Accountability and Risk Management • measurable • be in the form of verb then noun (for example, ‘develop requirements specification’) • not embed contingency (contingency should be shown overtly as separate activities). Milestones must be defined so that they are: • linked to physical completion of a deliverable • do not represent work activity • do not have any resources assigned • liberally placed throughout the schedule • occurring at least one per month • in the form of noun, then past participle (for example, ‘requirements specification completed). When establishing dependencies between activities, project teams should ask ‘What needs to be finished before this activity can start?’ and ‘What activities can start once this one is finished?’ It is recommended that you minimise long strings of dependent activities, and execute activities in parallel where possible and consider gaps and overlaps (this is known as ‘float’ and ‘critical path’). Scheduling should minimise the total elapsed time, while maximising resource utilisation and smoothing resources’ peaks and troughs. Consideration needs to be given to the constraints of activity dependencies and resource availability. This is an iterative process. Base lining involves taking a snapshot of the schedule at the start of the project after developing the schedule, reviewing it and approving it. Throughout the project, actual achievement is recorded and compared against the baseline. Re-base lining should only be undertaken when the project sponsor and/or project steering committee agrees to do so. There are a number of reasons schedules go wrong, including: • bowing to pressure from the project steering committee to bring the project end date forward, without risks being fully understood or mitigated • duration and effort estimates are optimistic • some of the work effort is left out of the schedule • dependencies are not identified correctly • scope creep • insufficient contingency. Many projects don’t have a schedule! Instead, they have external estimated dates and optimistic marketing wishes. 5.5 Cost management Project cost management includes the process involved in planning, estimating, budgeting and controlling costs so that the project can be completed within the approved budget. Project cost management is primarily concerned with the cost of the resources needed to complete schedule activities, together with any procured items or services. However, it should also consider the effect of project decisions on the cost of using, maintaining and supporting the project, service or result of the project. Governance Institute of Australia 37 Project Governance: Accountability and Risk Management When developing a project’s cost budget, consideration of what project resources will be required is necessary. These will typically include: • human — the project team, internal resources and external resources (suppliers, contractors, etc) • equipment — this may range from heavy equipment, to computers, to specialised test instruments and software • material — the materials needed for a project, which may range from USB sticks and stationery to concrete • financial — the support needed to obtain funding and track benefits • contingency – the amount required to address cost estimate risks. On business projects, the most significant costs are usually people-related. When defining the project cost baseline, the project needs to consider: • internal versus external costs • costs with associated benefits, versus costs with no associated benefits • cost sharing with other projects and/or application systems • capital expenditure (CAPEX) versus operating costs (OPEX) • cost contingency provisions • timing of costs • availability of funds • hidden costs • milestone progress payments to suppliers. Costs should be linked to the schedule and resource plans. Estimating schedule activity costs involves identifying activity duration, assigning a resource to the activity and then multiplying the resource’s unit cost rate by the duration to derive the cost of the resources needed to complete each schedule activity. When preparing activity effort and duration estimates: • estimate effort for each activity based on known productivity factors (for example, from a historical data base of past projects) • add effort for support and overhead activities • add time contingency (based on the riskiness of the individual activities and ensuring that float is taken into account as well as not adding contingency on top of contingency) • add resources available • calculate duration • add management and other support time • calculate costs. Earned value technique An established technique for cost performance measurement is the earned value technique, which compares the cumulative value of the budgeted cost of work performed (earned) at the original allocated budget amount, to both the budgeted cost of work scheduled (planned) and to the actual cost of the work performed (actual). This technique is especially useful for cost management, resource management and schedule management. 38 Governance Institute of Australia Project Governance: Accountability and Risk Management Earned value is a project management technique for assessing actual project performance and extrapolating this out to see by how much we will be over or under schedule and cost at the end of the project. It measures what it should have cost us at this point in time versus what it has cost us. It is NOT ‘how much revenue have we billed nor an accrual for revenue billing’. Earned value requires accounting processes to measure budget, forecast and actual costs and percentage complete on a monthly and timely basis. An important part of cost control is to determine the cause of a variance, the magnitude of the variance, and to decide if the variance requires corrective action. The earned value technique uses three basic measurements: 1. planned cost — the budgeted cost of work scheduled (PV) 2. actual cost — the actual cost of work performed (AV) 3. earned value — the budgeted cost of work performed (EV) From these three measurements, four performance metrics are derived: • cost variance = EV–AV • schedule variance = EV–PV • cost performance index = EV÷AV • schedule performance index = EV÷PV. Earned value reporting can be used to graphically present the cost management trends of the project, as illustrated in Figure 15. Figure 15: Earned value versus planned value Planned Value 2/ 08 29 /0 1/ 08 31 /0 2/ 07 31 /1 1/ 07 30 /1 0/ 07 31 /1 30 /0 31 /0 9/ 07 $1,000 $900 $800 $700 $600 $500 $400 $300 $200 $100 $0 8/ 07 Thousands Adaptation Release 5 Earned Value Illustration This earned value chart is similar to, but not the same as charting actual costs versus baseline costs. Governance Institute of Australia 39 Project Governance: Accountability and Risk Management 6 QUALITY AND RISK MANAGEMENT 6.1 Project quality assurance versus quality control Quality in any project is achieved when all deliverables are produced: • according to specifications and standards • to stakeholders’ needs and expectations • fit for purpose (meaning that they can actually contribute to organisational objectives in a sustained and ongoing sense) Achieving a balance between these variables is difficult, but critical to project success. It is impossible to maximise simultaneously the project’s scope, quality, costs and schedule. A project can be completed very quickly and at low cost, but quality will undoubtedly suffer. Similarly, a highquality project can be completed with a tight cost, but the project schedule will be elongated as factors such as overtime and extra high cost resources are kept to a minimum. The project manager’s role is to optimise all three factors. As a means of determining if the users’ needs are being satisfied, quality focuses on three areas: • goals — Is the project achieving its outcomes, benefits and alignment? • methods — Are appropriate methodologies, policies, processes, procedures, check lists, standards, guidelines and templates used effectively during the project lifecycle? • performance — Is the comparison of actual/achievement to baseline/budget a positive experience? Standards are a vital component in satisfying user needs. It is only through effective policies, processes, procedures, check lists, standards and guidelines that the appropriate balance between goals, methods and performance can be achieved. The policies, processes, procedures, check lists, standards and guidelines defined in the project management plan provide the framework for managing quality. By following this, quality becomes an integrated component of the project management process. There is a difference between quality assurance and quality control. Quality assurance is a function that defines, then manages quality. Quality control is the process of measuring deliverables against agreed measures and is far more relevant to evaluating project outcomes. 