Guidance for the governance of project management
In November 2003, a Specific Interest Group (SIG) was formed to develop practice related to the Governance of Project Management (GoPM). In September 2004 the GoPM SIG published its first guidance, a document entitled “Directing Change – A Guide to Governance of Project Management” (herein after referred to as “the GoPM Guide”). Copies of this document can be obtained free of charge by contacting the Association for Project Management (APM) or by downloading from the APM's web site.
The governance of project management concerns those areas of corporate governance that are specifically related to project activities. Effective governance of project management ensures that an organization's project portfolio is sustainable, delivered efficiently and is aligned to the organization's objectives. Governance of project management also supports the means by which the Board and other major stakeholders are provided with accurate, relevant and realistic information. Interest in this topic is evidenced by the fact that, since being launched, the GoPM Guide has been downloaded from the internet at a rate of 700 times per week.
This paper reports on the way in which the GoPM Guide was developed. It starts by explaining the purpose of the document and identifies the reasons for believing why it fills a gap left between previously published project management and corporate governance guidance. It then describes the rationale underlying the document's structure before developing this in more detail with sections on portfolio direction, project sponsorship, the project management function and disclosure and reporting.
Corporate Governance and Project Management
The past decade has seen a plethora of guidance and regulation related to corporate governance. In the UK, this has been led by the development of the Combined Code which is referenced under the rules of the London Stock Exchange. Although originally developed for listed companies, elements of the Combined Code have been also been adopted by government organizations. For example, the Turnbull Guidance (1999) on internal control, which has since been fully incorporated into the Combined Code, was used, at least in part, as a model for the UK National Health Service Controls Assurance process.
In the United States, the Government has used a statutory approach to drive corporate governance using the Sarbanes-Oxley Act (2002). This act of Congress was passed in the wake of high profile failures of listed companies that were attributed to financial malpractice. Its primary aim is to protect shareholders from the risk of being misled. The Internal Control requirements required by the Sarbanes-Oxley Act were published in 2004 and define the standards that must apply to the audit of internal control over financial reporting performed in conjunction with an audit of financial statements.
However, despite their range of applications and purposes, the key source documents for corporate governance have yet to address the specific risks and issues arising from projects. In the both the Combined Code and the Sarbanes-Oxley Act, operations and projects are not differentiated; the word project does not appear once in either – a combined total of 300 pages. This is the gap that the GoPM Guide seeks to fill. The GoPM Guide is aimed primarily at the directors of companies and large organizations. It provides guidance on how they can shape their governance processes to take into account the implications of projects and project-orientated business.
The interests of both shareholders and government organizations can be affected significantly by the performance of projects. For example, in February 2003, BAE Systems announced exceptional project costs of £750m comprising £500m for the Nimrod early warning aircraft and £250m for the Astute submarines. Its customer, the UK government, simultaneously announced that it would be paying an additional £270m and £430m respectively to restructure the two projects. From the perspective of either party, threats of write-offs of this size would qualify as being risks that were sufficiently significant to be managed using controls recommended by the Turnbull Guidance.
The Nimrod and Astute projects are examples of cases in which there have been serious problems in the control of project-based business in which there is a client and a supplier. However, many companies and organizations also own internal projects that are fundamental to the success of their own operations. Companies that are reliant of internal projects to maintain ongoing operations include those working in the pharmaceutical, telecommunications and oil industries. Occasionally, an example emerges of a single internal project that is so fundamental to the company's purpose that failure without a fallback would close the company. An example of this was Coca Cola's formula change implemented in March 1985. By the middle of June, its customers were “Saying ‘No’ to New Coke.” Had Coca Cola not been able to revert quickly back to its previous formula it might well have been in serious financial difficulties.
As a final example, Railtrack's west coast main line project confirms that failure of even a single project has the potential to cause company failure. Delays to the project's completion led to additional costs and penalty payments reputably of the order of several £billion. In the event, Railtrack was taken into administration by the UK government (March, 2002), before the full implications of these overruns were fully reflected in the company's share price.
Corporate governance has been described as providing “the structure through which the objectives of the company are set and the means of attaining those objectives and monitoring performance are determined” (OECD, 2004). The above examples of projects, along with many other examples that could be quoted, show that the management of projects has important implications for corporate governance within both companies and organizations.
