Chartered Secretaries Risk & Compliance Module 8 - Project Governance - May 2010

1,755 views

Published on

Guest lecture for Chartered Secretaries of Australia

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,755
On SlideShare
0
From Embeds
0
Number of Embeds
177
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Modern PM: WW2 – Manhattan Project, NASA Speed of competition: new products Changing expectations: public sector reform
  • Management of large-scale expenditures is a fiduciary duty requiring careful oversight. However a Deloitte survey of boardroom directors revealed oversight of IT projects was either “blind” (29% with inadequate information) or non-existent (16%) [i] . They warned in 2007 that the results were “tantamount to negligence” and the AICD have long reported statistics suggesting the problem is more widespread [ii] (Figure 1). My own research suggests that as many as two out of three projects fail to deliver the expected benefits [iii] . Increased scrutiny could reveal the real failure rate. However what might be worse in the current financial environment is to have two out of three strategic initiatives fail to increase revenue, enhance customer service or reduce cost and threaten survival. [i] What the Board Needs to Know About IT: Phase II Findings (Deloitte, 2007), http://www.deloitte.com/dtt/article/0,1002,sid=36692&cid=151800,00.html [ii] D. Lovalla and D. Kahneman, “Delusions of success: how optimism undermines executive's decisions, Harvard Business Review,” Harvard Business Review July (2003): 58 [iii] R. Young, “What is the ROI for IT Project Governance? Establishing a benchmark.,” in 2006 IT Governance International Conference (Auckland, New Zealand, 2006)
  • Management of large-scale expenditures is a fiduciary duty requiring careful oversight. However a Deloitte survey of boardroom directors revealed oversight of IT projects was either “blind” (29% with inadequate information) or non-existent (16%) [i] . They warned in 2007 that the results were “tantamount to negligence” and the AICD have long reported statistics suggesting the problem is more widespread [ii] (Figure 1). My own research suggests that as many as two out of three projects fail to deliver the expected benefits [iii] . Increased scrutiny could reveal the real failure rate. However what might be worse in the current financial environment is to have two out of three strategic initiatives fail to increase revenue, enhance customer service or reduce cost and threaten survival. [i] What the Board Needs to Know About IT: Phase II Findings (Deloitte, 2007), http://www.deloitte.com/dtt/article/0,1002,sid=36692&cid=151800,00.html [ii] D. Lovalla and D. Kahneman, “Delusions of success: how optimism undermines executive's decisions, Harvard Business Review,” Harvard Business Review July (2003): 58 [iii] R. Young, “What is the ROI for IT Project Governance? Establishing a benchmark.,” in 2006 IT Governance International Conference (Auckland, New Zealand, 2006)
  • Most companies would say it’s up to management to define what the business needs … it is the boards responsibility to ask questions to ensure that management has really thought through the bigger picture Some board members were saying we should do more, some less … [big project risk vs strategic risk of moving too slowly] “ The board members I talk to are very comfortable if there is someone taking responsibility and particularly comfortable if it’s McKinsey or one of the major firms”; “ most [boards] are very content to delegate it to management … there is a tendency to accept the recommendations of management, which tend to echo the recommendations of the consultants … there is no thorough analytical review in the way you would in other areas where the directors know what’s going on”; “ for all the Standards that exist, there is no guidance on how to go about making the decisions to implement an ecommerce strategy” ; “ management is gathering tons of information and don’t know how to present it”; “ are the board [receiving] summaries, no … it’s difficult for directors to make good decisions”; with technocrats, the only three things you can be assured of are: nothing would get finished on time, it would always cost vastly more than predicted and it would never do what it was promised to do” I do stress to boards that they’re not IT issues because they’re business issues.
