P3M3™ Assessment Report Department of Finance and Deregulation P3M3™ Assessment Report Version 1.2 Updated Thursday, 30 September 2010 Authors: Robert Way DoFD & TANNER JAMES . Classification Commercial In Confidence Document Control Confidentiality Statement COMMERCIAL IN CONFIDENCE documents are to be kept confidential between restricted individuals within Tanner James Management Consultants and partnering organisations. In this case the Australian Government. This document is uncontrolled if printed. Page 2 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES Contents Executive Summary ................................................................................................................... 4 1 Purpose .............................................................................................................................. 8 2 Scope ................................................................................................................................. 8 2.1 2.2 2.3 2.4 3 Current P3M3™ Ratings .................................................................................................. 11 3.1 3.2 3.3 3.4 4 Maturity Summary.................................................................................................. 11 Portfolio Management Maturity Description .......................................................... 12 Programme Management Maturity Description ..................................................... 14 Project Management Maturity Description ............................................................ 17 Recommended Target P3M3™ Ratings .......................................................................... 20 4.1 4.2 4.3 5 Inclusions ................................................................................................................. 8 Exclusions ................................................................................................................ 9 Assessment Background ......................................................................................... 9 Assessment Approach ........................................................................................... 10 Portfolio Management – Target Rating 2 recommendations ................................. 21 Programme Management – Long term Target Rating 3 recommendations .......... 25 Project Management – Target Rating 3 recommendations ................................... 27 Maturing of Specific Attributes ......................................................................................... 30 5.1 5.2 5.3 Portfolio Management – Level 1 to Level 2 ........................................................... 30 Programme Management – Level 2 to Level 3 ..................................................... 31 Project Management – Level 2 to Level 3 ............................................................. 33 Appendix A –Overview DoFD Portfolio of ICT Enabled Change ............................................. 35 Appendix B – P3M3™ Overview .............................................................................................. 36 Page 3 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report EXECUTIVE SUMMARY The Department of Finance and Deregulation (DoFD) has conducted an independently validated P3M3™1 Self-Assessment of DoFD’s ICT-enabled change portfolio and constituent programmes and projects. This is a mandatory requirement of the ICT reforms extending from the Review of the use of ICT in Government (Gershon, 2008). The assessment was conducted during June and July of 2010. The assessment team comprised Robert Way of CIO Division and John Howarth, registered P3M3 consultant at TANNER JAMES. TANNER JAMES was contracted to provide specialist expertise for conducting the assessment and to promulgate legitimacy for the independent validation of the assessment process. The following P3M3™ Ratings have been derived from that assessment by way of interviewing selected DoFD staff and reviewing documentation in terms of both centrally defined guidance for management practices and information from programmes and projects. Seventeen individuals were interviewed and many documents were considered to assess the maturity of Portfolio, Programme and Project management practices. Documentary evidence from committees and boards included meeting minutes, terms of reference, guides and management and operations manuals. Documents from individual programmes and projects were examined and the Finance IT Governance Guide and FeSG Project Management Methodology were examined in detail. DoFD’s current P3M3™ rating for ICT-enabled change management is: Current Rating 1 in the Portfolio Management sub-model. DoFD Executive committees are establishing controls that will enable the ICT change portfolio to be directed and prioritised according to their requirements. Some aspects, such as Benefits Management, Resource Management and Stakeholder Management are currently not defined and managed consistently; Current Rating 2 in the Programme Management sub-model. DoFD does not formally recognise programmes, however, it is evident small groups have some documented controls and skilled resources. Overall, there is insufficient organisational guidance for key programme concepts such as programme risk management, benefits management and future state definition and management; and 1 P3M3 is a Registered Trade Mark of the UK Government’s Office of Government Commerce. Page 4 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Current Rating 2 in the Project Management sub-model. DoFD ICT units ensure that each project is managed according to the various Project Management Frameworks, however, business areas do not apply a common DoFD framework consistently. Overall, there is inconsistent application of organisational guidance, and the current framework lacks detail in key concepts such as project benefits management and resource management; Finance today is a product of numerous agency amalgamations and receipt of new responsibilities which have been absorbed as a result of Government policy changes. Our operation could be described as an organised federation of service tranches. While this arrangement allows for subject matter specialisation, it lacks elements such as ‘sharing to create efficiencies’ and ‘coordinated approaches to boost the effectiveness’ of programme and project benefits. This shortfall was identified in this assessment and is reflected in the attained ratings. In order to successfully address these challenges and maintain a high standard of delivery for our existing responsibilities, we will need to do more to coordinate the resources that we have - that is, being more efficient and effective at what we do by changing the way we approach it. Coordinated management of ICT-enabled change is key in allowing us to improve our effectiveness and efficiency and continuously progress the Department to success in addressing our current and future responsibilities. Strong ICT portfolio management will ensure all ICT investments are strategically aligned and create measurable value having been consciously scrutinised on a cost-risk-benefit basis. The assessment team recommends that DoFD: set a longer term P3M3 target rating of 3 for both Project Management and Programme Management; Portfolio Management should be targeted for a 2 or higher rating; and A Capability Improvement Plan (CIP) is developed, endorsed and funded by the executive. DoFD should target level 3 maturity in Project Management because: There is a substantial investment in the Project Management Framework (FeSG PMM) that is not delivering its potential benefits. This is largely due to lower PMM usage in Business areas as opposed to ICT areas; and Improvement in the FESG PMM and its use will increase the likelihood of project benefit success from the many projects run by the organization. DoFD should target level 3 maturity in Programme Management and a 2 in Portfolio management because: DoFD undertakes a small number of large and often risky initiatives; and The people who are governing and managing these initiatives have to work out the processes for doing so without the benefit of a centrally defined framework that also addresses key differences between programme and project management. DoFD as a lead agency and home to AGIMO and the ICT review change program, would want to act as an exemplar of better practice in this area; and, ensure all ICT investments are strategically aligned and create measurable benefit . The investment to lift the organisation’s programme management capability could be funded from the next large programme initiative DoFD undertakes. Page 5 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report DoFD P3M3 Sub-model Perspectives rating charts: Portfolio Management – current rating 1 Programme Management – current rating 2 Page 6 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Project Management – current rating 2 P3M3 scoring can be expressed by the following descriptors (see the appendix for further information): 1. Awareness process; Organization recognizes portfolio/programme/projects but has little structured approach to conducting them 2. Repeatable process; Some areas beginning to use standard approaches but no consistency across the organization 3. Defined process; A consistent set of standards being used across the organization with clear process owners 4. Managed process; The organization monitors, measures and improves its delivery processes based on evidence or performance based