6.2 Risk management There are always risks associated with a project. Project risk can arise both from the project itself (if conceptually flawed) and, more commonly, its implementation. The purpose of risk management is to ensure levels of risk and uncertainty are properly managed, so that the project is completed successfully. Risk is defined in AS/NZS ISO 31000:2009 as: The effect of uncertainty on outcomes and benefits (such as pre-determined goals) at project (level) As the context is the impact on realising outcomes and benefits, risk management should consider both: • maximising upside (things we can do more effectively) • minimising downside (things that may constrain). 40 Governance Institute of Australia Project Governance: Accountability and Risk Management In undertaking a risk assessment, an important concept is that of assessing gross risk versus net risk: • Gross risk is the rating of a risk without having regard to the project controls and treatment strategies established to manage it. It allows us to understand the importance of each risk to the project (that is, what are the important risks to manage well?) • Net (residual) risk is the rating of a risk after the project controls and treatment strategies in place to manage it have been performed. It allows us to assess the capacity to influence and the effectiveness of controls (in other words, how well are we managing risks and where can we improve?) Risk identification and rating As risks are identified and the potential causes and consequences analysed, each risk is rated on the basis of likelihood (‘probability’) and consequence (‘impact’), in order to determine a risk priority for that risk. The likelihood that the project will be exposed to each specific risk is determined considering factors such as: • anticipated frequency • the external environment • the procedures, tools and skills currently in place • team commitment, morale, attitude • history of previous events. One common likelihood rating scale is as illustrated in Table 2. Table 2: Likelihood rating scale Almost certain 5 Is expected to occur in most circumstances Likely 4 Will probably occur in most circumstances Moderate 3 Might occur at some time Unlikely 2 Could occur at some time Rare 1 May occur only in exceptional circumstances Another common likelihood rating scale is: 0 per cent to 100 per cent. Project risks are assessed in terms of the consequence of their impact on project outcomes and benefits. Indirect financial consequences such as reputation, management effort and productivity are also considerations. In addition, the cost, schedule, resource and quality impacts are considered. The following table can be used to guide the assessment of consequences of each identified risk. One common consequence rating scale is depicted in Table 3. Governance Institute of Australia 41 Project Governance: Accountability and Risk Management Table 3: Assessment of consequences Consequence factors Consequence category Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5) Reputation of project Slight impact/ isolated impact Segmente d incidents Systematic incidents Negative public exposure with significant impact Dramatic undermining of stakeholder confidence Manageme nt/ project governance effort An event, the impact of which can be absorbed through normal activity An event, the consequen ces of which can be absorbed but manageme nt effort is required to minimise the impact A significant event which can be managed under normal circumstan ces A critical event which with proper manageme nt can be endured A disaster with potential to lead to the collapse of the project Productivity Minimal impact Impact < 10% Impact 10%–25% Impact 25%–50% Impact > 50% Impact on project budget < $50k $50k– $100k $100k– $500k $500k– $1.5m >$1.5m Another common consequence rating scale is: 0 -10. Through this analysis the risk priority for each of the identified risks is then calculated by multiplying the consequence and likelihood rankings. The relationship of these factors and the resultant risk rating is demonstrated in Table 4. Table 4: Consequence and likelihood rankings Consequences Likelihood Insignificant Minor Moderate Major Catastrophic Almost certain High High Extreme Extreme Extreme Likely Moderate High High Extreme Extreme Moderate Low Moderate High Extreme Extreme Unlikely Low Low Moderate High Extreme Rare Low Low Moderate High High The risks identified and analysed are documented in the project’s risk register. 42 Governance Institute of Australia Project Governance: Accountability and Risk Management Risks can also be presented in a risk profile with the movement in risks monitored over time as illustrated in Figure 16. Figure 16: Example of a risk profile monitored over time Gross Risk Almost certain 6 1 7 8 2 4 5 10 13 14 21 26 29 12 15 18 22 28 Likelihood Likely Moderate 9 11 23 27 19 20 17 24 25 Unlikely 3 Extreme High Moderate Low 16 Rare Insignificant Minor Moderate Major Catastrophic Consequence Net Risk Almost certain Likelihood Likely Extreme High Moderate Low 6 7 19 3 9 10 11 1 2 4 12 14 17 22 5 13 21 23 26 27 29 8 Moderate Unlikely 20 24 25 15 28 18 16 Rare Insignificant Minor Moderate Major Catastrophic Consequence Governance Institute of Australia 43 Project Governance: Accountability and Risk Management Transition from Gross Risk to Net Risk (Extreme Risks only) Almost certain 1 7 8 Likelihood Likely 7 8 Moderate Unlikely 3 10 26 29 14 2 4 5 10 13 14 21 26 29 1 2 4 5 13 21 3 Extreme High Moderate Low 16 16 Rare Insignificant Minor Moderate Major Catastrophic Consequence Risk management process The main elements of the formal risk management process are described in AS/NZS ISO 31000:2009. Basically, project risks should be identified, documented and analysed to enable risk management actions to be developed, as shown in Figure 17. Figure 17: Risk management process Source: AS/NZS ISO 31000:2009 44 Governance Institute of Australia Project Governance: Accountability and Risk Management ‘Risk treatment’ refers to developing for each of the major risks the following: • Avoidance plan – what are we going to do to ensure that this risk doesn’t materialise? • Mitigation plan – what are we going to do to minimise the consequences and/or the likelihood of this risk? • Contingency plan – what are we going to do when this risk materialises? In addition, there are options to avoid the risk altogether by deciding not to start or continue with the activity (where this is practicable), sharing the risk with another party (for example, with a supplier preferably by mutual consent) or a conscious choice to retain the risk. Treatment options for risks having positive outcomes (opportunities) are similar in concept to those for treating risks with negative outcomes, although the interpretation and implications are clearly different. Risk management actions should consider balancing the costs of performing the risk treatment against the costs that might be incurred if the risk materialises. 7 ENGAGEMENT AND COMMUNICATION 7.1 Stakeholder management It is important to develop an understanding of the values and issues that stakeholders have, in order to address them and keep everyone involved for the duration of the project. If a project does not have the necessary support from those providing resources and those who will be utilising the deliverables, it is unlikely to be successful. The creation of a coalition of interest and support for the project is important. The stakeholders in a project are those individuals or organisations whose interests are impacted by, or who can impact on the interests of, the project. The potential stakeholder community surrounding a project can be difficult to identify because: • It is often a large, diffuse and amorphous series of groups. • The interests of stakeholders are usually so varied. For the purposes of formalised stakeholder management procedures, classifying stakeholders into groups is a useful tool and allows management strategies for like groups to be developed and implemented. It also helps with identifying what the project requires from each group and what actions they should be undertaking. The management strategies adopted may be formal, informal, detailed or broad, depending on the needs and size and complexity of the project. Stakeholder management activities will consume project resources, therefore these activities should concentrate on what will contribute to the project’s success or on where lack of communication will lead to project failure. The nature