  • Most companies would say it’s up to management to define what the business needs … it is the boards responsibility to ask questions to ensure that management has really thought through the bigger picture Some board members were saying we should do more, some less … [big project risk vs strategic risk of moving too slowly] “ The board members I talk to are very comfortable if there is someone taking responsibility and particularly comfortable if it’s McKinsey or one of the major firms”; “ most [boards] are very content to delegate it to management … there is a tendency to accept the recommendations of management, which tend to echo the recommendations of the consultants … there is no thorough analytical review in the way you would in other areas where the directors know what’s going on”; “ for all the Standards that exist, there is no guidance on how to go about making the decisions to implement an ecommerce strategy” ; “ management is gathering tons of information and don’t know how to present it”; “ are the board [receiving] summaries, no … it’s difficult for directors to make good decisions”; with technocrats, the only three things you can be assured of are: nothing would get finished on time, it would always cost vastly more than predicted and it would never do what it was promised to do” I do stress to boards that they’re not IT issues because they’re business issues.
  • Most companies would say it’s up to management to define what the business needs … it is the boards responsibility to ask questions to ensure that management has really thought through the bigger picture Some board members were saying we should do more, some less … [big project risk vs strategic risk of moving too slowly] “ The board members I talk to are very comfortable if there is someone taking responsibility and particularly comfortable if it’s McKinsey or one of the major firms”; “ most [boards] are very content to delegate it to management … there is a tendency to accept the recommendations of management, which tend to echo the recommendations of the consultants … there is no thorough analytical review in the way you would in other areas where the directors know what’s going on”; “ for all the Standards that exist, there is no guidance on how to go about making the decisions to implement an ecommerce strategy” ; “ management is gathering tons of information and don’t know how to present it”; “ are the board [receiving] summaries, no … it’s difficult for directors to make good decisions”; with technocrats, the only three things you can be assured of are: nothing would get finished on time, it would always cost vastly more than predicted and it would never do what it was promised to do” I do stress to boards that they’re not IT issues because they’re business issues.
  • Most companies would say it’s up to management to define what the business needs … it is the boards responsibility to ask questions to ensure that management has really thought through the bigger picture Some board members were saying we should do more, some less … [big project risk vs strategic risk of moving too slowly] “ The board members I talk to are very comfortable if there is someone taking responsibility and particularly comfortable if it’s McKinsey or one of the major firms”; “ most [boards] are very content to delegate it to management … there is a tendency to accept the recommendations of management, which tend to echo the recommendations of the consultants … there is no thorough analytical review in the way you would in other areas where the directors know what’s going on”; “ for all the Standards that exist, there is no guidance on how to go about making the decisions to implement an ecommerce strategy” ; “ management is gathering tons of information and don’t know how to present it”; “ are the board [receiving] summaries, no … it’s difficult for directors to make good decisions”; with technocrats, the only three things you can be assured of are: nothing would get finished on time, it would always cost vastly more than predicted and it would never do what it was promised to do” I do stress to boards that they’re not IT issues because they’re business issues.
  • Raymond
  • Expand to many different classes of vessel, with different characteristics starting from different points, experiencing different weather conditions with intermediate/transfer points but with one ultimate goal/outcome/destination