Governance of Project Management Boundaries
In order to define a scope for the governance of project management, it is necessary to draw boundaries around its activities. In writing the Guide, the GoPM SIG consciously avoided:
- Recommending any amendment to existing guidance on corporate governance.
- Developing new practice for the management of individual projects or programmes.
Since documents such as the Combined Code and the Sarbanes-Oxley Act contain no reference to project management, the first of these aims is achieved without difficulty. The GoPM Guide achieves the second by addressing project management issues from a strategic perspective related to an organization's purposes and its internal controls. The guide is thus focused only on those activities that affect both corporate governance and the strategic management of projects. The boundaries resulting from this overlap are illustrated in Exhibit 1.
Governance of Project Management Principles
The Combined Code is founded upon a collection of core principles that are considered to be applicable to all companies listed on the London Stock Exchange. The GoPM Guide, similarly, commences with list of principles, which, collectively, form the high level guidance for all organizations that are included in its target audience. This target audience includes all companies and organizations (including government organizations and charities) whose business or operations has a significant dependence on projects.
The first principle stated by the Combined code is that: “Every company should be headed by an effective board, which is collectively responsible for the success of the company.” The first principle in the GoPM Guide flows down from this:
GoPM Guide Principle No1: The board has overall responsibility for the governance of project management.
The other ten GoPM Guide principles can also be related to principles contained in the Combined Code. The GoPM Guide's Appendix 1 details the mapping involved. The document's Appendix 2 details a similar mapping of GoPM principles to relevant sections of the Sarbanes-Oxley Act.
The Combined Code and Sarbanes-Oxley Act are therefore primary sources for the GoPM Guide. However, since neither of these sources is specific to project management, a third, project-related, source was used for the development of GoPM principles. This was the list of “eight major causes of project failure” developed by the UK National Audit Office, agreed with the UK Office of Government Commerce and, hence, recommended as guidance to UK government departments. The eight causes of project failure are listed as:
- Lack of clear link between the project and the organization's key strategic priorities, including agreed measures of success.
- Lack of clear senior management and Ministerial ownership and leadership.
- Lack of effective engagement with stakeholders.
- Lack of skills and proven approach to project management and risk management.
- Lack of understanding of and contact with the supply industry at senior levels in the organization.
- Evaluation of proposals driven by initial price rather than long term value for money (especially securing the delivery of business benefits).
- Too little attention to breaking development and implementation into manageable steps.
- Inadequate resources and skill to deliver the total delivery portfolio.
Examination of this list shows that many of these causes of project failure include activities undertaken above the level traditionally occupied by project managers; they are failures to govern project management rather than failures within the project management process itself. Examples of ways in which the list has influenced the GoPM Guide's principles include:
GoPM Guide Principle No.4: A coherent and supportive relationship is demonstrated between the overall business strategy and the project portfolio. (see cause of failure No. 8)
GoPM Guide Principle No. 11: Project stakeholders are engaged at a level that is commensurate with their importance to the organization and in a manner that fosters trust. (see causes of failure Nos. 3 & 9)
The Four Components of GoPM
Following its statement of eleven core principles, the GoPM Guide presents a lower level of detail in the form of 42 questions. This facilitates the translation of principles into practice. Another advantage of this approach is it provides a logical foundation for the development of audit tools and a maturity model. However, an important difference between the GoPM principles and the 42 questions should be noted. Whereas all of the eleven principles apply to every organization within the target audience, some of the lower-level questions may not apply to some that are relatively small or less project orientated.
A search of existing frameworks was made in order to group the questions into a coherent structure. The outcome of this search was a decision to adapt the ideas developed by Cooke-Davies for work concerning the selection and use of project metrics. Cooke-Davies (2004) identifies the following three levels at which metrics may be used to assess the success of projects:
- Level 1. Project management success – was the project done right?
- Level 2. Project success – was the right project done?
- Level 3. Consistent project success – were the right projects done time after time?
