Project Governance: Accountability and Risk Management
Participant notes
This short course can be counted towards one of Governance Institute of Australia’s Certificates (see over page for details).
© Governance Institute of Australia Ltd 2015 ABN 49 008 615 950 Short courses and Certificates This short course constitutes one of Governance Institute of Australia’s Certificate courses on successfully passing the online exam. For more information, or to enrol in the Certificate course, please contact Governance Institute in your state or visit www.governanceinstitute.com.au→Learning→Short courses & Certificates→ Request Short courses and Certificates handbook.
Professional development at Governance Institute of Australia For further information regarding your study options, please refer to the ‘conclusion’ section within these notes to explore your study options.
In-house training Governance Institute also offers flexible in-house training solutions that specifically meet your business needs. For more information, please contact Governance Institute in your state.
Disclaimer Note that the materials for this course are issued to participants on the following conditions: • Neither Governance Institute of Australia nor its course authors and presenters purport to provide legal or other expert advice on the subject matter contained in these materials or in their tutorial presentation. • Neither Governance Institute of Australia nor its course authors and presenters are responsible for the results of any action taken on the basis of the information in these materials or in their tutorial presentation or any errors or omissions therein. • Governance Institute of Australia and its course authors and presenters disclaim any liability to any person in respect of the consequences of anything done by any person in reliance upon the contents of these course materials or their tutorial presentation.
Acknowledgments
Written and designed by: David Berechree, Director, KPMG
Chris Wells FGIA, Project Director, Infrastructure Energy and Resources
Revised by: Robert Posener, Managing Director, PMComplete Pty Ltd Damian McKenzie-McHarg, Lawyer and Governance Risk Consultant
Copyright Copyright strictly reserved. No part of these course materials covered by copyright should be reproduced or copied in any form or by any means without the written permission of Governance Institute of Australia
© Governance Institute of Australia Ltd 2015
Contents
1 Introduction 1 1.1 What is the background to this course? 1 1.2 What is the aim of this course? 1
2 Definitions, principles and key elements of project governance 1 2.1 Corporate governance 1 2.2 What is a project? 2 2.3 Terminology 4 2.4 Project governance principles 7 2.5 What is project management? 11 2.6 Managing projects 11 2.7 Why is governance important? 12
3 Governance challenges 13 3.1 The business case 13 3.2 Project management lifecycle 15 3.3 Project management plan (PMP) and project registers 15 3.4 Program management office (PMO) 16 3.5 Project management standards and methodologies 17
4. Project structure, roles, committees and functions 20 4.1 Project governance structures 20 4.2 Project roles 21 4.3 Project steering committee role and functions 24
5 Project status and progress reporting 29 5.1 The need for control 29 5.2 Project status and progress reporting 29 5.3 Project scope management 35 5.4 Time management 36 5.5 Cost management 37
6 Quality and risk management 40 6.1 Project quality assurance versus quality control 40 6.2 Risk management 40
7 Engagement and communication 45 7.1 Stakeholder management 45 7.2 Stakeholder analysis 46 7.3 Challenges of engagement 46 7.4 Communication 47
8 Measuring success 48 8.1 Project performance measurement 48
9 Conclusion 50 9.1 Good project governance 50
10 Resources 52 10.1 Legislation and regulators 52 10.2 Standards and guidelines 53 10.3 Governance Institute resources 54 10.4 Reference books 55 10.5 Reports and journal articles 55 10.6 Other resources 56
Project Governance: Accountability and Risk Management
1 INTRODUCTION
1.1 What is the background to this course? The management of projects can be simple or complex, depending upon a range of factors (including type, size, culture and numbers of people involved). There are three common threads in the governance of a project: 1. Risk - Every project faces risks and it is often said that ‘the reason why we have project managers is to minimise risk’. Minimising risk leads to more project successes 2. Governance - The requirement to ensure that project governance is correct. Who makes the important decisions, how quickly and who is empowered to do what needs to be clearly defined at the start of a project. Correct and workable governance is one of the leading factors in ensuring that the project will be a success not only as a specific initiative, but in terms of whether the project contributes to the organisation’s broader objectives 3. Accountability- Different enterprises have different accountability cultures. You can’t have empowerment without accountability. Having clear (and correct) project accountabilities and responsibilities also contributes significantly to the likelihood of a project being successful. Because they are easily measured, many organisations still believe that getting the triple constraints (of scope, time and cost) right is the way to measure project success — but this is too simplistic. There is a better way, and this is examined in this course.
1.2 What is the aim of this course? The aim of Project Governance: Accountability and Risk Management is to overview the elements, objectives and governance priorities of project governance.
The key objectives are to:
• examine the principles underpinning project governance • explore the key risk areas of scope, time and cost management • identify quality control approaches • assess reporting requirements
2 DEFINITIONS, PRINCIPLES AND KEY ELEMENTS OF PROJECT GOVERNANCE
2.1 Corporate governance Justice Owen in the HIH Royal Commission defined corporate governance as ‘the framework of rules, relationships, application systems and processes within and by which authority is exercised and controlled in corporations’.