  • To survive, thrive and also to minimise the governance backlash, the first step must be to get the right information needed to govern effectively. The board bears the responsibility to set clear guidelines and expectations about the kinds of information they want to see filter up. What benefits are being targeted? [how is this consistent with our strategic priorities?] Do we have the organisational capacity to realise these benefits and what other risks are involved? How will we measure success? Do we have the right person driving the change? Are there any warning signs that the project is going off track? Are the benefits being realised? These questions seem simple but none of the directors I have spoken to had an effective process to terminate failing projects. Benefits are usually quantified (66%), but they are often overstated (27%) [i] , change is not always considered (40%) [ii] , individuals are not held accountable (5-23%) and few organisations track benefits through to realisation (10%) [iii] . Organisations do not focus on the true determinants of success. [i] Chad Lin, Graham Pervan, and Donald McDermid, “IS/IT investment evaluation and benefits realization issues in Australia,” Journal of Research and Practice in Information Technology 37, no. 3 (2005): 235-251 [ii] KPMG, “Global IT Project Management Survey: How committed are you?,” 2005, http://www.kpmg.com.au/Portals/0/irmprm-global-it-pm-survey2005.pdf [iii] John Thorp, “Unlocking Value - Delivering on the Promise of Information Technology,” in Delivering Value , 2008, http://www.isaca.org.au/modules.php?op=modload&name=News&file=article&sid=28
  • Chartered Secretaries Risk & Compliance Module 8 - Project Governance - May 2010

    1. 1. Risk and Compliance Module 8 – Project Governance Dr Raymond Young – University of Canberra
    2. 2. Agenda <ul><li>Context & Key Concepts </li></ul><ul><li>Best practice </li></ul><ul><li>Specific issues: </li></ul><ul><ul><li>Cultural barriers </li></ul></ul><ul><li>Application: Case study </li></ul>
    3. 3. WHY GOVERN PROJECTS? <ul><li>Context </li></ul>
    4. 4. The role of projects Business As Usual Services & Value
    5. 5. The role of projects BAU performance over time Impacted by demographic, financial and global forces Business As Usual Services & Value Demographic financial & global forces
    6. 6. The role of projects project based organisational change Projects needed to deliver significant change Business As Usual 70-80 % BETTER Projects 20-30 %
    7. 7. Oversight blind (29%) or nil (16%) Increasing degrees of negligence Level of scrutiny (benign economy) __% projects perceived to fail New levels of scrutiny <ul><li>M anagement of large-scale expenditures is a fiduciary duty requiring careful oversight. The results were “tantamount to negligence”. Deloitte( 2007) What the Board Needs to Know About IT: Phase II Findings </li></ul><ul><li>“ A pay structure that rewards origination without regard to investment outcomes is not appropriate” Michael Larkin, CEO Babcock and Brown (AFR 11 Nov 2008, p 84) </li></ul>The case for governing projects The Risk and Compliance perspective
    8. 8. <ul><li>¾ of mergers and acquisitions never pay off </li></ul><ul><li>2/3 of IT projects deliver no benefits whatsoever </li></ul><ul><li>most large capital projects fail to live up to expectations </li></ul><ul><li>majority of efforts to enter new markets are abandoned in a few years </li></ul><ul><li>70% of new manufacturing plants are closed in their first decade </li></ul>Level of scrutiny (benign economy) __% projects perceived to fail New levels of scrutiny <ul><li>M anagement of large-scale expenditures is a fiduciary duty requiring careful oversight. The results were “tantamount to negligence”. Deloitte( 2007) What the Board Needs to Know About IT: Phase II Findings </li></ul><ul><li>“ A pay structure that rewards origination without regard to investment outcomes is not appropriate” Michael Larkin, CEO Babcock and Brown (AFR 11 Nov 2008, p 84) </li></ul>The case for governing projects The Risk and Compliance perspective
    9. 9. Projects On-time On-budget Inside the head of project managers Young and Jordan 2008 Kwak and Anabari 2009 VIC 100b Young and Jordan 2002 Strategy Governance Microscope Projects Telescope
    10. 10. Inside the head of boards and top managers Projects e-commerce Risk 13 Dir: 60+ boards Strategy should be developed by management E-commerce is important but strategy is hard … 3 approaches – (2) get an expert Few have IT background Widespread delegation to mngt / consultants Young and Jordan 2002
    11. 11. Inside the head of boards and top managers Projects Strategy On-time On-budget Inside the head of project managers Young and Jordan 2008 [2] I would have thought it would be the opposite … are there stats by industry? [3] valuations are heavily discounted whenever a big IT project is announced [4] they hardly ever define adequately what success looks like [1] That’s probably about right… Telescope Microscope Projects
