Projects are departures from an organization’s everyday business and represent significant risk for the organization. Corporate governance is a process, enshrined in law and accounting guidelines in many countries, designed to protect the owners of an organization from significant risks to the achievement of its business objectives. Because projects are often significant risk areas, project governance is an important and integral part of corporate governance for those organizations undertaking projects.
That the organization’s portfolio of projects is aligned with its business objectives.
That projects are sponsored such that a senior manager is responsible for ensuring that each project meets a business need, remains viable and that the benefits are realized.
That projects are managed effectively and efficiently.
That there is effective disclosure and reporting.
This book is dedicated to achieving the second bullet point. Chapter 5 will help Project Sponsors understand an organization’s corporate strategy and select projects that contribute to its business objectives. Chapter 6 explains the business case for projects and the factors influencing project viability. Chapter 10, on commissioning and project close out, explains the process for ensuring that benefits are realized and despite the title, how this process starts almost from the very beginning. Chapters 11 to 19 cover the effective and efficient management of projects from the Project Sponsor’s viewpoint and Chapter 13 specifically discusses reporting.
Therefore, if Project Sponsors follow the guidance contained in this book, good corporate governance will naturally follow. However, the organization needs assurance that this project governance is in place across its project portfolio. This assurance needs to be auditable and available to auditors of corporate governance. In most companies and public sector bodies such assurance takes the form of a gateway review process.
A gateway review process is designed to check that the project is compliant with the project governance requirements listed above. These reviews are called gateways because they are scheduled at key stages of the project immediately before major risk decisions are taken, e.g. before contracts are let. The project can only get through the gateway if it is seen that the work done up to that point is compliant with project governance requirements and that all necessary plans are in place to ensure that the subsequent stages will also be compliant. Gateway reviews are either undertaken by a subcommittee of the board of directors or an independent reviewer appointed by and reporting to the board.
Gateway review processes differ slightly from organization to organization but generally have many elements in common. The OGC (Office of Government Commerce) Gateway review process is summarized here because this is a UK government-supported process and most other review processes are very similar.
Check that the organization’s main board of directors have considered and decided upon the frequency and extent of reporting that it wishes to receive on projects, and the project approval powers that it wishes to retain or which it may wish to delegate to a subcommittee.
Check that the organization’s main board provide rules governing project approvals specifying criteria for approval and stages at which projects shall be approved for moving onto the next stage (whether such approvals are retained by the main board or delegated to a subcommittee).
Keep the gateway review process within easy reach and ensure that all project activity is in compliance with delivering successful gateway reviews. In short, it is a checklist for project sponsorship. Where more detail is required consult the index of this book and re-read the relevant section.
Ensure that gateway reviews are scheduled at the appropriate stages.
Ensure that the project manager and project team are aware of the gateway review schedule and requirements and that these are built into their plans.
A summary of the gateway review process
Advice on management structures for a project
Discussion of project portfolio risk
Explanation of the context of corporate governance. I believe that it is important to understand the background to corporate governance and why this is a hot topic in order to appreciate the importance of project governance. However, this is placed at the end of the chapter so that the reader who already understands the context can skip on.
Gateway Review Process
The OGC is an office of HM Treasury and they set out some excellent guidelines for project governance, in particular the importance of a gateway review process.1  There are six gateway reviews in the OGC process. At each stage, with the possible exception of the last one, the main questions are:
Is the project still strategically important to the organization and a good fit with its strategy?
Does the project make good business sense?
What are the risks and are there satisfactory controls in place to manage those risks?
What is the strategy for the next stage of the project?
Should the project proceed to the next stage?
The stages identified for gate reviews in the OGC process and are as follows:
Gateway 0 – Strategic Assessment
At the earliest possible stage an assessment is made of whether the proposed project appears worthy of further assessment, probably using resources internal to the organization, before investment is made in initial feasibility studies.
Gateway 1 – Business Justification
Having passed Gateway 0 you will have spent some time and probably internal resources defining the project further and assessing what it will cost, how long it will take and what benefits it will bring.