information 5. Optimized process; Organization focuses on optimization of its quantitatively managed process taking into account changing business needs & external factors. Anticipates future capacity & capability requirements. Terminology: Benefit: the measurable improvement resulting from an outcome perceived as an advantage by one or more DoFD stakeholders. Portfolio: the totality of DoFD’s investment (or segment thereof) in the changes required to achieve its strategic objectives. Programme: a temporary, flexible organisation created to coordinate, direct and oversee the implementation of a set or related projects and activities in order to deliver outcomes and benefits related to DoFD’s strategic objectives. Project: a temporary organisation that is created for the purpose of delivering one or more DoFD business outputs according to a specified business case. Page 7 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 1 PURPOSE The purpose of this assessment report is to: Report upon an independently validated P3M3™ Self-Assessment for DoFD’s ICTenabled initiatives covering Portfolio, Programme and Project Management maturity assessment; Document DoFD’s current P3M3™ Ratings; Document the assessment team’s recommended target P3M3™ ratings; Provide visibility of the statements which would have to be judged as true regarding DoFD’s ICT-enabled change initiatives to achieve the P3M3™ Ratings recommended by the assessment team; and Document the assessment team’s thoughts on specific management attributes that could be addressed in improving DoFD’s capability maturity. 2 SCOPE 2.1 Inclusions The P3M3™ assessment covered the portfolio, programme and project activities across ICTenabled change within DoFD. This included sampling sufficient ICT programmes and projects to create a representative sample set for the DoFD ICT change portfolio. The DoFD P3M3 assessment scope/context diagram: Page 8 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report The work covered both ICT and Business run projects and programmes. In total seventeen staff were interviewed, noting that the original plan was to interview around twenty people. The variances from the original plan included: One person, engaged in the programme sub-model took unexpected personal leave; One project manager was unavailable during the interview process due to early retirement; and A contractor involved in a project had ceased with the organisation. The assessment team concluded that variances in the sample set would not compromise or materially change the assessment. 2.2 Exclusions The following aspects of DoFD program/project management have been excluded from this assessment: Property & Construction Division facilities projects due to the construction specific management practices and fact they are not deemed to be specifically ICT enabled. DoFD Policy implementation initiatives on the basis that their dependency upon ICT is largely routine deployment and use of existing ICT infrastructure and applications. These initiatives are not dependent upon change in ICT. . 2.3 Assessment Background This P3M3™ assessment has been triggered in response to the Government’s directive that Commonwealth Government agencies undertake P3M3™ maturity assessments and plan for improvement of their capability to realise benefits from ICT-enabled initiatives. Agency Page 9 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report assessment reports, validation statements and capability improvement plans are to accompany all ICT related New Policy Proposals (NPPs) from December 2010. 2.4 Assessment Approach Prior to conducting interviews, the assessment team made an assessment of current documentation of management processes to gain initial understand of what was and wasn’t documented as well as a view of how initiatives (portfolios, programmes and projects) should be managed. At the conclusion of interviews documentation for specific initiatives was reviewed on-line and in print form. For this assessment DoFD’s entire scope of ICT-enabled change was treated as a single Portfolio. Interviews were conducted with individuals in the roles of Portfolio Director and Investment Committee Member (Executive Board and ITGC members). Interviews were conducted with individuals at the programme and project levels. These included Project board members, programme and project sponsors, project and project managers and project office director. The assessment team spent approx 120 hours effort in; The assessment of process documentation including the: o DoFD Project Management Methodology (FESG PMM) Manual 2008 v2; o DoFD Governance Guide 2008Version 1; o intranet site, and; o various board and committee meeting minutes. Interviewing DoFD staff to assess application of portfolio, programme and project management; Reviewing evidence of management practices from the change portfolio and individual projects and programmes; and Reviewing previous reports from internal audits as requested by DoFD staff, specifically: o Internal Audit. Section 3 details the current P3M3™ rating attained from assessment of information gathered from interviewing seventeen individuals across DoFD and an analysis of relevant process documentation. A description is provided from OGC’s P3M3™ model for each score attained. Section 4 details the P3M3™ model statements that are currently true and the statements that would have to be rendered true for DoFD to achieve the target P3M3™ ratings recommended by the assessment team for Portfolio, Programme and Project Management. Section 5 documents the assessment team’s thoughts on specific management attributes that could be addressed in improving DoFD’s capability maturity. These attributes underpin the “statements that would have to be rendered true” from Section 4. Note : The Capability Improvement Plan (CIP) associated with this assessment, documents DoFD’s target P3M3™ ratings and how DoFD intends to achieve those ratings. Page 10 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 3 CURRENT P3M3™ RATINGS 3.1 Maturity Summary Sub-model Score Management Control Benefits Management Financial Management Stakeholder Management Risk Management Organisational Governance Resource Management Generic Attributes Score Process Perspectives Portfolio Management 1 2 1 3 1 2 3 1 2 Programme Management 2 2 2 2 2 2 2 2 2 Project Management 2 2 2 3 2 3 3 2 2 Portfolio Management Sub-model Level 1 - DoFD Executive committees are establishing controls that will enable the ICT change portfolio to be directed and prioritised according to their requirements. Some aspects, such as Benefits Management, Resource Management and Stakeholder Management are currently not defined and managed consistently. Programme Management sub-model Level 2 -DoFD does not formally recognise programmes, however, it is evident small groups have some documented controls and skilled resources. Overall, there is insufficient organisational guidance for key programme concepts such as programme risk management, benefits management and future state definition and management. Project Management sub-model Level 2 - DoFD ICT units ensure that each project is managed according to the various Project Management Frameworks, however business areas do not apply a common DoFD framework consistently. Overall, there is inconsistent application of organisational guidance, and the current framework lacks detail in key concepts such as project benefits management and resource management. Page 11 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 3.2 Portfolio Management Maturity Description Below are the key observations made by the assessment team during the Portfolio Management assessment. Following the observations are descriptions for each P3M3™ “process perspectives” (seven of) and “generic attributes” (six of). Key Observations DoFD does recognise the need for, and have implemented governance arrangements to guide and oversee investment decisions. While portfolio management discipline exists within the agency, this is not part of a comprehensive and consistent organisation-wide approach to the management of all ICT change initiatives (projects and programmes) as a prioritised and integrated set of IT investments that drive the realisation of planned and documented benefits. While DoFD focuses on financial management, risk management and process within portfolio management, it is not balanced equally focussing on benefits and portfolio coordination of ICT investments and change. We could be stronger in promoting understanding of the differences in running the business (‘business as usual’ ) to changing the business (programme and change management) ie investment management. This would encompass developing a more top-down approach to controlling ICT programs and projects. DoFD is missing the benefit of having strong ICT portfolio management that will ensure all ICT investments are strategically aligned and create measurable value through having been consciously scrutinised by the portfolio executive in light of; total cost vs risk vs benefit. Management Control (Level 2) There are some pockets of portfolio discipline within individual departments, but this is based on key individuals rather than as part of a comprehensive and consistent organization-wide approach. Benefits Management (Level 1) There is a recognition that initiatives may exist within the organizational and divisional portfolio to enable the achievement of benefits for the organization. However, this does not translate into a defined benefits realization