Compliance, Risk & Governance

Breaking Through for Improved Delivery

Actual Results

The Problem

• In 2004 investigations uncovered 120 concurrent projects

• 30 providing significant investment – representing 32% of turnover

• Investigations also revealed that there was no overall direction

• Some projects were aiming to deliver outcomes that directly contradicted deliverables from other projects

• A major cause of this chaos was attributed to the (then) strong silo mentality

• Lack of strategic focus and ability map onto business benefits

ISMBDCMBHRMBBAUInfrastru

cture Investments

Functional ProgrammeBoards

BudgetingIdeas FilterBusiness Case CreationResource CommitmentsBenefits RealisationDelivery Lifecycle

Programme GovernanceBusiness Improvement etc

Project BoardsFinance

P&PS&MDPTG

PLCB

Programme managed non delivery

Investment prioritiesBusiness Case Financial Decision

Overall Financial Monitor

Investment Group

Operations Board

Investment Programme

Steering Group

Key Programme RisksConstraints

Resource Priorities

Communication

Communication

Decision Decision

ReportingReporting

Customer Investments

Customer Programme Boards

BudgetingIdeas FilterBusiness Case CreationResource CommitmentsBenefits RealisationDelivery Lifecycle

Programme GovernanceProgramme 1, Programme 2 etc

Project BoardsFinance

Budget Change

Budget Change

The Solution

• Take control from the centre• Rationalise and cull Projects against

benefits• Establish hybrid SOX section 404 ¹ and

CoE ² to; 1) Prioritise and establish financial

controls/monitoring for all projects as they emerge ¹

2) Centralised allocation of resources ²

3) Look for and exploit synergies – remove duplication ¹ ²

4) Follow up to ensure that expected benefits are delivered (SRO ³ roles – SOX 404 equivalent)¹ ²

¹ Sarbanes-Oxley section 404 Internal Governance & Controls

² Office of Government Commerce (OGC) Center of Excellence initiative

³ OGC term, Senior Responsible Owner (SRO)

risk

governance

compliance

Improveddelivery

Benefitsmanagement

Valuemanagement

Goal achievement

The Results

• Focused input to corporate business case and strategic direction

• Staff Savings

• Strategic Improvements in Customer Service

• Organisational Control

• Able to anticipate the needs of changing market

• Cost avoidance

• Reduced expenditure

What we need to do

dep

end

enci

es

cost

Policy/prio

rities

outcomes/benefits

risks progress

Traditional project management metrics (cost, time, scope) are not enough to provide a reliableindication of theperformance of complex change programmes.

What CR & G Delivers

The programme manager and/or project sponsor need a wider dataset to answer

the key, business-related questions to ensure that every activity

is contributing to strategic goals

This is only effectively managed by centralising the control of change

Balanced score card

business goals

what is the ROI / VFM ?

why are we doing this ?

what couldgo wrong ?

what are welikely to deliver

?

how are we progressing ?

what are our priorities ?

Planned Outcomes

Aligned PPM goals to business goals• Undertake the right programme/project

at the right time with a realistic budget.

Delivered business objectives• Growth, increased profits, enhanced

strategic position and increased effectiveness

Standardised approach assured• All programme’s/projects are managed,

controlled and reported in the same manner

• Provides a more effective way to develop our PMs skills and provides a means for direct recognition of success

Enhanced risk management process• Mapping programmes & projects to

business objectives and documented contingency plans

Planning and expectation setting process

• Giving a clear understanding of the business goals being achieved by the investment programmes & projects

Coherent and consistent reporting process implemented

• Giving visibility of, and indicating the status of programmes & projects in terms of their deliverables

Centralised information repository• Giving access to historical programme

& project documentation and results ensuring the capture and re-use of programme & project knowledge.

Aspects of a CR & G

Process

gettingstarted

deliveryclosure

planning

Structure

compliancerisk

governance

People

defined competencies

assessment,

development

& support

succ

essio

n pla

nning

3 Facets – different weightings

All factors need to be correctly placed and weighted.

Ad-hoc Repeatable

Structure

Process

people Structure

Process

people5%

15%

80%

5%

15%

80%

The CR & G Process

Initiative

Business Objective

Business Benefit

Management Climate (change)

Competence(increase)

ob

ject

ives

ob

ject

ives

resu

lts

resu

lts

soft issues (people)hard issues (business)

Projects

• Risk Plans• Communications

Plans• PM Reporting and

Escalation• Key Milestones• Project Control• Project Reporting

BASELINE leading to IMPROVEMENT

Jan 2004 - July 2004

ONGOING IMPROVEMENT

Aug 2004 - April 2005

CR&G Implementation

Customer and Supplier Management

• Open partnerships• Effective

communication pipelines

• Joint Quality Plans • Define partnership

roles and responsibilities

• Determine & Agree Service Quality levels and create appropriate SLA’s

Skills & Competencies

• Define of PM Skills and competencies aligned to KPIs

• Carry out competencies analysis PM’s and PL’s

• Create job descriptions

• Identify Specific Training needs

• Implement Training Programme aligned to KPIs

Change Management

• Establish a procedure for dealing with change.

