Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Core P3M Data Model and Business Integrated (P3M) Governance – Assurance

13 views

Published on

The Core P3M Data Club was formed to create a data standard for portfolio, programme and project management. This enables us to more effectively deliver business integrated governance for Business as Usual and Change. This means our journey from Main Board objectives, targets and challenges can be delivered through portfolios, programmes and projects in the context of finance, management teams, support and assurance more easily and effectively. This will deliver more strategy outcomes, greater business agility, lower management overhead and efficiency benefits.

This document outlines the assumptions we make around how Assurance Teams collaborate to provide support for portfolios, programmes and projects alongside commitments for business as usual activity. Rather than prescribe what “Assurance” should do, we offer general assumptions and outline an assurance / gateway review process – indicating that assurance needs to be designed in to our governance frameworks and portfolio / programme / project strategy plans – which would therefore imply that any data we need for assurance activity should be available without painful gathering / collection processes.

For a high res version click here - https://1drv.ms/w/s!AscRj7Bfp6vQgokFuM-i05cwcQpGng?e=hlbgBR

Find out more and collaborate here: https://www.linkedin.com/groups/13651399/

Published in: Leadership & Management
  • Be the first to comment

  • Be the first to like this

Core P3M Data Model and Business Integrated (P3M) Governance – Assurance

  1. 1. Page 1 This work is licensed under a Creative CommonsAttribution-ShareAlike 4.0InternationalLicense.
  2. 2. Page 2 P3M Assurance Assumptions– P3M Assurance Assurance provides akeyelementtoIntegratedP3MGovernance. Itmay alreadybe provided to a degree inat leastsome partsof an organisation.Assurance professionals typicallyhelp individualdomainsfunctionandbe accountable more easily. Thisguide offersassumptionsaboutwhatisneededinassurance forBusiness IntegratedP3M Governance tofunctionandfor the overall Core P3MData Model to be reliable.Itisnota definitiveguide on overallbusiness assurance asthisisnotinscope and there are in any case more extensivepublicationsthatcoverthese topicse.g. IPA Assurance Framework, P3O® and Praxis,butitprovidesanexample scenario. In contrastto BusinessSupportwhichisclose toa businessand“helping”,the jobof assurance isto be slightlyremovedand objective.OurassumptionsonAssurance Include:  Assurance providesall the systematicactionsnecessarytoprovide confidence that the target (system,process,organisation,Programme,Project,outcome,benefit, capability,productoutput,deliverable)is appropriate.Appropriatenessmightbe definedsubjectivelyorobjectivelyindifferentcircumstances.  3 Assurance defencesare providedinanorganisation(EntityManagementTeam,SupervisoryTeam,IndependentAssurer viaFirst,Secondand Thirdline of defence - https://www.iia.org.uk/resources/audit-committees/governance-of-risk-three-lines-of-defence/ In our example scenario,assurance provides:  Value addfor“Delivery”Board – independentview  Lookingforwards - providingadvice,guidance andsupportinthe implementationof governance processes  Confidence Itemisbeingmanagedeffectively –on track for outcomes,benefits  Assurance of RiskManagementApproach – implementationaccordingtoriskmanagementstrategy –managementanddeliveryenvironments  BusinessAssurance –continuedviabilityof businesscase  Stakeholderassurance –engagementmechanismsandperformance  Assurance /Gatewayreviews withstrictentryandexitcriteriadefinedandassessed From APMDirecting Change
  3. 3. Page 3  Assurance of Projectsandbenefitsrealisationactivities It may be providedby Internal Audit,External Auditors,aPMOService,Peerreview,orappointedConsultantsandwillbe scaledtoportfolioitemsviaad hoc checks,periodicchecksorat approval stages(e.g.Gates). Assurance Agendas Ad hocassurance tasks include Assurance /Gatewayreviews.Itisassumedforantportfolioitemthesemaybe triggeredoff itsAssurance Plan. These may be assignments (carriedoutbyexternal peopleorfromwithinanexistingAssurance /PMO function) whichmayhave amulti-steplifecycle,anexampleof whichisprovidedhere:  Step1 – confirmtermsof reference forthe assurance assignment  Step2 – understandbusinesscase,organisation,RAIDLog/ Meetingminutes,highlightreport.  Step3 – agree areas to Probe  Step4 – Probe (accessto people,records,documents)  Step5 – capture / categorise findings(Assurance questionnaire on-line?)  Step6 – collate issues,recommendations(action,decision,risk),lessons  Progress– communicate informallywithsponsoronprogress/issues  Step7 – Agree – Assurance ReviewMeeting  Step8 – Communicate  Step9 – followup Step4 – Areasto Probe – thisrequiresaccesstodata. It isassumedthatthe typical needsforan Assurance Reviewcanbe builtintothe Data Model – meaningthe Assurance assignmentcanbe more aboutassurance and lessaboutdata collectionandvalidation.