of someone’s stake in a project will be peculiar to the circumstances of the project. Classification of stakeholders may, and probably will, change as the project progresses. Governance Institute of Australia 45 Project Governance: Accountability and Risk Management 7.2 Stakeholder analysis Those entities that have an interest in a project should be identified and the nature of their interests analysed. To undertake a project without a thorough understanding of every interest that is held in the project is, very risky, and also professionally unacceptable. There are three forms of stakeholder analysis that should be carried out during a project. These include: 1. foundation analysis — performed during project initiation 2. regular updates completed at the end of every phase 3. ad hoc updates carried out whenever events suggest that there has been a change to the stakeholder environment This analysis is best carried out by the project team in consultation with potential stakeholders or representatives of potential stakeholder groups. It includes the following: • Identifying/reviewing all stakeholders. • Analysing the nature of each stakeholder’s interest (or stake). • Categorising/confirming as key and non-key, and prioritising based purely on your own judgments about the ‘importance of the stakeholder’. • Performing/reviewing buy-in analysis for key stakeholders, that is, what is required to engage them in the project and gain their commitment, and how to communicate with them. Stakeholder analysis is used for a variety of purposes, including the following: • Management of change (transformation) — as a precursor to buy-in analysis. • Management of risk — threats are often uncovered (directly or indirectly) from an examination of stakeholders. • Management of issues — analysis of stakeholders is one of the most fruitful sources of major issues for a project. • Project promotion and marketing — knowledge of stakeholders helps focus marketing and promotional activities in support of the project. 7.3 Challenges of engagement Tactics for achieving and sustaining stakeholder engagement and commitment include the following: • Active involvement of all who can impact on or be impacted by, the project in the definition and planning stages. • Support from the project manager for stakeholders who are impacted by, or who can impact on, the realisation of the project’s outcomes and benefits. The project manager should establish credibility and engender trust. Apart from having demonstrable skills, expertise and experience, ways of legitimising actions include: – establishing good personal relationships — expertise alone does not inspire trust and credibility – illustrating that actions are being driven by the needs of the stakeholders and that their needs and requirements are being considered seriously – using the recommendations of consultants, or established formal methodologies, to support the project – involving senior executives as project champions to lend the project authority. 46 Governance Institute of Australia Project Governance: Accountability and Risk Management • Project communication and persuasion — others should be aware of the project and interested in its proposed outcomes and benefits early in the project lifecycle, if their cooperation and involvement are required later. The communication strategy should appreciate differences in separate stakeholder groups and cater for their requirements. 7.4 Communication The two major types of project communications are: 1. project status and progress reporting 2. project organisation change (transformation) communications Communication is a major component of a successful project. The best way to approach communication is to develop a clearly planned approach. Without effective communication, key stakeholders could miss out on vital information and may not understand why change is needed. In large and/or complex projects, all communication takes place in the context of an overall communication strategy. It should involve the organisation’s communications manager or a communication and marketing professional, depending on the nature of the key stakeholders identified, the focus of the project or program of projects and the number of stakeholders needing communications. It is imperative that any project communication strategy that is developed defines the following: • Target audience — think about each stakeholder group and the target audience within it. Determine whether their communication needs are: – mandatory (for example, project status and progress reports, project steering committee and reference group meetings) – informational (for example, forums, project information on website) – marketing purposes (for example, newsletter, one-on-one meetings, presentations on outcomes and benefits, milestone celebrations, project memorabilia). • Research requirements — the need for research will vary with the complexity, cost and nature of the project. Determine what types of research will be required. • Key messages — what are the three or four key points you want stakeholders to understand and act on and/or be aware of? Consider what outcomes and benefits, such as educating, reassuring, informing or consulting, your messages are intended to achieve. • Communication strategies — what are you going to do to get your messages across? (For example, for a large complex project, is a major marketing campaign required? For a small project, is it sufficient to give a presentation to staff that will be impacted by the change?) • Communication mechanisms/tools — which methodology and tool would be most appropriate to implement your strategies? How are you going to get your messages across, and which tools will suit which stakeholders? How will you solicit, obtain and process feedback (that is, communications is two-way) and how will you know that your message is received and understood correctly? • Priorities — who will be responsible for implementing each action and when? • Budget requirements — what are the costs associated with each action, and how much is required and appropriate? • Monitoring and evaluation — whether and to what extent the outcomes and benefits have been realised, and if not, why not? • Distinction between marketing and communication strategies in that: – the communication strategy is aimed at ensuring ongoing commitment and support by all key stakeholders for all aspects of the project Governance Institute of Australia 47 Project Governance: Accountability and Risk Management – the marketing strategy is aimed at ensuring project customers fully utilise the deliverables from the project. While both have an element of ‘selling’, marketing is focused on ‘selling’ the deliverables of the project to the customers. Communication strategies are focused on ‘selling’ the project to the key stakeholders. Remember the following ‘golden rules’: • just the right amount of communications • bad news early • no surprises • bring solutions, not problems • open and honest communications • drive out fear (of retribution or punishment) (7Fs #1) • no blame or fault (it is just so) (7Fs #2) • it is OK to fail (just learn from it) (7Fs #3) • frank communications (don’t hide bad news or dress it up) (7Fs #4) • fearless conversations with senior management (don’t be intimidated by rank) (7Fs #5) • favourites (hot-buttons, barrow-pushing and pet employees) (7Fs #6) • fun (having) (7Fs #7). 8 MEASURING SUCCESS 8.1 Project performance measurement Regardless of the size or complexity of the project, a measurement of the project’s success against well-defined success measures is necessary. Establishing success measures helps with the measurements taken during the project and after the project has finished. These measurements include: • determining whether key success measures are being met • how well managed the project is • whether the specified project deliverables have been completed and/or accepted and the outcomes and benefits realised. Project management involves three stages of measurement as follows: 1. Pre-project measurements which generate the baseline metrics. 2. Measurements taken during the project which reveal whether key success measures are being met. 3. Post-project measurements which reveal whether the completed project has delivered the specified project. 