• Document and estimate the impact of every change so that each change can be assessed on its costs and benefits

Risk Management

• Establish a procedure for identifying assessing and managing risk

• Document and estimate the impact of every risk so that each risk can be assessed on its potential impact

Project Structure & Governance

• Projects Register• Project Boards• Strategic Objectives • Budget management

and project prioritisation processes

• Process Alignment• Identify• Structure• Implementation

Project Management / Communications /

Reporting

Project Management/Communications & Reporting (Ongoing)

Projects Structure & Governance

Management of Customer & Supplier Expectations (Ongoing)

Risk Management

Skills & Competencies

Change Management

The Phased Delivery

Phase 1Embedding

Phase 2Affecting

Phase 3Exploiting

Phase 4Dispersal

Achieving the Plan

Design & Document

Buy in Structuring Assessment & Migration ReviewRe-assessment

deliverunderstand

BaselineAssessment

Typical CR&G Support Structure

Quality

Management People

Resource Management

Infrastructure Management

Planning & Risk

Management

Communications Management

Financial & Performance Management

Delivery Management

Performance• to budget• to plan• to business metrics

Forecasting

ContractormanagementHuman resourcemanagementSourcingResourcebalancingTraining

Quality metricsAuditPerformancemetricsBest practiceContinuousImprovement

TaskmanagementDeliverablesmanagementIssue • identification• resolution• escalation ProgrammesProjects

ProcessmanagementMethodologyTools & controlsCapacityplanning

StrategyselectionImpact assessmentRisk assessment& management• bus, risks• project risk• contingency planning

Internal communicationsEnterprise awarenessManagementawarenessKnowledge transferPartner communication

Admin & Operational Support

Programme Delivery Unit

Strategic Operations

Coherent reporting structureCompliance, Risk and Governance

Projects

ExecutiveBoard

Programme Board

Programme Manager

Strategic Health Check

Business Sponsor

SRO

Shareholders

standardreport

• Interdependencies• Risk• Cost• Schedule• Progress

feedback

feedback

feedback

feedback

standardreport

standardreport

standardreport

The CR&G Driven Organisationportfolio management

Strategy

Tec

hn

ical

an

d b

usi

nes

s ar

chit

ectu

re

Governance

Products

Customers

Inte

rnal

D

epar

tmen

t

Inte

rnal

D

epar

tmen

t

Inte

rnal

D

epar

tmen

t

Overcoming resistance

Strategy – Change, dealing with the people

• Three main agents to overcoming resistance

• Organisational factors

• Board level support• External change agents• Speed (momentum)

• Key player identification

• Identification, categorisation – management

• Executives

• Stakeholders

• Groups

• Strategic and structural change

• Catalyst change• Identification with strategic goals and vision

Structured hierarchical approachThe two primary groups

• Pre launch – controlling group• Executive management first (small critical buy in – leadership)

• Post launch – stakeholder types• Passive group (within major group)

• Protagonists (within major group)

• Antagonists (within major group)

• Terrorists (within major group)

Post launchPre launch

Design & Document

Buy in StructuringAssessment &

MigrationReviewRe-assessBaselineAssessment Re-assess Review

Executive Stakeholder group

Stakeholder Responses

Protagonists

Passive

Terrorists

Antagonists

Mo

tiva

tio

n

Commitment to CoE

Loss of Individual Status, Control & EmpireExecutive group

• Perceived loss of status as a result of removal of funding

• Funding moving to centralised control• Extensive involvement in planning to understand the reasoning

• Perceived loss of control of a working delivery system within the silo

• Why fix something that isn’t broken ?• Involvement in larger picture planning – improving delivery across the whole

business

• Perceived loss of direct involvement on a day to day basis

• Introduction of the SRO role identifying long term responsibility• Introduction of the PBS role representing the business on the SROs behalf and

doing the leg work• Loss of direct involvement is not necessarily detrimental

Management Styles – Responses to ChangeManagement group

• Indulgent Managers

• more responsive than demanding. Non traditional and lenient, do not require

mature behaviour, allow considerable self-regulation, and avoid confrontation • Authoritarian Managers

• highly demanding and directive, not responsive, obedience- and status-oriented, expect their orders to be obeyed without explanation

• Authoritative Managers • demanding and responsive, monitor and impart clear standards for their

subordinates conduct, assertive, but not intrusive and restrictive. methods are supportive, rather than punitive. want their staff to be assertive as well as socially responsible, self-regulated as well as cooperative