process. Financial Management (Level 3) There are established standards for the investment management process and the preparation of business cases. Portfolio investment costs are monitored and controlled. Stakeholder Management (Level 1) Stakeholder management and communication is rarely used by portfolios as an element of the delivery toolkit. Risk Management (Level 2) There is generally a top-down approach to risk identification, focusing on major organisational initiatives, but some initiatives are increasingly carrying out bottom-up risk identification. However, these approaches are inconsistent, not particularly interrelated and often do not address the actual management of risks. Organisational Governance (Level 3) Centrally defined organisational controls are applied consistently to the portfolio(s), with decision-making structures in place and linked to organisational governance. Resource Management (Level 1) Portfolio resource requirements are recognized but not systematically managed. Resource allocation is ad hoc, with little, if any, profiling of resources to meet the resource requirements of specific initiatives. Page 12 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Generic Attributes Score Level 2: Roles & Responsibilities. Level 2 is defined as: roles, responsibilities and competencies defined in some areas but not consistently across the organisation. Experience in Portfolio Management. Level 2 is defined as: key individuals may have practical delivery experience and track record. Capability development. Level 3 is defined as: training is focused on the organisation’s approaches and raising competence of individuals in specific roles. Forums exist for sharing organisational experience to improve individual and organisational performance. Planning & estimating processes. Level 2 is defined as Planning seen as activity tracking rather than proactive/forecasting. Estimation is more “guesstimation” and does not use standard techniques Information & documentation. Level 3 is defined as: Information has a refresh cycle or is regularly accessed. Formal information release management procedures Organization-wide information standards on confidentiality, availability and integrity. Scrutiny & review. Level 3 is defined as: independent reviews take place. Scrutiny largely for compliance reasons, identifying failures rather than opportunities for improvement. Page 13 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 3.3 Programme Management Maturity Description Below are the key observations made by the assessment team during the Programme Management assessment. Following the observations are descriptions for each P3M3™ “process perspective” (seven of) and “generic attribute” (six of). Key Observations – Programme Management specific There is no portfolio guidance on what constitutes a programme vs a project. A conscious choice needs to be made to effectively manage the investment. DoFD doesn’t have a programme management framework. Individuals running programmes inconsistently use their own home grown or framework based methods to varing degrees of success. There is confusion about the use of the terms “program” and “programme” in terms of their meaning and their implications for management processes and governance. The role of Programme Manager is not defined in the DoFD ICT Governance Committee Guide or the FESG PMM. Many of the key principles of Programme Management, including visioning, blueprinting, transition and benefits management, are not included in the FESG PMM and, hence, are not applied consistently. Some programmes are applying these principles however this is driven by individual experience and initiative rather than any DoFD framework. Successful delivery of programmes is highly dependent upon a small pool of skilled and experienced managers who are determining their own management processes. These individual processes are not consistent and the FESG PMM does not capture their good practices. DoFD would benefit from sharing principles adopted within the few areas successfully practicing programme management. Key Observations – Programme and Project Management DoFD has little to no published guidance on programme management (i.e. the FESG PMM is project specific) The agency needs to decide if programme and project management should be centrally guided or Group specific guidance is developed. Centrally managed provides more benefits. There is no guidance on what initiative should be managed as a programme as opposed to a project. There was little evidence that the approval to proceed with programmes and projects took into account the existing workload and capacity for additional work. The business case ledger would be better balanced if benefits management and stakeholder management received the same high degree of diligence as financial management. Guidance is required to assist programme managers on establishing the right steering committees at the right level. Having the right steering committee will ensure the relevant probing questions are examined during scoping and delivery phases of programs and projects. The FeSG Project Office (CPO) staffing is very limited leaving little capability and capacity to proactively support DoFD programmes and projects or develop and disseminate strong organisation wide practices. Page 14 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Management Control (Level 2) Some general understanding exists of the concepts of programme management and its control mechanisms but adoption is localized. Benefits Management (Level 2) Benefits are recognised as an element within programme business cases. There may be some documentation regarding who is responsible for particular benefits and their realisation, but this is unlikely to be followed through or consistent. Financial Management (Level 2) Programme business cases are produced in various forms and the better and more formal cases will present the rational on which to obtain organisational commitment to the programme. Overall cost of the programme is not monitored or fully accounted for. Stakeholder Management (Level 2) Some programmes will be communicated to stakeholders, but this is linked more to the personal initiative of programme managers than to a structured approach being deployed by the organisation. Risk Management (Level 2) Risk management is partially recognized and used on some programmes, but there are inconsistent approaches within and between programmes, which result in different levels of commitment and effectiveness. Organisational Governance (Level 2) Programme management from an organisational perspective is beginning to take shape but with ad hoc controls and no clear strategic control. Roles and responsibilities will be inconsistent, as will reporting lines. Resource Management (Level 2) Resources are being deployed across the organisation and individual programmes have an approach to resource acquisition, planning or management. However there is little evidence of consistency of approach Page 15 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Generic Attributes Score Level 2 Roles & Responsibilities. Level 1 is defined as: No standard roles, and responsibilities are not defined or are generic. Experience in Programme Management. Level 2 is defined as: Key individuals may have practical delivery experience and track record. Capability development. Level 1 is defined as: Training provision is uncoordinated, with little or no knowledge sharing. Planning & estimating processes. Level 2 is defined as plans exist but are not underpinned by consistent development methodology, yet may still be effective locally. Planning seen as activity tracking rather than proactive/forecasting. Estimation is more ‘guesstimation’ and does not use standard techniques. Information & documentation. Level 2 is defined as focus on documentation during start-up and definition, but not maintained over initiative’s life cycle. Localised information structures, with some information sharing between teams. Limited localised information controls, with no formal release management arrangements. Scrutiny & review. Level 2 is defined as: Local reviews, with some corrective actions undertaken within the group. Page 16 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 3.4 Project Management Maturity Description Below are the key observations made by the assessment team during the Project Management assessment. Following the observations are descriptions for each P3M3™ “process perspective” (seven of) and “generic attribute” (six of). Key Observations – Project Management specific ICT projects are generally vertically stove-piped with the organisation’s structure. There are advantages in managing ICT investments as horizontal to the organisation structures. There is no organisational mandate to use a common project management approach, nor an organizational recognized approach (framework). There are significant differences in the way Business and ICT areas manage projects and project funds. There needs to be more guidance to the establishment (thresholds etc) and use of the ‘project boards’ and the Project Board. The FESG PMM and other elements of the ICT change governance process are seen to be not as comprehensive for higher risk or larger projects as required. Managers recognize IT has a significantly reduced budget, however, have the view that the Project Office lacks capacity, and there is a lack of support capacity. There is limited attempt to focus on benefits or stakeholder management or promote use of