You must try and estimate all the differences that the project will make to the organization and to its cash flow including capital expenditure on infrastructure, buildings and equipment (CAPEX), operating expenditure on salaries, leases, maintenance, materials etc. (OPEX) and revenue (how the money flowing into the organization changes).
This information, as you will see in Chapter 6, will enable you to put a project appraisal together. You will identify risks and you will also need to develop a clear plan for how you will develop the project to the point at which a decision can be made on whether or not the major expenditure on the project can be authorized.
For a project involving a significant element of design followed by implementation, passing gateway 1 will normally allow the design element to commence, often involving the appointment of external consultants.
Gateway 2 – Delivery Strategy
At gateway 0 you convinced the approval committee that the project looked as if it would be worth doing an initial assessment and seeing if it had a positive business case.
At gateway 1 you demonstrated (based upon preliminary investigation) that it does have a positive business case.
Now you need to show that everything you have demonstrated at gateways 0 and 1 is still valid (markets change and you have developed a much better understanding of the project between gateways 1 and 2), so you need to resubmit the business case for approval at a much more detailed level.
If you pass gateway 2 you will normally be authorized to commence the procurement for the implementation stage of the project. Therefore, you will need to be clear about what the procurement and delivery strategies are and the reasons for adopting those strategies.
Gateway 3 – Investment Decision
Gateway 2 authorized the commencement of the procurement process. You will therefore have selected potential suppliers to tender for the work through a pre-qualification process; put together tender documentation; sought tenders; received tenders back; reviewed tenders and selected the preferred suppliers.
Prior to placing orders with these suppliers it is necessary to check that any differences in cost, programme and the performance of the project between the estimates that informed the business case at gateway 2 and the tendered commitments arising from the tenders are either favourable to the business case or that any detrimental impact on the business case is not sufficiently detrimental to undermine the justification for the project.
It should be noted that the clue to the importance of gateway 3 is in the title – ‘Investment Decision’. This really is the point at which the organization commits itself to major expenditure. It is quite often the case that a project will go through a gateway 3 several times if there are several major investment decision points. For example purchases of land, equipment and construction may be separated considerably in time and therefore justify three separate investment decision gateway reviews.
Gateway 4 – Readiness for Service
Once gateway 3 has been passed, then the delivery of the project moves into full swing. Any changes to the project scope will have major ramifications on cost and programme. The project manager has a job to do in managing and minimizing any change, coordinating any interfaces between different suppliers and generally keeping all suppliers delivering according to their commitments.
The Project Sponsor needs to cast his mind back to the early gateways 0 and 1. The project has by now assumed a life of its own and the Project Sponsor needs to check that as the project works its way towards being ready to deliver the hoped for benefits to the organization, the organization is equally ready to take advantage of those benefits.
For example, if one of the benefits of the project is to facilitate savings in manpower through increased automation, are plans in place and being implemented to reduce workforce through natural wastage, reassignment of employees or redundancy?
Are all training programmes in place to equip the workforce to deal with the operational and maintenance aspects of the new project deliverables?
Are there any supplier, customer or other stakeholder interests that need addressing?
Gateway 5 – Operational Review and Benefits Realization
The operational life of the facility delivered by the project may span many years or decades. The purpose of gateway 5 is to assess at various points how successful the project has been in delivering its expected benefits and feed back into the board of directors or the project approval subcommittee lessons that can be learned for the authorization of new projects.
It is worth noting that different types of benefits may become apparent (or not) at different points of the operational life cycle. For example, in a new factory energy and manpower savings will become apparent long before improvements in the product’s long-term reliability. Similarly for a new teaching facility, any benefits in operational and maintenance costs will be felt long before an impact on academic achievement will become apparent.
It is important that gateway reviews are documented together with all available evidence given in support of the gateway review and that this documentation be retained for future audit purposes.