48 Governance Institute of Australia Project Governance: Accountability and Risk Management As a general rule, evaluation of project performance can occur by way of: • an ongoing basis throughout the project by the project manager, project team members and the project steering committee formally and informally assessing the project’s performance • independent (external or internal to the organisation) assessment of project performance by suitably qualified personnel (for example, an external project management consultant or another project manager or a member of the PMO) • a review undertaken at the end of a phase to enable the project steering committee to determine if the project should proceed to the next phase • an external one-off review to determine if the project should continue — this type of review is normally commissioned by the project steering committee if it has concerns whether the project should be aborted • reviews conducted at the end and/or after the project is completed. Establishing baseline metrics It is important to establish pre-project metrics (measurements) for the success measures that will be used to evaluate a project. These metrics should include evaluating how successfully the project was executed, and to what degree the project realised its planned outcomes and benefits. The baseline metrics should be documented in the success measures register, and should include: • planned outcomes • planned benefits • planned success measures • project deliverables • milestones • cost • resources • risks. Determining if a project is in control Project control is the process whereby evaluation is made to determine the degree to which the project management plan is being followed. The focus is on if the project will be a success: • regular re-confirmation that all of the planned outcomes and benefits can be realised. Evaluation can occur: • throughout the project by the project manager, project team members and the project sponsor and/or project steering committee formally and informally assessing the project’s performance on an ongoing basis • by individual (external or internal to the organisation) assessment of project performance by suitably qualified personnel (for example, an external project management consultant or another project manager or a member of the PMO) • by review undertaken at the end of a phase to enable the project steering committee to determine if the project should proceed to the next phase • by external one-off review to determine if the project should continue — this type of review is normally commissioned by the project steering committee if it has concerns whether the project should be aborted. Governance Institute of Australia 49 Project Governance: Accountability and Risk Management For this reason, a project status and progress report should always include reporting against the agreed performance measures for the project, to enable it to monitor effectively the project’s management and progress. Control can be demonstrated by showing the existence of a project management plan (including within it an outcomes and benefits realisation plan), and the satisfactory realisation of the planned outcomes and benefits. Assessing if a project has been or will be successful Each stakeholder on each project may have their own version of success even if success measures have been formally defined. This may change over the project lifecycle. Some common success measures include: • on time • under budget • not using any management reserve • not using any contingency • all planned outcomes realised • all planned benefits realised • agreed quality of deliverables is achieved • deliverables are fit for purpose • conforms to all policies, processes and procedures • stakeholder expectations were respected and managed This type of evaluation is usually conducted at the end of the project. 9 CONCLUSION 9.1 Good project governance Good project governance is not just a subset of good corporate governance — it is also a vital part of an organisation’s risk management and accountability framework. Good project governance means: • establishing effective processes that are followed throughout the project lifecycle • initiating projects with a robust business case • ongoing monitoring of projects and measuring the value received • closing projects that are unlikely to deliver their planned outcomes, benefits and alignment • having an effective project sponsor • proactively managing stakeholders’ perception of your project • proactively managing risk • building quality into the deliverables • formalised, regular project status and progress reporting • measurement of the project’s success against well-defined success measures. 50 Governance Institute of Australia Project Governance: Accountability and Risk Management Now is a perfect time to reflect on your role within the organisation and decide whether you are fully equipped to carry out this important function. Governance Institute of Australia offers a number of professional development courses. Suggested pathways, to attain and consolidate your career qualifications and experience are outlined below: Courses Benefits Individual courses The short courses cover a wide range of topics in governance, risk management and Not-for-profits In half a day gain the essential skills to apply in the workplace to drive responsible performance Improve skills and knowledge in corporate governance and risk management Meet compulsory CPD requirements (for all Governance Institute Certificate members) Short courses For information or to obtain a handbook visit Governance Institute of Australia’s Short courses at www.governanceinstitute.com.au → Learning → Short courses & Certificates → Request Short courses and Certificates handbook Certificates Certificate in Governance Practice – six course requirement which comprises of: Two compulsory course and four elective courses Certificate in Governance and Risk Management – six course requirement which comprises of: Four compulsory courses and two elective course Certificate in Governance for Not-for-Profits – six course requirement which comprises of: Five compulsory courses and one elective course Certificated membership Post nominal GIA(Cert) on successful completion and application for membership Recognition of study – a maximum of two course exemptions for a second certificate Meet compulsory CPD requirements (for all Governance Institute Certificate members) For information or to obtain a handbook visit Governance Institute of Australia’s Certificates in Governance and Risk Management at www.governanceinstitute.com.au → Learning → Short courses & Certificates → Request Short courses and Certificates handbook Post Graduate Certificate or Graduate Diploma (Risk) Graduate Certificate of Applied Risk Management Pass four subjects (or) Graduate Diploma of Applied Risk Management and Corporate Governance Pass six subjects Provides a solid understanding of risk management frameworks and compliance principles at an organisational and global level with practical application in the workplace Associate and Fellow membership Meet compulsory CPD requirements (for all Governance Institute Associate members) For information regarding Governance Institute of Australia’s advanced certificate qualification please visit www.governanceinstitute.com.au → Learning → Postgraduate courses or contact National Education Manager (t) 1800 251 849 (e) education@governanceinstitute.com.au Governance Institute of Australia 51 Project Governance: Accountability and Risk Management Courses Post Graduate Graduate Diploma of Applied Corporate Governance* Pass six subjects Benefits Associate and Fellow membership Post nominal AGIA or FGIA on successful completion and application for membership Meet compulsory CPD requirements (for all Governance Institute members) *You may be eligible to enrol in the Graduate Diploma outside of this pathway For information regarding Governance Institute of Australia’s fully accredited post-graduate qualification please visit www.governanceinstitute.com.au → Learning → Postgraduate courses → Graduate Diploma of Applied Corporate Governance → Request our postgraduate education handbook or contact National Education Manager (t) 1800 251 849 (e) education@governanceinstitute.com.au We suggest you explore Governance Institute’s study options with your chairman, chief executive or director about how this training fits within the framework of your role and your organisation. If you have any further questions please email: training@governanceinstitute.com.au. 10 RESOURCES A crucial part of the role of officers and directors of any organisation is to keep up-to-date with changes in legislation and regulations and current risk management issues and debate. There are a variety of useful resources available examining current risk and risk management topics — including websites, reference books, practice guides, reports and journal articles. Many useful resources are accessible online. The following sections are designed to provide some useful starting points for undertaking independent research into the areas of risk and risk management. 