techniques to map them. Planning for transition into operational use is suffering due to a lack of attention to resource management and the cost of on-going support of the change at the end of a project. Management Control (Level 2) The concepts of project management will have been grasped by some within the organisation, and there may be local experts, such as experienced project managers working on key projects. Benefits Management (Level 2) Benefits are recognised as an element within project business cases. There is some documentation on who is responsible for particular benefits and their realisation. Financial Management (Level 3) The organization will have established standards for the preparation of business cases and processes for the management of business cases throughout the project life cycle. Project managers will monitor costs and expenditure in accordance with organizational guidelines and procedures, with defined interfaces with other financial functions within the organization. Stakeholder Management (Level 2) Projects will be communicating effectively, but this is linked more to personal initiative of programme and project managers than a structured approach being deployed by the organisation. Risk Management (Level 3) Project risk management is based on a centrally defined process that is cognizant of the organization’s policy for the management of risks. Page 17 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Organisational Governance (Level 3) Project management from an organizational perspective is beginning to take shape but with ad hoc controls and no clear strategic control. Resource Management (Level 2) Resources are being deployed across the organisation and individual projects have an approach to resource acquisition, planning or management. However there is little evidence of consistency of approach. Generic Attributes Score Level 2 Roles & Responsibilities. Level 3 is defined as: roles, centrally managed role definitions and sets of competencies defined and used to support appointments. Experience in Project Management. Level 3 is defined as: Forums exist for sharing organizational experience to improve individual and organizational performance. Capability development. Level 2 is defined as generic training may be provided in key concepts, and there may be individuals undertaking qualification training. Local sharing of knowledge may exist but mostly ad hoc. Planning & estimating processes. Level 3 is defined as: Plans developed to a central and consistent standard that is output- or goal-based. Page 18 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Information & documentation. Level 2 is defined as focus on documentation during start-up and definition, but not maintained over initiative’s life cycle. Localised information structures, with some information sharing between teams. Limited localised information controls, with no formal release management arrangements. Scrutiny & review. Level 2 is defined as Local reviews, with some corrective actions undertaken within the group Page 19 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 4 RECOMMENDED TARGET P3M3™ RATINGS The assessment team recommends DoFD set target P3M3 ratings of 3 for both Programme Management and Project Management and that, Portfolio Management should be targeted for a 2 or higher rating. The Project Management rating should be achieved in the next 12 to 18 months. The Programme and Project Management ratings should be achieved when the next big programme is initiated. DoFD should target level 3 maturity in Project Management because: There is a substantial investment in the DoFD Project Management Framework (FESG PMM) that is not delivering its potential benefits. This is largely due to lower usage in Business areas as opposed to ICT areas; and Improvement in the FESG PMM and its use will decrease the likelihood of project failure and increase the likelihood of benefits realisation. DoFD should target level 3 maturity in Programme Management and a 2 in Portfolio management because: DoFD undertakes a small number of large and often risky initiatives; and The people who are governing and managing these initiatives have to work out the processes for doing so without the benefit of a centrally defined framework that also addresses key differences between programme and project management. DoFD as a lead agency and home to AGIMO and the ICT review change program, would want to act as an exemplar of better practice in this area; and, ensure all ICT investments are strategically aligned and create measurable benefit . The investment to lift the organisation’s programme management capability could be funded from the next large programme initiative DoFD undertakes. Page 20 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 4.1 Portfolio Management – Target Rating 2 recommendations The table below details the statements against each of the seven process perspectives and generic attributes that are currently true (column one) and that would need to be rendered true (column two) for DoFD to achieve the assessment team’s recommended target rating of 2 for Portfolio Management. FROM: Current Rating 1 Management Control (Level 2) Willingness for the organization to implement new processes to support and enable portfolio management but not implemented consistently Some recognition that departmental or divisional portfolios must fit within the priorities and processes of an organizational portfolio Common vocabulary for portfolio management beginning to evolve May be specific guidelines on portfolio management in parts of the organization Benefits Management (Level 1) Initiatives may identify some business benefit generally Any benefits identified tend to be subjective rather than objective May be some statements on the purpose of some initiatives but not providing a clear view of what success will look like Financial Management (Level 3) Clear, documented and published investment life cycle addressing new ideas, feasibility studies, trials, development and review Investment management process and practice in place across organizational portfolio, within which departmental or specialist portfolios fit Common investment management process and practice within portfolio for initiative approval, monitoring and delegation Business and portfolio planning cycles work concurrently Costs, expenditure and forecasts monitored at portfolio level in accordance with organizational guidelines and procedures Defined interfaces with other financial functions within the organization Criteria within portfolio for organizational Page 21 of 38 Version: 1.2 Updated: 30 September 2010 TO: Target Rating 2 Management Control (Level 2) Already attained. Benefits Management (Level 2) Evidence of individuals or local functions using a process for defining business benefits, but little formal benefits tracking, management or ownership Some initiatives will be expected to identify benefits and how to achieve them, but this is deployed inconsistently Likely to be overlap and double counting of benefits between initiatives, with a poorly defined process to identify these Some alignment of identified benefits to the organizational objectives, but likely to be unquantified and patchy Financial Management (Level 3) Already achieved. Authors: DoFD & TANNER JAMES P3M3TM Assessment Report investment decision-making are clear and communicated Portfolio management process includes effective planning of funding availability Financial data in management reports integrated with schedule data and including trends Financial modelling of value for money, using agreed and explicit techniques Stakeholder Management (Level 1) Concept of stakeholder engagement may be acknowledged but is undefined Portfolio communicates with stakeholders on ad hoc basis, relying on individuals within the team taking the initiative No structured approach to stakeholder management and communications Risk Management (Level 2) Some initiatives manage risks, but risk decision making may not consider wider outcome, focusing on threats to initiative rather than to portfolio as a whole and the realization of strategic objectives Some initiatives analyze risk in terms of probability, impact (on schedule, cost and quality of deliverables) and timing Some proactive management of risk, with mitigation plans in place, but such plans are rare and probably unfunded Focus on risk tracking rather than risk Management No escalation procedures for risk mitigation to pass to more senior management May be some effective ownership of risks and risk actions Top-down (sometimes “knee-jerk”) approach to risk identification unconnected with bottom-up approach within initiatives, often causing duplication of effort, competing teams, nonoptimal resource allocation, and consequently ineffective management of organizational risk. Page 22 of 38 Version: 1.2 Updated: 30 September 2010 Stakeholder Management (Level 2) Evidence may exist of more sophisticated analysis and communications planning for some portfolios Most stakeholder analysis is basic and inconsistent, limited to the issue of what stakeholders are interested in Portfolios recognize stakeholder groupings but are limited to local knowledge Some portfolios have their own communications plans but they focus on merely transmitting information Outgoing communications channels from portfolios are limited, with focus on email or websites Some stakeholders advised or consulted, and feedback processed Structured approach beginning to evolve, but based on good