Level 1 is concerned with whether or not the project management function performs efficiently and effectively. From the GoPM perspective, directors need assurance that this is the case. Level 2 is primarily concerned with the effectiveness of project sponsorship. It addresses the question as to whether or not the project delivers value for money in its broadest sense. Level 3 is concerned with the effectiveness with which the organization's project portfolio is managed. It asks whether or not the portfolio will foster a long-range competitive advantage and if it will optimise the use of scarce resources.
Typically, the functions required to support these three levels are fulfilled by different people, often working at different levels in the management hierarchy. Project metrics are used, not only for the measuring success at the various levels, but also as a means of communicating project information through the management hierarchy. On this basis, a fourth group of questions was added to the GoPM structure to cover “disclosure and reporting”. Reporting refers to information reported up through the hierarchy, whereas disclosure refers to information that may need to be exchanged either upwards or downwards. The four groups of questions (referred to as the four GoPM components) are thus:
- Portfolio Direction
- Project Sponsorship.
- Project Management
- Disclosure and Reporting
These four components are illustrated in Exhibit 2.
Sound governance of project management is dependent upon the effectiveness and efficiency of all four GoPM components. Thus, although project management literature tends to focus on the third component, failures in project sponsorship or portfolio direction may cause projects to be ineffective. Similarly, failures in disclosure and reporting can have fundamentally detrimental effects on an organization's strategic control of projects.
An organization's project portfolio comprises the collection of projects and programs that it owns. The portfolio should be aligned with the organization's key business objectives including those of profitability, customer service, reputation, sustainability, and growth.
The direct link between the project portfolio and key business objectives shows that portfolio management has an important strategic purpose within the direction of the organisation as a whole. It is for this reason that responsibility for portfolio direction is usually carried at a very senior management level.
Projects that are not aligned with at least some key business objectives are most unlikely to be of value. Three obvious, but fundamental, points arise immediately:
- The organisation should have identified its key business objectives (which must be known to the managers responsible for directing the project portfolio).
- Each project or programme should have clear purposes that are quantifiable as objectives whenever appropriate.
- It should be possible to test whether or not the purposes of projects are aligned with the key business objectives.
Any organization that fails to satisfy all three of these criteria will not have a sound governance process for its project management function. It would be vulnerable to supporting projects that fail to deliver business value, even if the projects were delivered successfully on their own terms.
Another point addressed by the Guide is that the organisation should be able to distinguish between activities that should be addressed as projects and other activities that should be managed as operations. Turner describes projects as being endeavours that are unique, novel and transient. (1999) Uniqueness results in core activities such as planning having to be started from scratch, whilst novelty implies greater risk and the need for particular skills and resources. Activities managed as projects therefore tend to require a relatively high management effort and specialized management techniques. It would be inefficient to apply these overheads to all operations.
The transient nature of projects also has a number of implications for control of the project portfolio. An organisation will usually employ a project lifecycle model to control its projects. The guide's principles require that there are authorization bodies, and most organizations will have an authorizations process based on the project lifecycle. A sound project portfolio will normally include projects at different stages, thus smoothing resource requirements and providing a digestible rate of change rate of change. This is reflected in two of the Portfolio direction questions:
GoPM Guide Question PD6. Is the project portfolio consistent with the organization's capacity?
GoPM Guide Question PD8. Has the organisation assured itself that the impact of implementing its project portfolio is acceptable to its ongoing operations?
Project sponsors play a key role in the governance of project management. Based upon the experience of GoPM SIG members, the input of people who reviewed the draft guide and anecdotal evidence from other project management forums, it became evident that project sponsorship is an area of weakness in many organizations. Typical problems are that project sponsors may:
- Fail to devote enough time to the projects that they sponsor.
- Fail to provide clear and timely direction.
- Lack sufficient project management experience to have the insight necessary for their role.
- Lack a structured understanding of what their role is.
Yet effective project sponsorship is of great benefit to even the best project managers. Exhibit 2 places sponsorship at the heart of GoPM activities. Amongst the contributions that the GoPM Guide may make to project management, is its potential to help to focus attention on the role of the project sponsor.