    12. 12. Inside the head of boards and top managers Projects On-time On-budget Inside the head of project managers Young and Jordan 2008 [3] Sponsors definitely drive success … we would need to see a track record of this working [4] You’ve definitely got this right by putting the strategy first [1] Yes … I think you could sell that. A directors job is to ask questions. VIC 100b
    13. 13. Financial/Strategic Implications Current Performance (68% under) Source: R. Young, “What is the ROI for IT Project Governance? Establishing a benchmark.,” in 2006 IT Governance International Conference (Auckland, New Zealand, 2006) OK Some No Fail ROI 30% OK Some Fail ROI 130% Better Performance (43% under) OK Cancel ROI 220% Excellent Performance (15% cancelled)
    14. 14. KEY CONCEPTS <ul><li>Policy/Strategy implemented through Portfolio/Programmes/Projects </li></ul>
    15. 15. Project Governance: Connecting Corporate Governance and Project Management Standards: OECD Guidelines ASX Guidelines AS8000 Focus on Vision and Mission (Corporate Plan - normally 3+ years) Corporate Governance: The system by which organisations are directed and controlled Standards: PRINCE2 , MSP PMBOK, OPM3 Focus on Outputs e.g. time, budget, quality, stakeholder support, outcomes Project Management: The way of guiding and managing projects to ensure successful completion from start to end Standards: Gateway HB280 AS8016 www.valuedeliverymanagement.com Focus on Outcomes Annual Plan Project Governance: The connection between corporate governance & project management
    16. 16. Project – AS8016 definition an enterprise carefully planned to achieve a particular aim - Oxford Dictionary <ul><li>10-year strategic goals </li></ul><ul><li>↑ economy, ↑ jobs (↑quality) </li></ul><ul><li>↓ crime 5% & ‘feel safer’ </li></ul><ul><li>↑ health </li></ul><ul><ul><li>↓ waiting times (emergency, elective, …) </li></ul></ul><ul><li>↑ education </li></ul><ul><ul><li>↑ literacy/numeracy </li></ul></ul><ul><ul><li>>90% yr 12 </li></ul></ul><ul><ul><li>↑ VET participation </li></ul></ul><ul><li>↑ transport </li></ul><ul><ul><li>↓ commuting times </li></ul></ul><ul><li>↑ environment </li></ul><ul><ul><li>↓ water usage 15% </li></ul></ul>Programs asset investments alone generally will not lead directly to the realisation of strategic goals Output Initiatives Asset Investments
    17. 17. A ValIT understanding of Governance <ul><li>Kubernán (gr): to steer a ship – the process of continually orienting and adjusting </li></ul>“ Managing an uncertain journey to an uncertain destination” Source: VALIT & John Thorp
    18. 18. From project management to governance of strategic programmes Strategy Defined outcomes Delivered outcomes Benefits Project Vision : to improve the social and economic wellbeing through a responsive and sustainable education and training system <ul><li>State Strategies (S4/S5) : increased levels of attainment for all students </li></ul><ul><li>Student skills </li></ul><ul><li>Teacher quality </li></ul><ul><li>Desired Outcomes: </li></ul><ul><li>Increase literacy and numeracy </li></ul><ul><li>More completing year 12 </li></ul><ul><li>Increase participation in VET </li></ul>Governance Programme of change
    19. 19. Assessment of tools and frameworks Where to focus effort to engage top management Governance of Programmes Programme management Governance of Programmes Programme management Efficiency Effectiveness Any benefits Benefits aligned to strategy Realisation of strategic goals Portfolio management Project Management On-time On-budget Avoid duplication Products/ Outputs Programme Portfolio Management Victorian investment frameworks
    20. 20. BEST PRACTICE <ul><li>Enterprise-based Project Governance </li></ul>
    21. 21. Governance Evaluate Direct & Monitor Investment: benefits or terminate? Strategy/capability: how much change is required? Investment & Strategy: Benefits / alignment? Responsibility: Project Sponsor? Performance & Behaviour: measures and motivation? 67%->40% Business Case 40% ? MSP? 5-23% 33-67% ChangeTracking™ 0-13% Benefits Realisation ITIL, COBIT Projects PMBOK, PRINCE2, etc Conformance & Behaviour: culture for issues to be raised? ??% HB280, AS8016, 6Q Governance™ Business processes ICT Operations Support Changed Business Processes Changed ICT Operations Initiate