practice of one or two key individuals Risk Management (Level 2) Already Achieved Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Organisational Governance (Level 3) The organization has established documented policies, standards, processes and governance for change investments, and has developed an Executive Board-owned structure to oversee portfolio performance Clear, defined vision for organizational change, with senior management demonstrating commitment to it Portfolio is well defined and aligned with strategic objectives and priorities Clear governance structure ensuring that all initiatives are evaluated, prioritized and approved based on strategic objectives, and business cases are continually reviewed for validity and viability Organization Portfolio Office monitors effectiveness of governance and stakeholder engagement for all initiatives Legislative and regulatory requirements incorporated into portfolio management decision and controls processes Governance controls integrated into portfolio controls Business performance information acquired and reviewed by Organization Portfolio Office Process ownership is clear and related decision making responsibilities are clearly defined. Resource Management (Level 1) Individual initiatives identify and source their own resources, creating a high risk of the organization over-committing key resources Little or no coordination of resources across different initiatives, and limited alignment to organizational objectives and priorities, leading to resource conflicts Resource acquisition is ad hoc and uncoordinated Generic Attributes Score (Level 2) Roles & Responsibilities. Level 2 is defined as: Roles, responsibilities and competencies defined in some areas but not consistently across the organization Centrally managed role definitions and sets of competencies defined and used to support appointments Page 23 of 38 Version: 1.2 Updated: 30 September 2010 Organisational Governance (Level 3) Already Achieved Resource Management (Level 2) Resources deployed within specialist or departmental portfolios, with limited consideration of the wider organizational portfolio Some specialist or departmental portfolios have defined methods of resource acquisition but these are likely to differ and be applied inconsistently Limited assessment of impact on other initiatives or operational areas when allocating resources Pockets of good resource management processes but likely to be limited to specific initiatives or departments Problems of not managing resources across portfolio are beginning to be understood and solutions starting to be developed in isolated initiatives or departments Generic Attributes Score (Level 2) Roles & Responsibilities. Already achieved. Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Experience in Portfolio Management. Level 2 is defined as: Key individuals may have practical delivery experience and track record. Capability development. Level 3 is defined as Training is focused on the organization’s approaches and raising competence of individuals in specific roles Forums exist for sharing organizational experience to improve individual and organizational performance. Planning & estimating processes. Level 2 is defined as Plans exist but are not underpinned by consistent development methodology, yet may still be effective locally. Planning seen as activity tracking rather than proactive/forecasting . Estimation is more “guesstimation” and does not use standard techniques. Information & documentation. Level 3 is defined as: Information has a refresh cycle or is regularly accessed Organization-wide information standards on confidentiality, availability and integrity Formal information release management procedures. Scrutiny & review. Level 3 is defined as: Independent reviews take place. Scrutiny largely for compliance reasons, identifying failures rather than opportunities for improvement Page 24 of 38 Version: 1.2 Updated: 30 September 2010 Experience in Portfolio Management. Already achieved Capability development. Level 3 Already achieved Planning & estimating processes. Already achieved Information & documentation. Level 3 is Already achieved Scrutiny & review. Level 3 is Already achieved Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 4.2 Programme Management – Long term Target Rating 3 recommendations The table below details the statements against each of the seven process perspectives and generic attributes that are currently true (column one) and that would need to be rendered true (column two) for DoFD to achieve the assessment team’s recommended target rating of 3 for Programme Management. FROM: Current Rating 2 Management Control (Level 2) Some general understanding exists of the concepts of programme management and its control mechanisms but adoption is localized. Benefits Management (Level 2) Benefits are recognised as an element within programme business cases. There may be some documentation regarding who is responsible for particular benefits and their realisation, but this is unlikely to be followed through or consistent. Financial Management (Level 2) Programme business cases are produced in various forms and the better and more formal cases will present the rational on which to obtain organisational commitment to the programme. Overall cost of the programme is not monitored or fully accounted for. Stakeholder Management (Level 2) Some programmes will be communicated to stakeholders, but this is linked more to the personal initiative of programme managers than to a structured approach being deployed by the organisation. Risk Management (Level 2) Risk management is partially recognized and used on some programmes, but there are inconsistent approaches within and between programmes, which result in different levels of commitment and effectiveness. Organisational Governance (Level 2) Programme management from an organisational perspective is beginning to take shape but with ad hoc controls and no clear strategic control. Roles and responsibilities will be inconsistent, as will reporting lines. Resource Management (Level 2) Resources are being deployed across the organisation and individual programmes have an approach to resource acquisition, planning Page 25 of 38 Version: 1.2 Updated: 30 September 2010 TO: Target Rating 3 Management Control (Level 3) There is a centrally defined and documented approach to a programme management life cycle and controls, and it is applied in all programmes by capable staff that support programme teams. Benefits Management (Level 3) There is a centrally managed and consistent framework for defining and tracking the realisation of benefits arising from programme outcomes. Financial Management (Level 3) There are centrally established standards for the preparation of business cases and processes for their management throughout the programme lifecycle. Programme managers monitor costs and expenditure in accordance with organisational guidelines and procedures, with defined interfaces with other financial functions within the organisation. Stakeholder Management (Level 3) There is a centrally managed and consistent approach to stakeholder engagement and communications used by all programmes. Risk Management (Level 3) Programme risk management is based on a centrally defined process that is cognisant of the organisation’s policy for the management of risks and is used consistently. Organisational Governance (Level 3) Centrally defined organisational controls are applied consistently to the portfolio(s), with decision-making structures in place and linked to organisational governance. Resource Management (Level 3) The organisation has a centrally defined and adopted set of procedures and management processes for acquiring, planning and Authors: DoFD & TANNER JAMES P3M3TM Assessment Report FROM: Current Rating 2 or management. However there is little evidence of consistency of approach Generic Attributes Score (Level 2) Roles & Responsibilities. Level 1 is defined as. No standard roles, and responsibilities are not defined or are generic. Experience in Programme Management. Level 2 is defined as key individuals may have practical delivery experience and track record. Capability development. Level 1 is defined as Training provision is uncoordinated, with little or no knowledge sharing. Planning & estimating processes. Level 2 is defined as plans exist but are not underpinned by consistent development methodology, yet may still be effective locally. Planning seen as activity tracking rather than proactive/forecasting. Estimation is more ‘guesstimation’ and does not use standard techniques. Information & documentation. Level 2 is defined as focus on documentation during start-up and definition, but not maintained over initiative’s life cycle. Localised information structures, with some information sharing between teams. Limited localised information controls, with no formal release management arrangements. Scrutiny & review. Level 2 is defined as: Local reviews, with some corrective actions undertaken within the group. Page 26 of 38 Version: 1.2 Updated: 30 September 2010 TO: Target Rating 3 managing programme resources. Generic Attributes Score (Level 3) Roles & Responsibilities. Level 3 is defined as centrally managed role definitions and sets of competencies defined and used to secure appointments. Experience in Portfolio Management. Level 3 is defined as key individuals have practical delivery experience and track record. Capability development. Level 3 is defined as training is focused on the organisation’s