10.1 Legislation and regulators Accessing legislation online • Australian Government, ComLaw, www.comlaw.gov.au • Australian Law Portal, www.lawportal.com.au • Australasian Legal Information Institute (AustLii), www.austlii.edu.au • ACT Government, ACT legislation register, www.legislation.act.gov.au • Government of Western Australia, Western Australian legislation, www.legislation.wa.gov.au • Government of South Australia, South Australian legislation, www.legislation.sa.gov.au • New South Wales Government, NSW legislation, www.legislation.nsw.gov.au • Northern Territory Government, Northern Territory legislation, www.dcm.nt.gov.au • Queensland Government, Queensland legislation, www.legislation.qld.gov.au • Victorian Government, Victorian legislation and Parliamentary documents, www.legislation.vic.gov.au • United States of America Federal Law, The Sarbanes–Oxley Act of 2002 52 Governance Institute of Australia Project Governance: Accountability and Risk Management Regulatory websites • Australian Government, Business, www.business.gov.au • Australian National Audit Office (ANAO), www.anao.gov.au • Australian Prudential Regulation Authority (APRA), www.apra.gov.au • Australian Securities and Investments Commission (ASIC), www.asic.gov.au • Australian Securities Exchange (ASX), www.asx.com.au • Australian Transaction Reports and Analysis Centre (AUSTRAC), www.austrac.gov.au • Queensland Government, Business Continuity Planning Guide, www2.business.qld.gov.au • Queensland Government, ‘Building Business Resilience’, www2.business.qld.gov.au • Safe Work Australia, www.safeworkaustralia.gov.au Legal publishers/legal information providers • CCH, www.cch.com.au – Australian Corporate Practice Manual, CCH Australia (loose-leaf and online). • LexisNexis, www.lexisnexis.com.au – Australian Corporation Practice, (loose-leaf and online, updated five times per year). – Australian Corporation Law: Principles and Practice, (hard copy and online). – Australian Journal of Corporate Law, (hard copy or online). – Butterworths Corporation Law Bulletin (BCLB), (loose-leaf, CD and online). • Thomson Reuters, www.thomsonreuters.com.au – Companies and Securities Law Journal, (hard copy and online). 10.2 Standards and guidelines • ANAO, 2006, Implementation of Programme and Policy Initiatives, Better Practice Guide, pp 17– 21 and 57–74 • APRA, Prudential Practice Guide (Draft), CPG 220 Risk management • APRA, Prudential Standard, CPS 220 Risk management • APRA, Prudential Standard, CPS 232 Business continuity management • AS 8000–2003 Corporate Governance — Good Governance Principles • AS 8015–2005 Corporate Governance of Information and Communication Technology. • AS 4817–2006 Project performance measurement using Earned Value • AS/NZS ISO 31000:2009 Risk management — Principles and guidelines (Note that its predecessor, AS/NZS 4360-2004, is still also a useful source of information) • AS/NZS 5050:2010 Business continuity — Managing disruption-related risk • Association for Project Management, 2004, Directing Change: A Guide to Governance of Project Management (GoPM) • ASX Corporate Governance Council, 2013, Corporate Governance Principles and Recommendations, 3rd edn • COSO, 2004, Enterprise Risk Management - Integrated Framework Governance Institute of Australia 53 Project Governance: Accountability and Risk Management • DR 01845 Draft for Public Comment AS/NZ Standard — Corporate governance of projects involving information technology investment • Office of Government Commerce (UK), 2009, Managing Successful Projects with PRINCE2. • Project Management Institute, 2004, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), 3rd ed. • Project Management Institute, 2012, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), 5th ed. • Tasmanian Government, 2011, Project Management Guidelines (version 7.0). (Includes information on project steering committee roles and functions; stakeholder management and communication; and project reporting and performance measurement.) • ISO 21500:2012, Guidance on project management • HB 141-2011 Risk financing guidelines • HB 203-2012 Managing environment-related risk • ISO Guide 73:2009 Risk management — Vocabulary • ISO/IEC 31010:2009 Risk management — Risk assessment techniques • Victorian Government, Department of Treasury and Finance, 2011, Victorian Government Risk Management Framework, www.dtf.vic.gov.au • Victorian Managed Insurance Authority (VMIA), Risk management — Developing and implementing a risk management framework, www.vmia.vic.gov.au 10.3 • Governance Institute resources Governance Institute of Australia publications (www.governanceinstitute.com.au/publications) – Better Communication Between Entities and Proxy Advisory Services – Continuous Disclosure: Listed Public Companies and Other Disclosing Entities – Corporate Governance and the Company Secretary – Document Management – Duties of Officers and Directors – Effective AGMs – Enhancing Board Effectiveness – Enterprise Risk Management – Managing Conflicts of Interest in the Not-for-Profit Sector – Protecting Company Officers – Public Sector Governance. • Governance Institute of Australia’s Good Governance Guides (www.governanceinstitute.com.au/good-governance-guides) – Issues to Consider When Constituting Audit and Risk Committees. • 54 Governance Directions (journal of Governance Institute of Australia) Governance Institute of Australia Project Governance: Accountability and Risk Management 10.4 Reference books Corporate law • Adams M, 2001, Essential Management Law, 2nd edn, Cavendish Publishing. • Adams M, 2005, Essential Corporate Law, 2nd edn, Cavendish Publishing. • Austin R and Ramsay I, 2012, Ford’s Principles of Corporations Law, 15th edn, LexisNexis. • Baxt R, Fletcher K and Fridman S, 2008, Corporations and Associations: Cases and Materials, 10th edn, LexisNexis. • Griggs L, Clark E and Iredale I, 2010, Managers and the Law: A Guide for Business Decision Makers, 3rd edn, Thomson Reuters. • Harris J, Hargovan A and Adams M, 2013, Australian Corporate Law, 4th edn, LexisNexis. • Terry A and Giugni D, 2005, Business and the Law, 4th edn, Thomson. • Turner C, 2012, Australian Commercial Law, 29th edn, Thomson Reuters. Risk management • Bernstein P, 1996, Against the Gods: The Remarkable Story of Risk, John Wiley & Sons. • Taleb N, 2007, The Black Swan: The Impact of the Highly Improbable, Random House. • Vaughan E and Vaughan T, 2013, Fundamentals of Risk and Insurance, Wiley, 11th edn. • Keel P and Lucas N, 2007, Reputation Matters: A legal guide to risk management in corporate communications, CCH. 10.5 Reports and journal articles • ASIC, 2013, Risk management systems of responsible entities, Consultation Paper 204, pp 1, 36–58. • Drew S A W and Kendrick T, 2005, ‘Risk Management: The Five Pillars of Corporate Governance’, 31 Journal of Management 19. • Farrell J, 2007, ‘New Use For An Accepted Process’, Financial Executive 48. • Fraser J R S, Schoening-Thiessen K and Simkins E J, 2008, ‘A Survey of Enterprise Rick Management Literature’, Journal of Applied Finance 73. • Kappelman L A, Mckeeman R and Zhang L, 2006, ‘Early Warning signs of IT Project Failure: The Dominant Dozen’, Information Systems Management 31. • Helming D and Schanfield A, 2008, ‘12 Top ERM Implementation Challenges’, Internal Auditor 41. • Hunton J E, Wright A M and Wright S, 2004, ‘Are Financial Auditors Over-Confident In Their Ability to Assess Risks Associated with Enterprise Resource Planning Systems?’, 18 Journal of Information Systems 7. • Sumner M, 2000, ‘Risk Factors in Enterprise – Wide Stroke ERP Projects’, 15 Journal of Information Technology 317. • Creedon B, 2011, ‘Protecting your most valuable asset — reputation’, Keeping good companies, May issue, pp 213–217. • Committee of Sponsoring Organisations of the Treadway Commission (COSO), 2004, Enterprise Risk Management — Integrated Framework, Executive Summary, www.coso.org • Department of Finance and Deregulation, 2009, Gateway Review — Lessons Learned, Financial Management Group, 2nd edn. Governance Institute of Australia 55 Project Governance: Accountability and Risk Management • Economist Intelligence Unit, 2007, Best practice in risk management: A function comes of age. • Economist Intelligence Unit, 2007, Business resilience: Ensuring continuity in a volatile environment. • National Institute of Standards and Technology, US Department of Commerce, 2012, Guide for Conducting Risk Assessments, Special Publication 800-30 Revision 1. • Martin L, 2010, ‘Damaged goods’, Keeping good companies, April issue, ICSA International, pp 152–156. • M McPhee I, 2009, ‘Governance and the challenges of whole-of-government initiatives’, Keeping good companies, February issue, pp 18–23. • Walton J, 2005, ‘Ethics: The hardest part of risk management’, Keeping good companies, December issue, pp 668–672. • Van D, 2013, ‘Reputational risk management in the corporate world’, Keeping good companies, May issue, pp 215–220. 