Turner (1999) describes the project sponsor as being the person or group who makes the resources available to buy the project's products. As the authority for the release of resources, the sponsor holds a critical position of power over the project. They also represent the interests of the project's owning organization. The sponsor thus provides a link between the project and the organization's management, leading, ultimately to the Executive Board. The GoPM Guide notes that the sponsorship role includes decision making, directing and representational accountabilities. It thus augments Turner's description of the role by stating that sponsors should own, and be accountable for, the project's business case. Since the business case should clarify the project purposes, there is a logical link between the sponsor's role and direction of the organization's project portfolio.
If project sponsors are able to make resources available, it follows that they should also have the power to withdraw them. A commonly observed problem in project management is that there is a tendency for projects to continue in circumstances when it has become clear that they should be closed. Such circumstances might arise from problems with project progress or for reasons of purpose that lie outside the project's control. In either case the project sponsor should consider whether or not the project's continuation can be justified. Relevant questions in the Guide include:
GoPM Guide Question PS6. Are projects closed at the appropriate time?
GoPM Guide Question PS7. Is independent advice used for appraisal of projects?
GoPM Guide Question PS9. Are sponsors accountable for the realization of benefits?
Project Management Effectiveness and Efficiency
The GoPM Guide is not concerned with providing advice on how to manage projects effectively; that is a subject already covered extensively in the project management literature! Instead it is concerned with providing directors with key questions that they can use to determine whether or not the project management function is effective and efficient.
Directors may judge their organization's project management function using a number of approaches, including:
- Results (comparing eventual outcomes with forecasts).
- Monitoring (comparing progress with forecasts).
- Audits against internal or external project management standards.
- Project management capability assessments using maturity models.
The first two approaches are based on measuring deviations from planned objectives. However, they make no distinction between the effect of project management and the influence of other factors. If there are significant causes of project failure that lie outside the domain of the project manager, deviation from project objectives may be a relatively poor proxy for measuring project management effectiveness. This is one of the lessons that can be learned from the NAO's list of eight major causes of project failure. Using a results-based measure by which to judge the performance of project managers assumes that all project failures or successes are due to project management rather than project management and governance combined. This is like attributing success on a battlefield to only the officers in direct contact with the troops and in no way to the higher chain of command.
Unfortunately, the third approach, based on audits, also has a weakness. Perhaps surprisingly, there is little evidence, one way or the other, that compliance with project management standards and is well correlated with senior management perceptions of the project management function (Crawford 2005). There may also be doubt as to whether or not audit tools based on a tick-box methodology can provide adequate depth to assessing the subtleties that matter most.
This leaves the fourth approach of using capability assessments. In principle, capability should provide a more fundamentally important measure than compliance with a recorded process. Maturity models can also designed to assess processes in greater depth (due to the presence of performance levels, e.g. Kerzner, 2001) and breadth (for example it may be possible to assess the influence of organizational culture, e.g. Hopkinson 2000). However, capability modeling and assessment is a relatively recent development in project management. Thus, many organisations have yet to gain the experience necessary to have sufficient confidence in the benefits to be gained from its use.
The GoPM Guide therefore takes a fifth, and simpler, approach to assessing the project management function. It gives directors nine questions that they can ask to determine whether or not projects are managed effectively and efficiently. If directors can, realistically give the answer “yes” to all nine questions, this would be good evidence that projects were being managed:
- with clear critical success criteria,
- in an appropriate way,
- by competent people,
- with adequate resources, and
- with appropriate delegation of authority and clarity of responsibility.
If all nine questions can be answered in the affirmative, but the organization nevertheless has project-related difficulties, this would suggest the presence of weakness in one of the other three GoPM components.
Disclosure and Reporting
Effective governance of project management requires an organization's decision making processes to be supported by timely, relevant and reliable information. Since taking strategic project-related decisions and the production of supporting information are often performed at different levels or by different people, the requirement for timeliness, relevance and reliability raises a number of key questions.
In order for information to be timely, decision makers must be able to identify key points in time at which information will be required. In particular, there should be authorization points at which strategic commitments will be made. These points should be planned in a way that lends itself to the control of risk within the limits that the organisation is willing to tolerate. The information used to support strategic authorization decisions should therefore be based on a clear business case and should include an assessment of the risk implications.
