The Core P3M Data Club was formed to create a data standard for portfolio, programme and project management. This enables us to more effectively deliver business integrated governance for Business as Usual and Change. This means our journey from Main Board objectives, targets and challenges can be delivered through portfolios, programmes and projects in the context of finance, management teams, support and assurance more easily and effectively. This will deliver more strategy outcomes, greater business agility, lower management overhead and efficiency benefits.
This document outlines the assumptions we make around how Assurance Teams collaborate to provide support for portfolios, programmes and projects alongside commitments for business as usual activity. Rather than prescribe what “Assurance” should do, we offer general assumptions and outline an assurance / gateway review process – indicating that assurance needs to be designed in to our governance frameworks and portfolio / programme / project strategy plans – which would therefore imply that any data we need for assurance activity should be available without painful gathering / collection processes.
For a high res version click here - https://1drv.ms/w/s!AscRj7Bfp6vQgokFuM-i05cwcQpGng?e=hlbgBR
Find out more and collaborate here: https://www.linkedin.com/groups/13651399/
Core P3M Data Model and Business Integrated (P3M) Governance – Assurance
1. Page 1
This work is licensed under a Creative CommonsAttribution-ShareAlike 4.0InternationalLicense.
2. Page 2
P3M Assurance
Assumptions– P3M Assurance
Assurance provides akeyelementtoIntegratedP3MGovernance. Itmay alreadybe provided
to a degree inat leastsome partsof an organisation.Assurance professionals typicallyhelp
individualdomainsfunctionandbe accountable more easily.
Thisguide offersassumptionsaboutwhatisneededinassurance forBusiness IntegratedP3M
Governance tofunctionandfor the overall Core P3MData Model to be reliable.Itisnota
definitiveguide on overallbusiness assurance asthisisnotinscope and there are in any case
more extensivepublicationsthatcoverthese topicse.g. IPA Assurance Framework, P3O® and
Praxis,butitprovidesanexample scenario.
In contrastto BusinessSupportwhichisclose toa businessand“helping”,the jobof
assurance isto be slightlyremovedand objective.OurassumptionsonAssurance Include:
Assurance providesall the systematicactionsnecessarytoprovide confidence that
the target (system,process,organisation,Programme,Project,outcome,benefit,
capability,productoutput,deliverable)is appropriate.Appropriatenessmightbe
definedsubjectivelyorobjectivelyindifferentcircumstances.
3 Assurance defencesare providedinanorganisation(EntityManagementTeam,SupervisoryTeam,IndependentAssurer viaFirst,Secondand
Thirdline of defence - https://www.iia.org.uk/resources/audit-committees/governance-of-risk-three-lines-of-defence/
In our example scenario,assurance provides:
Value addfor“Delivery”Board – independentview
Lookingforwards - providingadvice,guidance andsupportinthe implementationof governance processes
Confidence Itemisbeingmanagedeffectively –on track for outcomes,benefits
Assurance of RiskManagementApproach – implementationaccordingtoriskmanagementstrategy –managementanddeliveryenvironments
BusinessAssurance –continuedviabilityof businesscase
Stakeholderassurance –engagementmechanismsandperformance
Assurance /Gatewayreviews withstrictentryandexitcriteriadefinedandassessed
From APMDirecting
Change
3. Page 3
Assurance of Projectsandbenefitsrealisationactivities
It may be providedby Internal Audit,External Auditors,aPMOService,Peerreview,orappointedConsultantsandwillbe scaledtoportfolioitemsviaad
hoc checks,periodicchecksorat approval stages(e.g.Gates).
Assurance Agendas
Ad hocassurance tasks include Assurance /Gatewayreviews.Itisassumedforantportfolioitemthesemaybe triggeredoff itsAssurance Plan. These may
be assignments (carriedoutbyexternal peopleorfromwithinanexistingAssurance /PMO function) whichmayhave amulti-steplifecycle,anexampleof
whichisprovidedhere:
Step1 – confirmtermsof reference forthe assurance assignment
Step2 – understandbusinesscase,organisation,RAIDLog/ Meetingminutes,highlightreport.
Step3 – agree areas to Probe
Step4 – Probe (accessto people,records,documents)
Step5 – capture / categorise findings(Assurance questionnaire on-line?)