10.6 Other resources • Australian Institute of Management, www.aim.com.au • Australian Public Service Commission, www.apsc.gov.au • Centre for Corporate Law and Securities Regulation, www.cclsr.law.unimelb.edu.au • Committee of Sponsoring Organisations of the Treadway Comission (COSO), www.coso.org • CEO Forum Group, www.ceoforum.com.au • Corporate Governance, www.corpgov.net • EBSCO Information Services, www.ebsco.com • European Corporate Governance Institute, www.ecgi.org • Financial Services Council, www.fsc.org.au • Global Association of Risk Professionals, www.garp.org • Global Governance Institute, www.globalgovernance.eu • Governance and Management, www.governance.com.au • Institute of Chartered Accountants Australia, www.charteredaccountants.com.au • Institute of Public Administration Australia, www.ipaa.org.au • International Corporate Governance Network, www.icgn.org • Organisation for Economic Cooperation and Development (OECD), www.oecd.org • Risk Management Institution of Australasia, www.rmia.org.au • SAI Global, www.saiglobal.com • Standards Australia, www.standards.org.au • The Institute of Risk Management (UK), www.theirm.org • UTS Centre for Corporate Governance, www.ccg.uts.edu.au 56 Governance Institute of Australia Project Governance: Accountability and Risk Management POWERPOINT PRESENTATION Project Governance: Accountability and Risk Management © Governance Institute of Australia Ltd This course can be counted as a module towards one of the Governance Institute’s Certificates Project Governance: Accountability and Risk Management Written and designed by: • • David Berechree, Director, KPMG Chris Wells FGIA, Project Director, Infrastructure Energy and Resources Revised by: • • Robert Posener, Managing Director, PMComplete Pty Ltd Damian McKenzie-McHarg, Lawyer and Governance Risk Consultant © Governance Institute of Australia Ltd 1.2 What is the aim of this course? The aim of Project Governance is to overview the elements, objectives and governance priorities of project governance. The key objectives are to: • examine the principles underpinning project governance • explore the key risk areas of scope, time and cost management • identify quality control approaches • assess reporting requirements © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 1 2 Definitions, principles and key elements of project governance © Governance Institute of Australia Ltd 2.1 Corporate governance ‘Governance’ means the method by which an organisation is run or governed, over and above its basic legal obligations. Governance Institute Four critical elements of governance: 1. Transparency 2. Accountability 3. Stewardship 4. Integrity Corporate governance framework should extend to the project activities undertaken in the organisation © Governance Institute of Australia Ltd 2.2 What is a project? A project: • • • • is discrete has a defined start and end point has a specified end product is unique, either in its end product or its environment Outcomes START PROJECT COMPLETE THE PLANNED TASKS END PROJECT © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 2 2.3 Project governance terminology • Critical success factor: the factors that should be in place to ensure that the project will be a success • Issue: a risk… which does not need to be resolved right now …not necessarily by the project team • Task: an activity which needs to be managed • Work breakdown structure: hierarchical list • Change (from requirements) and variation (from the environment © Governance Institute of Australia Ltd 2.4 Project governance principles • There are well-established corporate governance principles in Australia • A range of principles is set out in standards for guidance on project governance: – AS 8015: Corporate governance of ICT – DR 08145: Corporate governance of projects involving IT investments (draft standard) – GoPM: A guide to governance of project management © Governance Institute of Australia Ltd 2.4 Project governance principles (cont) • Project governance = decision-making rights • Guidance on project governance established in Australia, primarily through information and communications technology (ICT) • These principles equally apply to non-ICT projects © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 3 Discussion 1: AS 8015 Six principles for good governance of ICT: 1. Establish clearly understood responsibilities for ICT 2. Plan ICT to best support the organisation 3. Acquire ICT validly 4. Ensure that ICT performs well, whenever required 5. Ensure ICT conforms with formal rules 6. Ensure ICT use respects human factors In teams of three, and: From your experience of ICT projects: • Identify one example where ICT projects faltered or failed • Rank it in order of priority and note the reason Nominate your spokesperson. How well would these principles have assisted your projects? © Governance Institute of Australia Ltd 2.5 What is project management? • Project management is the application of knowledge, experience, skills, tools and techniques to project activities to deliver project outcomes and benefits • It is accomplished through the application and integration of the project management lifecycle and processes: © Governance Institute of Australia Ltd Discussion 2 Project management – what is ‘success’? The term ‘outcome’ infers a changed future. That is, as a result of the project, the [operating system… world… workplace…] is changed. How do you define project success? © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 4 2.6 Project management – what is ‘success’? Are we doing the right projects versus are we doing projects right? Efficiency v Effectiveness © Governance Institute of Australia Ltd 2.6 Project management – what is ‘success’? Project governance seeks to provide answers to some key questions: • • • • • • • How closely aligned are our projects with our business objectives and strategies? Do we clearly understand the value we will receive from our project investment and when we will receive it? What are our major project risks? How do all of our projects impact on each other? Which projects should have priority over others? Which are our underperforming projects? What is our organisation’s capability and capacity to deliver and absorb all of this change? © Governance Institute of Australia Ltd 3 Governance challenges © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 5 3.1 The business case framework Describes justification for the project based on the estimated cost of the project, against the risks and benefits. The business case is expected to include: • an explanation of the reasons • an outline of the options • identification of the benefits • a summary of the major risks • an investment appraisal • an evaluation and final recommendation © Governance Institute of Australia Ltd Discussion 3 – Case study Review the project cycle case example Refer – Workbook/Addendum 2 © Governance Institute of Australia Ltd Discussion 3 - Case study Summary Applying the business case – [6 Principles] After four years of (1) ‘looking at comparable systems readily available’, The Customer Information and Billing System (CIBS) went to (2) international tender. A (3) global financial services provider (a consortium with a key IT provider in the UK) was considered to be the (4) ‘highest-complying tender’ for the $38m system. At 26 months – (5) 12 months after delivery date - the known expenditure had reached $60m and the expected ‘go live’ date moved out 12 months. At 44 months, when the system was declared (6) unworkable, the Auditor General was asked to conduct a report which estimated the final cost at $135m. © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 6 Discussion 3: Summary Six principles for good governance of ICT: 1. Establish clearly understood responsibilities for ICT 2. Plan ICT to best support the organisation 3. Acquire ICT validly 4. Ensure that ICT performs well, whenever required 5. Ensure ICT conforms with formal rules 6. Ensure ICT use respects human factors Discuss how by applying one of the six principles of good governance for this ‘case study’ would have affected the project outcome! Summarise a key process based on the AS1805 principles © Governance Institute of Australia Ltd 3.3 Project Management Plan (PMP) An effective project management plan defines all of the processes that will be followed on the project: • • • • • • • • • • © Governance Institute of Australia Ltd 3.4 Integration management Scope management Time management Cost management Quality management Human