The requirement for timely information also indicates that the reporting burden imposed on the people who produce it should be minimized. Large volumes of data take time to produce. A surplus of information may also obscure the most relevant parts of it. Besides, an over-burdensome reporting process would consume unnecessary levels of project management resource and threaten the effectiveness of the project management function. Hence, The GoPM guide asks:
GoPM Guide Question DR12: Do project processes reduce reporting requirements to the minimum necessary?
The requirement for relevant information, combined with the aim of minimising reporting requirements, means that organisations should be clear as to what information is required and for what purposes. Information that does not lend itself to effective decision making is likely to be superfluous. Relevant information is likely to include key success indicators that can be used for monitoring purposes. However, the relationship between project information and decisions means that the organisation should also take care to identify and report on key success factors.
In part, the requirement for reliable information indicates the importance of having a competent project management function. However, information reliability is also dependent upon the integrity of all involved. The GoPM guide identifies two circumstances in which there are typically threats to the open and honest disclosure of project information: prior to major project approvals and projects that are encountering serious difficulties. In such circumstances, it is recommended that there should be an independent verification of information. Dependent upon the view of the project sponsor would require the services of a suitably experienced person either internal or external to the organisation. The issues involved with the integrity of reporting and disclosure are of sufficiently fundamental importance to be reflected in both the GoPM Guide's principles and in component questions:
GoPM Guide Principle No. 11: The board or its delegated agents decide when independent scrutiny of projects and project management systems is required and implement such scrutiny accordingly.
GoPM Guide Question DR9: Does the business culture encourage open and honest reporting?
The GoPM Guide has been developed to describe activities that an organisation should undertake in order to align its corporate governance processes and its management of projects. It identifies eleven principles that all organisations (including businesses, government organisations and charities) should adopt if their purpose is significantly dependent upon projects. The GoPM Guide also identifies four components, into which governance of project management activities can be classified. These components concern directing the project portfolio, project sponsorship, the effectiveness and efficiency of the project management function and disclosure and reporting. Effective implementation each of these four components is essential to successful governance of project management.
BAE Systems (19th February, 2003) Statement concerning the Nimrod and Astute programmes http://www.baesystems.com/newsroom/2003/feb/190203news1.htm
Comptroller and Auditor General (2004) Improving IT Procurement – Report HC877 Buckingham Palace Road, London: National Audit Office,.
Cooke-Davies, T. J. (20040 Consistently Doing the Right Projects and Doing Them Right – What Metrics do you Need? Proceedings of the PMI Europe Congress 2004, Prague, Czech Republic
Crawford, L. (2005) Senior Management Perceptions of Project Management Competence International Journal of Project Management 23,(1)
GoPM Specific Interest Group (2004) Directing change, A guide to governance of project management High Wycombe, UK: Association for Project Management,. (available at www.apm.org)
Hopkinson, M. (2000) Using Risk Maturity Models. Kluwer's Risk Management Briefing, (Issue 40, May), Pages 4-8.
Kerzner, H. (2001) Strategic Planning for Project Management Using a Project Management Maturity Model Third Avenue, New York: John Wiley & Sons
Lord Bach, UK Minister for Defence Procurement (19th February, 2003) Statement concerning a new maritime patrol aircraft and a new class of nuclear-powered attack submarines Whitehall, London: .Ministry of Defence,
OECD, Organisation for Economic Co-operation and Development (2004) Principles of Corporate Governance – Page 11 Paris, France: OECD Publications, 2 Rue Andre-Pascal,
One Hundred Seventh Congress of the United States of America (2002, 22nd January). The Sarbanes-Oxley Act of 2002.
Public Company Accounting Oversight Board (9th March 2004) An Audit of Internal Control Over Financial Reporting Performed in Conjunction with Audit of Financial Statements Washington, DC, USA
The UK Financial Reporting Council (July 2003) The combined code on corporate governance London, UK.
Turnbull, N et al. (1999) Internal Control: Guidance for Directors on the Combined Code. London, UK: Institute of Chartered Accountants.
Turner, J. R. (1999) The Handbook of Project-based Management Baffins Lane, Chichester UK: John Wiley & Sons Ltd.
© 2005 HVR Consulting Services Ltd.
Originally published as a part of 2005 PMI Global Congress Proceedings – Edinburgh