Governance Institute of Australia 1 Project Governance: Accountability and Risk Management
The ASX Corporate Governance Council (in the Corporate Governance Principles and Recommendations, 3rd edition) describes corporate governance as encompassing the mechanisms by which companies, and those in control, are held to account. Further, it articulates that corporate governance influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimised. Effective corporate governance structures encourage companies to create value, through entrepreneurialism, innovation, development and exploration, and provide accountability and control systems commensurate with the risks involved. The Governance Institute believes that governance means the method by which an organisation is run or governed, over and above its basic legal obligations. It has four critical elements which are outlined in the following sections.
Transparency The starting point is transparency of purpose. This clarifies why the organisation exists, what its objectives are and what the measures of achievement are. It also means transparency of process so that all stakeholders understand how things are done, as well as why.
Accountability Who is responsible and to whom? What are they responsible for? What are the consequences if the rules are violated? Accountability is a normal part of the exercise of responsibility. It enables those conferring responsibility to monitor its exercise.
Stewardship This involves the organisational decision-making undertaken so that those controlling the destiny of an organisation do so not for their own benefit, but rather for the benefit of the range of individuals and groups who have an interest in the affairs of the organisation, that is, the stakeholders.
Integrity This refers to a culture committed to ethical behaviour and, the prudent discharge of responsibilities for, and on behalf of, all stakeholders. In any organisation, it is vital that the corporate governance framework extends to the project activities undertaken.
2.2 What is a project? A simple definition from the Project Management Institute’s A Guide to the Project Management Body of Knowledge (PMBOK® Guide, 2004, 3rd edition, p 5) is: ‘A project is a temporary endeavour undertaken to create a unique product, service, or result.’ Various other definitions exist, including the following from Standards Australia (DR 01845 Draft for public comment, p 7): A unique process, consisting of a set of coordinated and controlled activities with start and finish dates, undertaken to achieve an objective conforming to specific requirements, including the constraints of time, cost and resources.
2 Governance Institute of Australia Project Governance: Accountability and Risk Management
The key features of a project can be articulated as follows: • It is discrete — it is a unique process with a defined scope and activity, so by nature it is a temporary endeavour with a definite beginning and a definite end. ‘Temporary’ does not generally apply to the product, service or result created by the project. Most projects are undertaken to create a lasting outcome and/or to realise specific benefits. • It has a defined start and end point — the end is reached when the project’s outcomes and benefits have been realised, or it becomes clear that the project’s objectives will not or cannot be met, or the need for the project no longer exists and the project is closed. This does not mean that the project is short in duration, as many projects last for several years. In every case, however, the duration of a project is finite. Projects are not ongoing efforts. • It has a specified end deliverable — a project creates unique deliverables, which are products, services or results. Projects can create: – a deliverable that is produced, is quantifiable, and can be either an end item in itself, or a component item – a capability or capacity to perform a service, such as a new business function – a result, such as outcomes, documents or IT systems. • It is unique, either in its end deliverable or its environment — an important characteristic of project deliverables is ‘uniqueness’. However, the presence of repetitive elements does not change the fundamental uniqueness of the project work. Organisations perform work to achieve a set of objectives. Generally, work can be categorised as either projects or processes, although the two sometimes overlap. They share many of the same characteristics, in that they are: • performed by people • constrained by limited resources and time • planned, executed and controlled. However, projects and processes differ primarily in that processes (normal operations) are ongoing and repetitive, while projects are temporary and unique. The objectives of projects and processes are fundamentally different. The purpose of a project is to realise its outcomes and benefits and then close. Conversely, the object of an ongoing process is to sustain the business. Projects are different because the project closes when its specific outcomes and benefits have been realised. Processes are gradually adapted and improved or change in response to new objectives, but in either case, the work continues. The value creation process is illustrated in Figure 1.
Governance Institute of Australia 3 Project Governance: Accountability and Risk Management
Figure 1: The value chain
Illustration
2.3 Terminology Many terms used in project management have different meanings depending upon the methodology being followed. Some common terms that have more than one meaning, depending on the methodology, are outlined in the following sections.
Critical success factor (CSF) Meaning 1 (incorrect): The measures that will be used to judge if a project was a success. This is the definition of ‘success measure’. Meaning 2 (correct): The factors that should be in place to ensure that the project will be a success (for example, good project governance).
Issue Meaning 1 (PRINCE2): A materialised risk. Meaning 2 (PMBOK®): Something that needs to be resolved sometime, but not necessarily now. This is also known as ‘a parking lot’, so that we don’t forget to resolve this issue. Meaning 3: Any situation, action, problem or question arising during performance of the project, which cannot be efficiently or effectively resolved within the project team.
4 Governance Institute of Australia Project Governance: Accountability and Risk Management
Task Meaning 1 (Microsoft Project): A project activity that needs to be managed and occurs on the project schedule). Meaning 2 (Agile): Anything that needs to be done on the project including action items, defect repairs, issues, risks, testing, changes and variations and schedulable activities.