    22. 22. Other Best Practice Guidelines <ul><li>SARBOX, APM, ANAO (8-3) </li></ul><ul><ul><li>Oversight (Q1 –Q4) & Review (Q5-Q6) </li></ul></ul><ul><ul><li>Stakeholder engagement (Q1, Q2, Q5) </li></ul></ul><ul><li>Failure factors </li></ul><ul><ul><li>Unclear goals / requirements (Q1) </li></ul></ul><ul><ul><li>Inadequate information (Q1, Q5) </li></ul></ul><ul><ul><li>Inadequate resources (Q2) </li></ul></ul><ul><ul><li>Poor communication / management (Q5) </li></ul></ul><ul><ul><li>External events (Q5) </li></ul></ul><ul><ul><li>Unproven technology </li></ul></ul>
    23. 23. SPECIFIC ISSUES <ul><li>Technical skills and cultural barriers </li></ul>
    24. 24. <ul><li>Public-Private Partnerships </li></ul><ul><ul><li>Procurement </li></ul></ul><ul><ul><li>Contracts </li></ul></ul><ul><ul><li>Outsourcing </li></ul></ul>
    25. 25. Without Effective Governance… Source: VALIT & John Thorp Can’t kill projects Leads to.. Too many projects Quality of execution suffers Underestimation of risks and costs Projects not aligned to strategy Over budget Projects Late Business needs not met Lack of confidence (in IT) Results in.. Benefits not received Situation Reluctance to say no to projects Lack of Strategic Focus Projects are “sold” on emotional basis -- not selected No strong review process Overemphasis on Financial ROI No clear strategic criteria for selection
    26. 26. <ul><li>Cultural barriers: </li></ul><ul><ul><li>Boards and top managers may have to accept that they personally have the most influence whether a project succeeds or fails </li></ul></ul><ul><ul><li>Boards, top managers and their advisors may have to accept that the current ‘expert advice’ has less impact on success than previously believed. </li></ul></ul>
    27. 27. CASE STUDY <ul><li>Address one or more case studies as time allows </li></ul>
    28. 28. Situation problem 1 (8-19) <ul><li>The Department of Foreign Affairs and Trade (DFAT) has embarked on a major IT and associated core systems redesign project to better coordinate and streamline intelligence data from various Commonwealth agencies, most of which are under the Attorney-General’s portfolio (Federal Police, ASIO, ASIS, Office of National Assessments) and foreign embassies, many of which are considered sources of intelligence used by, or of interest to, the above security agencies. </li></ul><ul><li>The project will be undertaken over eight months concurrently with a major review of the overall powers and responsibilities of the various national security agencies sponsored by the Prime Minister and his National Security Advisor. </li></ul><ul><li>The project is due to report on a three-monthly basis to the National Security Committee (NSC) and has a weekly review by a DFAT steering committee, with one ex-officio representative from the Attorney-General’s Department nominally representing all the National Security Agencies. </li></ul>
    29. 29. Situation problem 1 (8-19) <ul><li>You have been asked to write a report detailing the main governance issues and risks to this project’s success and provide strategies or changes to the current project design to address these problems. </li></ul>
    30. 30. Q1 Semester 2, 2009 <ul><li>The Department of Social Security (DSS) has decided to outsource its hardware acquisition and maintenance to a commercial service provider. The DSS is establishing a project to select an appropriate outsource partner and to transition the relevant applications to the successful party. </li></ul><ul><li>DSS has clients who number in the millions and who rely on the benefits they receive as an essential part of their livelihood. DSS systems must be able to deliver the payment of benefits on time and without fail. Failure to do so can result not only in hardship for the clients but in political embarrassment for the government. The transition to new maintenance and development arrangements has the potential to cause disruption to service delivery and to inconvenience the front line staff responsible for client liaison. </li></ul><ul><li>DSS systems link to other government agencies. The most important are the ATO and the Department of Health and Ageing. </li></ul><ul><li>DSS expects to achieve both operational efficiencies and financial benefits from the outsourcing, including a lower cost of delivery of the relevant IT services. </li></ul>
    31. 31. Q1 Semester 2, 2009 <ul><li>Provide the major factors which the DSS will have to take into account in establishing the project. </li></ul><ul><li>Recommend the steps that will need to be taken to ensure: </li></ul><ul><ul><li>successful selection of the outsource partner, </li></ul></ul><ul><ul><li>transition to the new arrangements </li></ul></ul><ul><ul><li>and effective management of the outsource arrangement after the implementation. </li></ul></ul>
    32. 32. Questions & Discussion

    ×