resource management Stakeholder management Risk management Communications Procurement Project management office (PMO) PMO is a strategic function where the most common functions are: • • • • • • • • consolidated tracking and reporting of project performance communications ownership of PM policies, processes, procedures, check lists, standards, guidelines and templates (ie, methodology) coordinating interdependencies prioritising projects mentoring project managers mentoring project sponsors community of PM practice PMO should cover a portfolio of projects © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 7 3.5 Project management standards and methodologies PMBOK A standard – if you have this problem, you could do this or that PRINCE2 A methodology – if you are here in the project lifecycle, do this and here is the template Agile Scrum (and others) – mostly for software development Refer: Addendum 1 © Governance Institute of Australia Ltd 3.5 Project management standards and methodologies: PMBOK® A Guide to the Project Management Body of Knowledge (PMBOK® Guide) The PMBOK® Guide is: – – – regarded as the de facto international standard for project management approved as an American National Standard by ANSI published in Australia by Standards Australia The PMBOK® Guide is NOT designed to function as a step-bystep ‘how-to’ book, but rather to identify that subset of the project management body of knowledge that is generally recognised as good practice © Governance Institute of Australia Ltd 3.5 Project management standards and methodologies: PMBOK® (cont) The PMBOK® Guide is organised into three sections: • • • the Project Management Framework, a basic structure for project management the Standard for Project Management of a Project, which specifies all the project management processes that are used to manage a project the Project Management Knowledge Areas, which organises the 44 project management processes into 10 Knowledge Areas © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 8 3.5 Project management standards and methodologies: PRINCE2 PRINCE2 (Projects in Controlled Environments v2): • • • • • recognised as an international PM methodology widely adopted and adapted by both the public and private sectors in many countries, including Australia It is a generic, adaptable, simple-to-follow project management methodology Its focus is on the business case It covers how to organise, manage and control projects in 55 Knowledge Areas © Governance Institute of Australia Ltd 3.5 Project management standards and methodologies: Agile • Agile means disciplined fast-tracking • Agile DOES NOT mean ‘no documentation’ • Its mantra is ‘if it doesn’t add value, don’t do it’ • Organisations must have explicit guidelines for when it is appropriate to use Agile • Employs an empowerment model, but still requires governance © Governance Institute of Australia Ltd 4 Project Structure, Roles, Committees and Functions © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 9 4 Play DVD DVD: Chairman of the Board © Governance Institute of Australia Ltd 4 Governance: At a board meeting … Questions: 1. 2. 3. 4. 5. 6. What went right at the meeting? What went wrong at the meeting? How is the project performing? Who is the project governance committee? Why is the board reviewing this project’s status? Can the status be easily presented to the project governance committee? 7. What is the project meant to achieve? 8. Where is the project at? 9. What is the role of the project governance committee? 10. Why should they be interested in the project? © Governance Institute of Australia Ltd 4 Governance: Back at the board meeting … (Cont) • The board/executive is currently not addressing the issues and is avoiding the problem • Board accountability for the project: – Starts with the business case for the project – Should make clear what it is trying to achieve and the strategic importance of the project – Should state the achievable outcomes, benefits and value to be realised • Clear responsibility is required: – Who is the project sponsor at the board/executive level? – How much effort is being expended by the board? – What is the role of the board/executive? © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 10 4.1 A generic project governance structure © Governance Institute of Australia Ltd 4.2 Project sponsor • A mandatory project role • If there is no project sponsor, the project stops • Usually a member of the executive management • ‘Owns’ the project • Key link between PM and governance © Governance Institute of Australia Ltd 4.2 Project steering committee • Optional – if there is none, then project sponsor performs this role • Questions to consider: – Is it there to ‘steer’ the project (ie, downward-looking)? – Is it there to ‘steer’ the project’s outcomes, capabilities and capacities into the wider organisation and to drive benefits realisation (ie, sideways-looking)? • Primary function: – To take responsibility for the business issues associated with a project, including ultimate responsibility for ensuring outcomes and benefits are realised – Members ensure that these issues are being adequately addressed and the project remains under control © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 11 4.3 Project steering committee role and functions Responsibilities of the steering committee include: • • • • • • approval of changes and variations to the project and its supporting documentation monitoring and review of the project’s performance providing assistance to the project when required resolving conflicts between project and other projects as well as the wider organisation formal acceptance of project deliverables making required decisions in a timely manner © Governance Institute of Australia Ltd 5 Project Status and Progress Reporting © Governance Institute of Australia Ltd 5.1 The need for control Three dimensions of control: © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 12 5.2 Project status and progress reporting Project status and progress reporting: • • • Regular, formalised reporting on the progress of every project Measured against the business case Reported by the project manager to the project steering committee, project sponsor and other interested parties (eg PMO and business unit heads) Key points: • • Keep the report focused, perhaps using graphical dashboards Report on/against physical milestones, NOT on percentage of work completed • Frequency of status reporting scheduled regularly (eg monthly) • End of phase and key milestone reporting prior to commencement of future phases (at gateway reviews) *As highlighted by the board in the DVD! © Governance Institute of Australia Ltd 5.2 Project status and progress reporting (cont) Typical content might be: Report header: • Project name • Project manager • Percentage complete • Date of report • Period covered by the report • Overall satisfaction barometer Project description: • Project purpose • Project alignment • Planned project outcomes and benefits © Governance Institute of Australia Ltd 5.2 Project status and progress reporting (cont) Project dashboard for: • • • • • • • Integration Scope Time Cost Quality Human resource Deliverables • • • • • • Stakeholder Risk Communications Procurement Organisation change (transformation) Configuration management © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 13 5.2 Project status and progress reporting (cont) Timely and accurate information Requires standards as to what constitutes red, amber, green and blue © Governance Institute of Australia Ltd 5.3 Project scope management The business case establishes baseline scope: • Defines the ‘project boundaries statement’ • Defines major deliverables together with criteria for completion/acceptance as well as roles (RASCI) • Explicitly defines: - all constraints - all assumptions - all inclusions - all exclusions (with reasons why excluded) • Establishes the baseline for ongoing performance measurement and change control © Governance Institute of Australia Ltd 5.3 Project scope management (cont) • Ineffective recognition and/or management of changes and variations is a common cause of project difficulties • Without a clearly agreed process, the probability of ‘scope creep’ is dramatically increased, with consequent pressure on time, cost, resources and quality • It’s the variations that are often missed © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 14 5.4 Time management © Governance Institute of Australia Ltd 5.4 Time management The Project Manager must ensure that: • • • • © Governance Institute of Australia Ltd 5.4 the structure of detailed work follows phases and activities established in the project methodology and needed to realise the outcomes