  4. 4. Page 4 Alignedtothe example,atypical Assurance Reviewmaycontainthe following exampleagendaitems: Item Description Input Output Compliance Review Confirmationthatthere isenough documentation,processcompliance to make the reviewviable Compliance Report RAID Log Data Quality Review Confirmationthatthere isenoughdata qualityandcompliance tomake the reviewviable Compliance Report RAID Log AreasProbed – Summary What were the keyfindingsand recommendationsfromassurance activity Assurance SummaryReport RAID Log Lessons Learned AreasProbed – itemsof praise / concern Delvingintothe detailswhere necessary perportfolioitemtounderstandthe findingandagree nextsteps Assurance SurveyData analysis RAID Log LessonsLearned Risks,Actions, IssuesDecisions Summary Agree findings/recommendationsthat are to be notedinthe portfolioitemRAID and deadlines/followupchecks RAID Log AmendedRAIDLog Communications What communicationneedstobe done to whomon the back of the assurance activity AmendedRAIDLog Meetingdiscussion Assurance Communications Assurance Analysis Ad hocanalysisprovidinginsightsacross the portfolioof areasthat are problematic Assurance analysisdata Ad hocanalysis,KPI
  5. 5. Page 5 RAID Progress Have the risks,issues,actionsand decisionsfromenterprisewide assurance meetingsbeenaddressedasappropriate (Enterprise) RAIDLog Ad hocanalysis,KPI MI Implication Backgroundassurance activityoutlinedabove will needtoaccessall the data each AccountabilityNode uses andbe able toanalyse qualityand reliability.It isassumedthat byhavingaccessto the Core P3M data usedto operate governance, Assurance will be able to carryout ad hoc queries asrequired. It isalso assumedthatif an organisationhasa general assurance strategy, the general needforMIcan be establishedandincludedhere. Furthermore, largerPortfolioitemsshouldhave aspecificassurance strategy,andif there are gapsindata availabilitythesemaybe added tothe Core P3M Data model for the organisation. The example Assurance Reviewabove canbe operationalised,and genericneedare asfollows: Title Purpose Content RAID Progress Have the Risks/Actions/ Assumptions / Issues/Decisions/Dependencies frompreviousassurance meetingsbeen addressedasappropriate RAID itemsrelatedtothe Assurance domain Compliance Report Setof MI to highlightareasof the portfolioitemprocess,documentor data whichare notwithinquality expectations Examples: Plansmissingqualitycomponents(givenmilestones,logic,resource assignments…), plansnot progressedtostatusdate,time recordsmissing,baselinesmissing,required documentsmissingfromlibraries,approval stepsincompletewithworkprogressing, RAID itemoutof date,dependencieslate ornotagreed,deliverablesmissed,late or emergencychanges
  6. 6. Page 6 Assurance Summary What were the keyfindingsand recommendationsfromassurance activity Writtensummaryagainstassurance headings –e.g.BusinessCase viability,strategic fit,compliance,governance themes,lifecyclerequirements,leadershipand relationships Assurance Details Detailscapturedwhichevidence the finding/recommendations Assurance classification,Areasprobed,observations,conclusion/ action/ recommendation NewRAIDitems Agreedfindings/recommendations that are to be notedinthe portfolio itemRAID Committingof assurance recommendationstoRAIDlogand management Communications Report Presentcommunicationmessagesand to whomtheyare addressedonthe back of the assurance activity(key messages/escalations) Contentandaudience managementdataandpresentation. Analysis dashboard Ad hocanalysisprovidinginsights across the portfolioof areasthat are problematic Ad hocinsightsusingthe core data Resources Thissectioncontainslinkstodetailedpresentation/backup material tothe narrative above Linksto assumptionsandderivation isavailable onrequest.

×