The OGC Gateway Review process has been designed with government projects in mind. However, the process is relevant regardless of whether the project is public or private sector. Indeed many private sector companies operate similar processes. Consideration should be given to the size of the project and, in particular, the risks to which the project exposes the organization when planning a structured review process. If the project and risks are small then such a formal review process is probably inappropriate. Even if the project and risk are assessed to be small it is still worthwhile having a ‘sounding board’ such as a colleague who can review what is being planned and offer advice on potential problems and solutions. Long before the OGC Gateway Review process was designed I worked in organizations where projects were selected for peer review where, essentially, colleagues would review each others projects. It has also been helpful in my experience to have an executive review group in which there is a small and experienced senior group who are not involved in the day-to-day sponsorship and management of the project who meet with the Project Sponsor and project manager on a regular basis to review project progress and strategy.
If a gateway review identifies deficiencies in the project then the reviewing authority can require that the deficiency be remedied before authorization of the next stage or cancel the project altogether. Where a gateway review raises serious concerns, these should be reported to the board of directors and the board of directors will need to decide whether other stakeholders need to be informed. It is very important that sound control systems be maintained throughout the project, whether a gateway review process is in place or not. There must be a system of reporting that ensures that any emerging problems with the project are reported to senior management promptly and accurately. Reporting in this context encompasses a meeting hierarchy structure and the format of written project reports.
We will now look in more detail at disclosure and reporting for project governance, because this is the key area arising from corporate governance requirements and applicable to project governance which is not covered elsewhere in this book.
I have a dilemma here. I feel almost duty bound in a chapter concerning project governance to prescribe a structure of meetings and advise on meeting frequencies, agendas and attendance requirements. Yet I am also too painfully aware that we live in a world where we have meetings about meetings, where good managers complain that they cannot ‘do’ any management because they spend their whole working lives in meetings. There are those who advocate meetings without chairs, keeping everyone standing so as to focus minds on getting the important issues across in the shortest period of time.
The project governance task of meetings is to aid the identification of risks to the organization arising from the project, advise senior management of those risks, formulate mitigation strategies for the risks and implement those strategies with the approval of senior management.
Therefore, the sponsor will need to have regular meetings with the project team. Such meetings are often called project progress meetings. Typically they will be held monthly but that will depend on the duration and speed of the project. The sponsor will meet with the project manager and his or her key team members. Although they are called progress meetings these meetings should focus on past performance only in so far as to detect trends in performance on cost, time and quality. The important thing is to focus on what must happen over the coming period, what the risks are and plan to mitigate those risks.
The Project Sponsor and project manager will usually attend Project Steering Group meetings. The steering group may be composed of senior level management entirely from within the organization or it may also include key project stakeholders, particularly if the stakeholders are part funders of the project or important supporters of the project (politically perhaps) who have a role in shaping the direction that the project should take. The Project Sponsor will update the steering group on how the project is progressing against the plan using reports described in Chapter 13. The steering group will also be updated on the project risks, the risk management plan and their endorsement of that plan should be sought. The frequency of steering group meetings will again depend on the duration and scale of the project, but once a quarter is probably about right in most circumstances.
Project Portfolio Risk
Organizations often have multiple projects active at any one time. Government agencies and infrastructure companies such as Network Rail may have several hundred or even thousands of projects to manage simultaneously. The collection of these projects represents the organization’s project portfolio.
If we follow the advice in this book then each individual project will be well defined, address a need (or needs) of the organization, have a good business case and be well-sponsored and managed. If there are multiple projects it is because the organization has multiple needs in various areas of its operation.
At portfolio level, the organization needs to check regularly that it has the right balance of projects, that a new project is not rendering another project obsolete or competing with it for resources, that all projects can be financed and that the level of risk across the portfolio is manageable by the organization.