and benefits there is no redundancy between/among detailed work plans there are established interdependencies between activities as well as other projects activities are defined so they are: - designed to produce a deliverable - the responsibility of a single individual - finite, with defined criteria for their start and end - a manageable unit of work - easily understood - measurable against physical delivery Time management (cont) Making the schedule real: • Maximum activity duration should be no longer than the project team’s review cycle (eg one week) • There should be at least one milestone per month • Sequencing and interdependency of tasks • The critical path needs to be identified and rigorously managed by the project manager © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 15 5.5 Cost management Costs will typically include the following: • • • • • Human: the project team, internal resources and external resources (suppliers, contractors, etc) Equipment/Infrastructure: this may range from heavy equipment to computers to specialised test instruments and software Material: the materials needed for a project, which may range from USB sticks and stationery to concrete Financial: the support needed to obtain funding and track benefits Contingency: the amount included to address cost estimate risks. For business projects, the most significant costs are usually people-related. © Governance Institute of Australia Ltd 5.5 Cost management (cont) When defining the project cost budget, consider: • • • • • • • • • internal versus external costs costs with associated benefits versus costs with no associated benefits cost sharing with other projects/systems CAPEX versus OPEX cost contingency provision timing of costs availability of funds hidden costs milestone progress payments to suppliers Link the costs with the schedule and resource plans © Governance Institute of Australia Ltd 5.5 Cost management (cont) Earned value analysis: • • • Planned cost — the budgeted cost of work scheduled (PV) Actual cost — the actual cost of work performed (AV) Earned value — the budgeted cost of work performed (EV) From these three measurements, four performance metrics are derived: 1. Cost variance = EV–AV 2. Schedule variance = EV–PV 3. Cost performance index = EV÷AV 4. Schedule performance index = EV÷PV © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 16 6 Quality and Risk Management © Governance Institute of Australia Ltd 6.1 Project quality assurance versus quality control GOALS Satisfied needs METHODS PERFORMANCE © Governance Institute of Australia Ltd 6.1 Project quality assurance versus quality control (cont) Key quality concepts Goals • Achievement of quality must be • Is the project (going to) planned. achieve its planned outcomes and benefits? • Quality stems from quality assurance and quality control Methods • Quality assurance is a function that • Is an appropriate defines then manages quality methodology being used effectively during • Quality control is the process of the project lifecycle? measuring metrics against agreed measures Performance • Comparison of actual to baseline? © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 17 7 Engagement and Communication © Governance Institute of Australia Ltd 7 Engagement and communication Three things you can rely on: 1. Projects rely on people 2. People resist being changed 3. The people aspects of projects are the hardest to manage Stakeholders’ perception of your project will determine how successful it is. © Governance Institute of Australia Ltd 7.1 Stakeholder management • Stakeholders are those individuals or organisations whose interests are impacted by, or who can impact on the interests of, the project classifying stakeholders ,anagement strategies adopted may be formal, informal, detailed or broad, depending on the needs, size and complexity of the project © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 18 7.2 Stakeholder analysis Nature of the interest: • identify • analyse • categorise For management of: • change • risk • issues © Governance Institute of Australia Ltd 7.4 Communication Develop a clearly planned approach: • Target audience — What are their communications needs? Key messages — What are the three or four key points you want stakeholders to understand and act on or be aware of? Communications strategies — What are you going to do to get your messages across? Communications mechanisms/tools — Which method/tool would be most appropriate to implement your strategies? • • • © Governance Institute of Australia Ltd 7.4 Communication (cont’d) • • • Priorities — Who will be responsible for implementing each action and when? Budget requirements — What are the costs associated with each action, how much is required and appropriate? Monitoring and evaluation — Whether and to what extent the outcomes and benefits have been achieved, and if not, why not? Communicate, communicate, communicate © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 19 8 Measuring Success © Governance Institute of Australia Ltd 8 Measuring success Performance measurements include the following: • • • Are key success measures being met? How well managed is the project? Have the specified project deliverables been completed/accepted and the planned outcomes and benefits realised? Three stages of measurement: • • • Pre-project measurements to generate baseline metrics During the project to assess against success measures Post-project to determine the success of the project © Governance Institute of Australia Ltd 8.1 Project performance measurement Potential baseline metrics include: • • • • • • • • outcomes benefits schedule (phases and milestones) resources costs defects risks communications delivered Business case defines outcomes and benefits, with scope, time, resources and costs © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 20 8.1 Project performance measurement (cont) Determining if a project is in control: • Is the methodology being followed appropriately? Are project registers being updated on a regular basis (and not just before project reviews) Do the success measures look like being realised? Are project thresholds within agreed tolerances? Regularly reconfirm that the planned outcomes and benefits can be realised • • • • The project is out of control if you can’t cancel it © Governance Institute of Australia Ltd 8.1 Project performance measurement (cont) Assessing if a project has been, or will be, successful Post-project review: • Project performance review: - • • what went right? what went wrong? what can we learn? Project output quality review Project management methodology review Benefits realisation review: - project outcome/benefit realisation review © Governance Institute of Australia Ltd 9 Conclusion Good project governance: • • • • • Establishes effective policies, processes and procedures that are followed throughout the project lifecycle Initiates projects with a robust business case Ensures support by a comprehensive project management plan and associated project registers Implements ongoing monitoring of projects and measurement of the value received Terminates projects that are unlikely to deliver planned outcomes, benefits and/or alignment © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 21 9 Conclusion (cont) • • Engages an effective project sponsor Proactively manages stakeholders’ perception of your project Proactively manages risk Proactively manages quality Uses formalised, regular project status and progress reporting Measures the project’s success against well-defined success measures • • • • © Governance Institute of Australia Ltd 10 • • • • • • Resources Legislation and regulators Standards and guidelines Reference books Reports and journal articles Industry and professional associations Governance Institute technical resources (see www.governanceinstitute.com.au) © Governance Institute of Australia Ltd Other Governance Institute courses • For further related content, see the following Governance Institute courses: – – – – – – Governance Essentials Assessing Analysing and Treating Risk Meeting Compliance Requirements Risk Management Frameworks Business Continuity and Reputation Risk Not-for-Profit Officers, Directors and the Board © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 22 In-house training? • In-house training – – – – – – Customised to your organisation’s specific needs Meet with your board, executives and staff Choice of half and full day courses Held at your premises You choose the time Cost effective © Governance Institute of Australia Ltd Thank you for attending Project Governance: Accountability and Risk Management © Governance Institute of Australia Ltd Project Governance Governance Institute 2015 23