approaches and raising competence of individuals in specific roles. Forums exist for sharing organisational experience to improve individual and organisational performance. Planning & estimating processes. Level 3 is defined as plans developed to a central and consistent standard that is output or goal based. Plan development takes into account a range of relevant factors. Evidence of effective estimating techniques. Dependencies are identified, tracked and managed effectively. Information & documentation. Level 3 is defined as information has a refresh cycle or is regularly accessed. Organisation-wide information standards on confidentiality, availability and integrity. Formal information release management procedures. Scrutiny & review. Level 3 is defined as: Scrutiny largely for compliance reasons, identifying failures rather than opportunities for improvement Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 4.3 Project Management – Target Rating 3 recommendations The table below details the statements against each of the seven process perspectives and generic attributes that are currently true (column one) and that would need to be rendered true (column two) for DoFD to achieve the assessment team’s recommended target rating of 3 for Project Management. FROM: Current Rating 2 Management Control (Level 2) The concepts of project management will have been grasped by some within the organisation, and there may be local experts, such as experienced project managers working on key projects. Benefits Management (Level 2) Benefits are recognised as an element within project business cases. There is some documentation on who is responsible for particular benefits and their realisation. Financial Management (Level 3) Standardised approach to project business case development. Business cases approved centrally, making budget limitations explicit. Issues and risks assessed in financial terms. Guidelines exist on costs to be included in, and excluded from, budgets. Projects have distinct budgets and expenditure against budget is tracked and reported on. Clearly defined authorities for expenditure levels, with cost and expenditure reported on using agreed templates or pro-forma reports. Contract placement using professional procurement support to ensure best value for money. Standard financial estimation and value for money techniques deployed consistently across projects. Business cases reviewed at explicit stages in project life cycle and actions taken to put projects back on track. Evidence of operational sign-off for Page 27 of 38 Version: 1.2 Updated: 30 September 2010 TO: Target Rating 3 Management Control (Level 3) There is a centrally defined and documented approach to a project management life cycle and controls, and it is applied in all projects by capable staff that support project teams. Benefits Management (Level 3) Measures of project success are becoming defined and explicit. Common approach and processes that ensure consistency across all projects in relation to benefits measurement and realisation. Benefits management process described within project business case. Changes to project considered against impact on benefits. Common set of tools and templates used for benefits management activities, including their detailed statement. Benefits documents stored centrally and subject to change control. Detailed descriptions explaining how benefits will be achieved from project deliverables. Benefits calculated in financial terms against centrally managed assessment criteria. Clear responsibilities for benefits realisation cited in business cases. Post-project benefit reviews used to report formally on outcomes and benefit realisation. Financial Management (Level 3) Already achieved. Authors: DoFD & TANNER JAMES P3M3TM Assessment Report FROM: Current Rating 2 any additional costs imposed by project. Capital and revenue costs accounted for differently. Centrally agreed project budgets, making it clear when and where funding will be available. Stakeholder Management (Level 2) Projects will be communicating effectively, but this is linked more to personal initiative of programme and project managers than a structured approach being deployed by the organisation. Risk Management (Level 3) Standard risk management templates and tools used extensively and consistently. Risks identified, assessed and controlled in accordance with recognised procedures, across all projects. Regular reviews, addressing broader opportunities for improvement as well as compliance. Reviews seen as a positive opportunity to improve, not a threat. Risk management interventions embedded within project life cycle. Risks consistently categorised by type (e.g. commercial, operational or strategic). Audits of risk within projects. Processes exist for escalation of project risks. Risks not limited to internal impact on project goals. Risk assessment techniques defined and deployed consistently. Organisational Governance (Level 3) Common definition of Project Boards (or equivalent) & their key roles & responsibilities, which are in place on most projects unless there is a clear reason for them not to be. Central body monitors and influences progress of all projects and the optimal balance of current projects. Consolidated progress reporting on all projects. All key roles & responsibilities documented within individual directors’ terms of reference. Project ideas evaluated against consistent criteria prior to approval. Page 28 of 38 Version: 1.2 Updated: 30 September 2010 TO: Target Rating 3 Stakeholder Management (Level 3) Centrally defined and consistent approach, and supporting process, for identifying and analysing stakeholders. Projects consider stakeholder needs and stakeholders are actively involved in decision-making. Corporate communications (or equivalent) are involved in development of stakeholder engagement processes and procedures. Stakeholders have authority and clearly defined roles within project. Audit trails of communications maintained for all projects. Structured, centrally managed communications plan balances communications from all projects. Communications channels vary and are used to target and deliver messages effectively. Communications budget exists. Much of this approach is provided by the permanent Project Office. Risk Management (Level 3) Already Achieved Organisational Governance (Level 3) Already Achieved Authors: DoFD & TANNER JAMES P3M3TM Assessment Report FROM: Current Rating 2 Centralised decision making ensures that projects fit the organisation’s ongoing needs. Functional activities of sponsor or project executive can be demonstrated for all projects. Evidence of sponsor or project executives ensuring that projects maintain alignment with organisational strategy, with interventions as appropriate. Decisions are auditable. Clear reporting lines set and maintained. Legislative and regulatory requirements built into guidelines. Evidence of structured start-up and closure of projects under clear business control. Resource Management (Level 2) Resources are being deployed across the organisation and individual projects have an approach to resource acquisition, planning or management. However there is little evidence of consistency of approach. Generic Attributes Score (Level 2) Roles & Responsibilities. Level 3 is defined as centrally managed role definitions & sets of competencies defined & used to secure appointments. Experience in Project Management. Level 3 is defined as key individuals have practical delivery experience and track record. Capability development. Level 2 is defined as generic training may be provided in key concepts, and there may be individuals undertaking qualification training. Local sharing of knowledge may exist but mostly ad hoc. Planning & estimating processes. Level 3 is defined as plans developed to a central & consistent standard that is output or goal based. Plan development takes into account a range of relevant factors. Evidence of effective estimating techniques. Dependencies are identified, tracked and managed effectively. Page 29 of 38 Version: 1.2 Updated: 30 September 2010 TO: Target Rating 3 Resource Management (Level 3) Centrally defined & adopted set of procedures in place for resource management. Work to be carried out by third parties or contractors defined & planned in accordance with documented procedures and reviewed at key milestones or project stages. Frameworks in place with external market for provision of resources to meet shortages & expertise peaks. Resource utilisation tracking & productivity monitoring occasionally undertaken, using industry standard techniques. Resource planning undertaken in broadest sense, not limited to human resources. Some collaboration between project teams or recognition at organisational level of opportunities for sharing critical or limited resources. Potential issues arising from resource availability identified & escalated. Evidence of induction planning & activities when joining project teams. Generic Attributes Score (Level 3) Roles & Responsibilities. Already achieved. Experience in Project Management. Already achieved Capability development. Level 3 is defined as training is focused on DoFD’s approaches and raising competency of individuals in specific roles. Forums exist for sharing DoFD experience to improve both individual & DoFD performance. Planning & estimating processes. Already achieved Authors: DoFD & TANNER JAMES P3M3TM Assessment Report FROM: Current Rating 2 Information & documentation. Level 2 is defined as focus on documentation during start-up and definition, but not maintained over initiative’s life cycle. Localised information structures, with some information sharing between teams. Limited localised information controls, with no formal release management arrangements. Scrutiny & review. Level 2 is defined as: Local reviews, with some corrective actions undertaken within the group TO: Target Rating 3 Information & documentation. Level 3 is defined as information has a refresh cycle or is regularly accessed. Organisation-wide information standardisation on confidentiality, availability and integrity. Formal information release management procedures. Scrutiny & review. Level 3 is defined as: independent reviews take place. Scrutiny largely for compliance reasons, identifying failures rather than opportunities for improvement 5 MATURING OF SPECIFIC ATTRIBUTES This section documents assessment team’s thoughts on specific P3M3 management attributes that could be addressed in improving DoFD’s capability maturity. These attributes underpin the “statements that would have to be rendered true” (i.e. the second column) from Section 4 above. 