Step6 – collate issues,recommendations(action,decision,risk),lessons
Progress– communicate informallywithsponsoronprogress/issues
Step7 – Agree – Assurance ReviewMeeting
Step8 – Communicate
Step9 – followup
Step4 – Areasto Probe – thisrequiresaccesstodata. It isassumedthatthe typical needsforan Assurance Reviewcanbe builtintothe Data Model –
meaningthe Assurance assignmentcanbe more aboutassurance and lessaboutdata collectionandvalidation.
4. Page 4
Alignedtothe example,atypical Assurance Reviewmaycontainthe following exampleagendaitems:
Item Description Input Output
Compliance
Review
Confirmationthatthere isenough
documentation,processcompliance to
make the reviewviable
Compliance Report RAID Log
Data Quality
Review
Confirmationthatthere isenoughdata
qualityandcompliance tomake the
reviewviable
Compliance Report RAID Log
AreasProbed –
Summary
What were the keyfindingsand
recommendationsfromassurance activity
Assurance SummaryReport RAID Log
Lessons Learned
AreasProbed –
itemsof praise /
concern
Delvingintothe detailswhere necessary
perportfolioitemtounderstandthe
findingandagree nextsteps
Assurance SurveyData
analysis
RAID Log
LessonsLearned
Risks,Actions,
IssuesDecisions
Summary
Agree findings/recommendationsthat
are to be notedinthe portfolioitemRAID
and deadlines/followupchecks
RAID Log AmendedRAIDLog
Communications What communicationneedstobe done to
whomon the back of the assurance
activity
AmendedRAIDLog
Meetingdiscussion
Assurance Communications
Assurance
Analysis
Ad hocanalysisprovidinginsightsacross
the portfolioof areasthat are problematic
Assurance analysisdata Ad hocanalysis,KPI
5. Page 5
RAID Progress Have the risks,issues,actionsand
decisionsfromenterprisewide assurance
meetingsbeenaddressedasappropriate
(Enterprise) RAIDLog Ad hocanalysis,KPI
MI Implication
Backgroundassurance activityoutlinedabove will needtoaccessall the data each AccountabilityNode uses andbe able toanalyse qualityand reliability.It
isassumedthat byhavingaccessto the Core P3M data usedto operate governance, Assurance will be able to carryout ad hoc queries asrequired.
It isalso assumedthatif an organisationhasa general assurance strategy, the general needforMIcan be establishedandincludedhere. Furthermore,
largerPortfolioitemsshouldhave aspecificassurance strategy,andif there are gapsindata availabilitythesemaybe added tothe Core P3M Data model
for the organisation.
The example Assurance Reviewabove canbe operationalised,and genericneedare asfollows:
Title Purpose Content
RAID Progress Have the Risks/Actions/ Assumptions
/ Issues/Decisions/Dependencies
frompreviousassurance meetingsbeen
addressedasappropriate
RAID itemsrelatedtothe Assurance domain
Compliance
Report
Setof MI to highlightareasof the
portfolioitemprocess,documentor
data whichare notwithinquality
expectations
Examples:
Plansmissingqualitycomponents(givenmilestones,logic,resource assignments…),
plansnot progressedtostatusdate,time recordsmissing,baselinesmissing,required
documentsmissingfromlibraries,approval stepsincompletewithworkprogressing,
RAID itemoutof date,dependencieslate ornotagreed,deliverablesmissed,late or
emergencychanges
6. Page 6
Assurance
Summary
What were the keyfindingsand
recommendationsfromassurance
activity
Writtensummaryagainstassurance headings –e.g.BusinessCase viability,strategic
fit,compliance,governance themes,lifecyclerequirements,leadershipand
relationships
Assurance
Details
Detailscapturedwhichevidence the
finding/recommendations
Assurance classification,Areasprobed,observations,conclusion/ action/
recommendation
NewRAIDitems Agreedfindings/recommendations
that are to be notedinthe portfolio
itemRAID
Committingof assurance recommendationstoRAIDlogand management
Communications
Report
Presentcommunicationmessagesand
to whomtheyare addressedonthe
back of the assurance activity(key
messages/escalations)
Contentandaudience managementdataandpresentation.
Analysis
dashboard
Ad hocanalysisprovidinginsights
across the portfolioof areasthat are
problematic
Ad hocinsightsusingthe core data
Resources
Thissectioncontainslinkstodetailedpresentation/backup material tothe narrative above
Linksto assumptionsandderivation isavailable onrequest.