Work breakdown structure (WBS) Meaning 1 (PMBOK®): A hierarchical list of project deliverables, also known as ‘work products’, (that is, a list of nouns). Meaning 2 (PRINCE2 and Microsoft Project): A hierarchical list of project tasks to be performed (that is, a list of verbs). Similarly, there are many project management terms that are essentially synonymous. Some common terms that have the same meaning include: • ‘float’ and ‘slack’ • ‘goal’ and ‘objective’ • ‘deliverable’ and ‘product’ and ‘work product’ and ‘output’ • ‘schedule’ and ‘work plan’ • ‘task’ and ‘activity’ • ‘phase’ and ‘stage’ and ‘management stage’ and ‘sprint’ and ‘epic’ • ‘baseline’ and ‘budget’ • ‘achievement’ and ‘actual’ • ‘estimate’ and ‘forecast’ • ‘request for change’ and ‘change request’ • ‘error’ and ‘defect’ and ‘bug’ • ‘specification’ and ‘requirement’ and ‘product backlog item (PBI)’ • ‘quality review’ and ‘review’ and ‘inspection’ • ‘log’ and ‘register’ • ‘product release’ and ‘release’ • ‘product breakdown structure (PBS)’ and ‘work breakdown structure (WBS)’ • ‘net risk’ and ‘residual risk’ • ‘risk likelihood’ and ‘risk probability’ • ‘risk consequence’ and ‘risk impact’ • ‘positive risk’ and ‘opportunity’. Also, there are terms that appear to be the same, but have slight differences. Some common terms that have slightly different meanings include the following.
Governance Institute of Australia 5 Project Governance: Accountability and Risk Management
Change and variation A change is an addition, change or deletion from the project’s major deliverable’s requirements. A variation is an addition, change or deletion from the project’s environment. Examples include the following: • Organisation: For example, the new system now has to be useable by the marketing department as well as the sales department. • Geographic: For example, the new system now has be useable by our New Zealand sister company staff. • Project lifecycle: For example, the project now has to provide a warranty period. • Methodology: For example, the methodology was changed while the project was in-flight, to now require an additional phase or report. Organisations must take care to define the terms that they are using, because the high turnover in staff brings new personnel who have different backgrounds and experiences and assuming a definition can lead to unintended consequences.
Correct terminology, used correctly The term ‘project objective’ is not used in this project management language because: • these tend to be ‘motherhood statements’ that every project has and are all implied in the project manager’s role • the focus should be more on delivering outcomes and benefits.
Examples of the confusion caused by poorly-defined objectives project include to: • deliver before time • deliver under budget • realise all of the planned outcomes • realise all of the planned benefits • manage the project according to the methodology • achieve a satisfaction rating of 5 from all stakeholders surveyed at the end of the project • have no incomplete activities in any of the project registers when the project is closed • have no miscommunications during the life of the project • have no priority 1 and 2 defects unrepaired when the new system goes into production • have no priority 1 and 2 defects found in production within the warranty period (that is, first 90 days) • have no project team members voluntarily leave the project • have no contractual issues with the selected vendor.
The terms used throughout this course are based on the PMBOK® definitions.
6 Governance Institute of Australia Project Governance: Accountability and Risk Management
2.4 Project governance principles Guidance on project governance is established in Australia primarily through Information Technology (IT) standards development via Standards Australia. This includes: • AS 8015–2005 — Corporate governance of Information and Communication Technology (ICT) • DR 08145 — Corporate governance of projects involving IT investments (draft standard).
Standard Australia’s AS 8015–2005 provides a governance model for boards and senior management of organisations in relation to their responsibilities in guiding and monitoring the use of information technology (IT). The Standard is designed to assist them in making appropriate decisions and it recommends that directors govern IT through three main tasks: 1. evaluating the current and future use of IT 2. directing preparation and implementation of plans and policies to ensure that use of IT meets business objectives 3. monitoring conformance to policies, and performance against the plans
Figure 2 illustrates the AS 8015-2005 approach.
Figure 2: AS 8015–2005: Model for corporate governance of ICT
Source: AS 8015–2005. Reproduced with permission The draft standard for corporate governance of projects involving IT investments (DR 08145) explains how to apply this process model when investing in new or changed IT. Although this is focused on projects with an IT component, the principles can be easily applied to projects of a general nature.
Evaluate Directors should evaluate investment decisions and expected project outcomes and benefits to ensure that they are aligned with business objectives.
Governance Institute of Australia 7 Project Governance: Accountability and Risk Management
While directors may not be involved at a detailed level in most projects, they should evaluate the overall portfolio of projects involving investment in IT, as well as the major IT investment in making judgments on whether the benefits and risks associated with the investment are justified. Directors should take account of both current and future business needs, as well as opportunities and risks arising from technology. Ongoing evaluation of projects and investment decisions should be undertaken at all levels of delegated authority to ensure that projects only initiate and continue if the organisation receives value from the investment. The board and senior management of an organisation should periodically assess the effectiveness of the governance arrangements.
Direct Directors and senior managers should direct the establishment of a framework for project governance appropriate to the size and risks of the organisation. This includes: • clearly defined policies, processes, procedures, check lists, standards, guidelines and templates, as well as responsibilities and accountabilities for p