5.1 Portfolio Management – Level 1 to Level 2 Management Control Mandate improvement of the PMM or adopt a mature and proven project management framework (OGC’s PRINCE2TM2 for project management) and mandate adoption of a Programme management framework (eg OGC’s MSPTM3 for programme management), and Consider implementation of a whole of organisation ICT Portfolio, Programme and Project office (P3OTM4). The office will initially develop manage and control processes and later coordinate all DoFD ICT programmes and projects as an ICT investment body of work for the portfolio. Benefits Management Increase the understanding for Executive board, ITGC and project sponsors that benefits need to be reported as strategically aligned with organization goals, are cost effective and are being continuously monitored and reported to EB. Resource Management Ensure the organisation defines and adopts a framework for resource capacity and capability planning; and Implements utilisation tracking and productivity monitoring for reporting to EB. 2 PRINCE2 is a Registered Trade Mark of the UK Government’s Office of Government Commerce. 3 MSP is a Registered Trade Mark of the UK Government’s Office of Government Commerce. 4 P3O is a Registered Trade Mark of the UK Government’s Office of Government Commerce. Page 30 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Organisational Governance A number of interviewees observed that some project committees are failing to identify and seek answers to “the hard questions”. Introduction of role-based management for key project management personnel could ensure that each person in a role has a clear definition of their specific role and responsibilities, which in turn may improve their assessment and questioning of projects; Clarify reporting lines for both the writers and receivers of project reports. This should address the flow of project information up from team leaders within projects to project managers, then on to line management, steering committee members and those engaged in programme management. The PM and Governance manuals should be better aligned to eliminate duplication of reporting etc; and Define the interfaces between project and programme governance arrangements, then educate staff. Resource Management Define and adopt a framework for resource capacity and capability planning at portfolio level; and Implement utilisation tracking and productivity monitoring. Generic Attributes Roles & Responsibilities o Define the competencies required for key project management roles (e.g. Business representatives on steering committees must understand the operational environment into which the deliverables of the project will be deployed and they must assist the definition of how those deliverables will be used). Experience in Portfolio Management o Ensure that key people have project management experience in balance with project subject matter expertise. Capability development o Actively train people for their specific roles and responsibilities. Planning & estimating processes o Implement goal and output-based planning and estimating methods across DoFD, noting that some areas have done this; and o Identify, track and manage inter-project dependencies. Information & documentation o Make information refresh cycles and release management practices consistent across projects. Scrutiny & review o Improve the connection between project scrutiny and review (e.g. ANAO audits and Gateway Reviews) and improvements in project management. Introduce and mandate post project reviews. 5.2 Programme Management – Level 2 to Level 3 Management Control Page 31 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Define a programme management “framework” that addresses the differences between better practice project management and programme management. Mandate using this framework and set threshold statements for assessing when it must be used; Ensure that the programme management framework defines the integration points between programme and project management; and Distinguish between operational (i.e. business as usual) “programs” and change “programmes”. Improve method guidance for programme vision/blueprint/future state definition and ensure that programmes are starting to use this guidance (adopt a proven framework – OGC’s MSP for example); Tighten the definition of and commitment to programme scope and also tighten change control to reduce the ability of stakeholders to introduce uncontrolled change; Adopt consistent reporting across programmes; Introduce role-based management for key roles such as Senior Responsible Owners, Business Change Managers and Programme Managers so that each person in a role has a clear definition of their specific role and responsibilities; Train and support people in their programme management roles; and Apply the concept of scheduled tranche reviews in programmes to formally take stock of progress to date and changes in the programme’s context to make decisions about the future of the programme. Benefits Management Ensure that processes, templates and tools for benefit management are in place and being consistently used; Ensure that benefits are defined, observable, attributable and measurable (DOAM); Improve benefit realisation plans, profiles and schedules including definition of who has ownership/accountability for benefit realisation; Include assessment of benefits harvested to date in tranche reviews; and Provide guidance for consistent mapping of deliverables, outcomes and benefits. Financial Management Establish Programme business cases that focus on a journey of change over time, benefits realisation on the way, islands of stable business capability and the associated risks (i.e. more than the standard project cost/benefit analysis); and Include re-assessment of the business case in tranche reviews to confirm it is still wholly valid and relevant to programme aims. Stakeholder Management Document the good processes currently used by experienced programme sponsors and managers and communicate these to all DoFD programme sponsors and managers. Risk Management This would largely be addressed by the actions above on the framework noting that the essence of Risk Management is no different for Projects and programmes however the process sequencing is different. For example, one of DoFD’s more experienced programme management stakeholders described a process whereby risk assessment is firstly conducted at programme level, then programme representatives engaged in each Page 32 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report project level risk assessment, then the programme risks were re-assessed to capture knowledge gained from the projects. Communicate the programme risk management processes to all DoFD programme sponsors and managers; and Introduce simple risk perspectives such as Strategic, Operational, Programme and Project. Organisational Governance Embed Business Change Managers (as per Management Control, above) in programme decision making and management. Resource Management Define and adopt a framework for resource capacity and capability planning at programme level; and Implement utilisation tracking and productivity monitoring. Generic Attributes Roles & Responsibilities o Define the competencies required for key programme management roles (e.g. Business Change Managers must understand the operational environment into which they will deploy the capabilities delivered by the programme and they must have the authority to drive the associated operational change). Experience in Programme Management o Ensure that key people have programme and project management experience in balance with programme subject matter expertise. Capability development o o Train people for their specific roles and responsibilities; and Implement programme management forums to share learning. Planning & estimating processes o Implement goal and output-based planning and estimating methods across DoFD for consistency, noting that some ICT areas already do this; and o Identify, track and manage inter and intra-programme dependencies. Information & documentation o Make information refresh cycles and release management practices consistent across programmes. Scrutiny & review o Ensure that programmes are scrutinised to identify failures and, preferably, to also drive improvements in programme management. 