• Uninvolved Managers• low in both responsiveness and directiveness. In extreme cases, might

encompass both rejecting–neglecting and neglectful managers

Reaction to Change – Planned Responses

• Panic• No individual interactive response – communicate to their peer group

• Active Resistance• Ignore them – communicate and encourage their peer group

• Bargaining • Ignore them – encourage and reward their peer group

• Passive Resistance• Ignore individuals – Communication at group level

• Acceptance• Engaged

Do not identify or allow individuals to become a focus for resistance

Resistance behaviours

Post launchPre launch

Design & Document

Buy in StructuringAssessment &

MigrationReviewRe-assessBaselineAssessment

Executives Individualbehaviours

Group behaviours

panic

Manager Individual behaviours

acceptancebargaining

panic panic panic

acceptance

Passive resistance

Re-assess Review

Active resistance Active resistance

Bargaining

Active resistance

panic

acceptance

Passive resistance

Bargaining

Dominant Groups

• Small dominant group located within the business

• Typified by :-• Loss of sight of corporate objectives (acting on their own behalf)

• Causing significant disruption and incurring costs

• Superior resources, historical power base

• Negative attitude

• Inconsistent treatment of people

• Individual approach – person to person

• Institutional approach – group to group

• Approached by• Breaking up the group

• Change the make up and hence dynamic of the group

• Employment of individual stakeholder strategies at group level

Competence

CR&G Competence set

implementation planning and organisation

clarity

goal focus

process

control

businesscontext

personalinfluence

teamleadership

teamdevelopment

team growth

direction

ACHIEVEMENT AWARENESS INTERPERSONAL

CR&G Skills and Behaviours - example

Job

Function

Skill

Behaviour

Proficiency levels PMMM

PeopleManager

“Pegasus” Project Manager

ResourceManager

ProjectManager

Etc.

BusinessCase definition

Planning &Control

ConfigurationManagement

Etc.

Approach Methodology Tools Etc.

e.g.: - 0 = None; 1 = Awareness; 2 = Practitioner; 3 = Expert; 4 = Innovator

Monitoring &reporting

Measuring success

Measuring Competence for CR&G

• Programme delivery capability tool

• Project survival test

• Health check – peer 2 peer review

• Capability to manage from a risk perspective

• Risk identification and mitigation

• Assessment against risk management maturity model

• Programme and Project strategic assessment reviews

• Benefits achievement strategic reviews

Maintaining Success Delivery Unit Maturity Model

Level 3 – Largely Compliant Supports a portfolio Integrated, organised, defined – up to 85%

Level 1 – Not Generally Compliant Adhoc initial – up to 20% compliant

Level 2 – Partially Compliant Supports one programme Consistent, repeatable – up to 50%

Level 4 – Fully Compliant Supports the organisation Comprehensive, managed – over 85%

Level 5

Working towards

Success

Business Impact (Phase 3)

Business impact

The Phased Delivery

Phase 1Embedding

Phase 2Affecting

Phase 3Exploiting

Reach ‘the Bar’ in Phase 2 (80-85%)

Phase 4Dispersal

Critical Phase

Phase 1

Phase 2

Phase 3

Phase 4

Phase 1 Embedding

Phase 2 Affecting

Phase 3 Exploiting

Phase 4 Dispersal

Phase 3 – ExploitingImprovement – driving success with CR&G and business support

per

form

ance

Delivery performance

Business performance

Critical Phase

Phase 1

Phase 2Phase 1 Embedding

Phase 2 Affecting

Phase 3 – ExploitingImprovement – failure – limited success – lack of business support

per

form

ance

Delivery performance

Business performance

Critical Phase

The 4.5 Phase model

• Phase 1 Putting in place - Embedding

• Phase 2 Affecting the Organisation (Continuous Improvement)

• Phase 3 Exploiting – Driving and Monitoring Efficiency

• Phase 4 Dispersal within the Business

6 years (?)

• Re-group - Start Again

Embedding – Affecting – Exploiting - Dispersing

summary

Compliance Risk & GovernanceOGC CoE and Sarbanes-Oxley – section 404

• Benefits & Rational

• Strategy to implement COE /SOX 404

• Strategy for improving PM practice

• Structuring a suitable delivery unit

• Defining the outcomes and metrics

• Defining and structuring the business interaction

• Building the staff competencies

• Maturing the model

It’s not about technology solutions, it’s about change

What’s required of your business

• High Degree of senior level buy in

• Repetition of the process over an extended period ;• Embedding

• Affecting

• Exploiting

• Dispersal

• Investment in specialist resource required for start up and hand over

• Identification and release of suitable staff to maintain the solution once in place