5.3 Project Management – Level 2 to Level 3 Management Control Improve the PMM or adopt a mature and proven project management framework (OGC’s PRINCE2 for example); Improve understanding and mandate application of a DoFD Project Management Framework ( Eg the improved FESG PMM) in non-ICT areas of DoFD. Specifically the assessment team noted; o the current perception that the FESG PMM is not fully mature and is optional. Page 33 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report Ensure that the FeSG PMM defines the integration points between programme and project management; Specifically improve the benefits management and tracking aspects as well as the resource management and stakeholder management components; Improve the up front definition of deliverables and benefits and the ultimate evaluation against this definition; and Mandate Post project reviews to test benefits realisation etc. Benefits Management Increase the understanding for project sponsors and managers that benefits are being monitored by Senior Executives in relation to their projects and clarify the benefits management touch points between project sponsors, project managers and finance staff. Financial Management Where projects occur over multiple financial years, include business case re-assessment in the transition from one year to another in addition to topping up the project funding. This has been identified as a problem across finance; and Address the inconsistency between Business and ICT areas of DoFD regarding project funding perhaps through a combination of making practices more consistent or improving understanding about why the inconsistencies exist. Refer Section 3, above, observations regarding project management. Stakeholder Management Improve documentation of processes (i.e. in the FESG PMM) for stakeholder engagement and communications to capture the good practices of more experienced project staff; and Raise awareness of FESG PMM stakeholder management tools and techniques. Risk Management Ensure consistent application of the FESG PMM guidance for Risk Management across ICT and Business. Ensure risk management isn’t just a process but a thorough evaluation of threats. Page 34 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report APPENDIX A –OVERVIEW DOFD PORTFOLIO OF ICT ENABLED CHANGE Page 35 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report APPENDIX B – P3M3™ OVERVIEW P3M3™ is an overarching model containing three sub-models, Portfolio Management Maturity Model (PfM3), Programme Management Maturity Model (PgM3) and Project Management Maturity Model (PjM3); For each of the three sub-models P3M3™ examines up to 7 different process perspectives (Management Control, Benefits Management, Financial Management, Stakeholder Management, Risk Management, Organisational Governance and Resource Management). Within each perspective 5 levels are used to describe maturity, these levels can be applied independently within each model, or across all three to assess overall P3M3™ maturity. 3 Sub-models Portfolio Management The totality of an organisation’s investment (or a segment thereof) in the changes required to achieve its strategic objectives. Portfolio Management describes the management of an organisations portfolio of business change initiatives. Programme Management Programmes exist to manage the complexities involved in delivering beneficial change. Programme Management is focussed on the areas of tension between strategic direction, project delivery and operational effectiveness. Project Management A project is a unique set of coordinated activities, with definite starting and finishing points, undertaken by an individual or team to meet specific objectives within defined time, cost and performance parameters as specified in the business case. Project Management guides a project through a visible set of activities, from controlled start-up, through delivery, to controlled closure, and review. Page 36 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 7 Process Perspectives 1. Management Control This covers the internal controls of the initiative and how direction is maintained throughout its life cycle, with appropriate break points to enable it to be stopped or redirected by a controlling body if necessary. Best practice is characterised by clear evidence of leadership and direction, scope, stages, tranches and review processes during the course of the initiative. 2. Benefits Management This ensures the desired business outcomes are clearly defined, measurable and ultimately delivered through a structured approach. Best practice recommends that benefits are assessed and approved by the organisational areas that will deliver them. Benefit dependencies and other requirements should be clearly defined, and understanding gained on how the initiative’s outputs will deliver the benefits. 3. Financial Management This ensures that likely costs are captured and evaluated in a formal business case and are categorised and managed over the investment life cycle. There should be appropriate involvement from the organisation’s financial functions, with approvals being embedded in the broader organisational hierarchy. Best practice suggests that a business case should define the value of the initiative to the business and contain a financial appraisal of the possible options. 4. Stakeholder Management Best practice suggests that both internal and external stakeholders are analysed and engaged in order to achieve the initiative’s objectives. Stakeholder Management includes communications planning, the effective identification and use of different communications channels, and techniques to enable objectives to be achieved. 5. Risk Management This views the way in which the organisation manages threats to, and opportunities presented by, the initiative. Risk Management maintains a balance of focus on threats and opportunities, with appropriate management actions to reduce or eliminate the likelihood/impact of any identified threat. 6. Organisational Governance This looks at how the delivery of initiatives are aligned to the organisation’s strategic direction, including start-up, closure and during the initiative’s lifecycle. This perspective looks at how the impact of external factors might be controlled/mitigated, as opposed to Management Control, which considers how internal control is maintained. 7. Resource Management This covers management of all resources required for delivery, including human resources, buildings, equipment, supplies, information, tools and supporting teams. A key element is the process for acquiring resources and how supply chains are utilised to maximise their effective use. In best practice there will be evidence of capacity planning and prioritisation to enable effective resource management. Page 37 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES P3M3TM Assessment Report 5 Maturity Levels Maturity Level 1 - Awareness of Process Processes are not usually documented, actual practice is determined by events or individual preferences, and performance is variable. Successful initiatives are often based on key individuals’ competencies rather than organisationwide capability and past successes can not be repeated consistently. Processes are undeveloped or incomplete. There is little or no guidance or supporting documentation and even terminology may not be standardised. Maturity Level 2 - Repeatable Processes Basic management practices, e.g. tracking expenditure and scheduling resources, are in place and being improved. Key individuals are trained and demonstrate a successful track record and through them, the organisation is capable of repeating success. Initiatives are performed and managed according to their documented plans; project status and delivery is visible to management at defined points. There may still be inadequate measures of success; unclear responsibilities; ambiguity/inconsistency in business objectives; unintegrated Risk Management; limited Change Management; and inadequacies in communications strategy. Maturity Level 3 – Defined Processes Management and technical processes are documented, standardised and integrated to some extent with business processes. There is some process ownership and a group responsible for maintaining consistency and delivering process improvements. Senior management are engaged consistently, providing active and informed support. There is an established training programme to develop individual’s skills and knowledge. Maturity Level 4 – Managed Processes The organisation has defined processes that are quantitatively managed, i.e. controlled using metrics. There are quantitative objectives for quality and process performance, and these are being used in managing processes. Top management are proactively seeking out innovative ways to achieve goals. Using metrics, management can effectively control processes and identify ways to adjust and adapt them to particular initiatives without loss of quality. Maturity Level 5 – Optimised Processes There is focus on optimisation of quantitatively managed processes to account for changing business needs. The organisation exhibits continuous process improvement, and can show strong alignment of organisational objectives with business plans. Top managers are seen as exemplars, reinforcing the need and potential for capability and performance improvement. Information from process and product metrics enables the organisation to understand causes of variation and to optimise its performance. Page 38 of 38 Version: 1.2 Updated: 30 September 2010 Authors: DoFD & TANNER JAMES