Portfolio theory tells us that if we wish to make an investment in stocks and shares then it is better to invest in a number of stocks and shares than to invest the same amount in the shares of one company. This is because as individual shares go up and down in value some will be going up as others go down and across the whole portfolio these effects will be smoothed out. There is less risk in a portfolio than in a single investment – in other words, don’t put all your eggs in one basket! Wise Project Sponsors and project managers will always have a contingency fund, allowed for in the business case and available to cover unforeseen problems. However, we hope that not all projects will run into problems (particularly if they have Project Sponsors who have read this book) and that therefore we will not need the entire contingency that has been set aside. Tying funds up unnecessarily is a very bad thing for an organization, after all it is usually paying the bank a good rate of interest for its working capital and capital must do just that: work, not be put aside for a rainy day. Therefore it is entirely appropriate for an organization to allow individual projects a contingency but not to actually tie up as a contingency at organization level the sum of all projects’ contingencies. Just as an individual project’s contingency should be estimated based on a risk assessment, the contingency applicable to a portfolio of projects should be assessed as a result of a portfolio risk assessment. The important thing to be careful of here is to see if there are risks which will affect all projects in the same direction at the same time. Examples of this sort of risk include:
Change of law
Change of standards
Change of technology
Key supplier failure.
These are the sort of risks that can smash most of your eggs regardless of how many baskets you’ve put them in.
Context of Project Governance
Corporate governance has been a hot topic since the early 1990s. It became an even hotter topic because a number of high-profile corporate failures coincided with the establishment of the Cadbury Committee, which had been set up to review and report on corporate governance.
When our Committee was formed just over eighteen months ago, neither our title nor our work programme seemed framed to catch the headlines ... It is, however, the continuing concern about standards of financial reporting and accountability, heightened by BCCI, Maxwell and the controversy over directors’ pay, which has kept corporate governance in the public eye.
The Cadbury report, or perhaps the coincidence of its birth alongside some very high-profile corporate failures, put corporate governance firmly on the management map. One of these failures was the Maxwell scandal3  in which Robert Maxwell’s Mirror Group Newspapers folded with debts of over ￡2 billion and a pension fund decimated by Maxwell’s criminal attempts to keep the group solvent and shore up the share price. Another was the collapse of BCCI4  (Bank of Credit and Commerce International) in which the bank’s directors had manipulated international gaps in banking regulations and complex corporate structures to their own advantage. BCCI was raided in July 1991 by banking regulators from seven countries and losses estimated at up to $17 billion were uncovered. Even now, that’s quite a lot of money!
The fundamental problem which corporate governance seeks to address is the principal–agent problem in which the principals, those investing money (e.g. shareholders) necessarily rely on agents, e.g. company directors, to look after their investment for them. Sometimes agents can be quite reluctant to tell the principals if they’re making a terrible mess of things early enough for the principals to do something about it, or, at worst, that they’re making actually quite a good job of defrauding the principals out of their money.
Guard against unfettered powers of decision making by one individual through separating the roles of chief executive and chairman and also by encouraging effective non-executive directors into the process.
Provide greater transparency through encouraging the inclusion of balance sheet information and cash flow statements in interim reports.
These recommendations have been augmented, strengthened and clarified over the years by numerous committees, reports and guidance documents e.g. Greenbury, Turnbull, Higgs, Smith etc.
The collapse5  of Barings Bank, the United Kingdom’s oldest merchant bank, in 1995 demonstrated that you did not actually have to be at the head of an organization (like Robert Maxwell or the BCCI directors) to bring about its collapse. Nick Leeson was a trader with Barings, who was able to make phenomenal profits for the bank in a rising market but even greater losses in a contracting one. The bank’s directors, eventually alerted by Leeson’s calls for more and more funding for his desperate attempts to reverse his fortunes, discovered that Leeson had gambled away more than ￡800 million and the bank collapsed.
This lesson was clearly underlined more recently in January 2008 when another rogue trader, Jerome Kerviel, performed a similar feat for the French banking giant Société Générale, managing to lose around ￡3.5 billion of its money in depressingly similar circumstances.
In 2002 the one hundred and seventh congress of the United States of America introduced the Sarbanes–Oxley Act.6  Sarbanes-Oxley (or SOX for short) was a reaction to further scandals such as Enron and WorldCom. By 2001 Enron was one of the world’s leading energy and communications companies employing 22,000 people and boasting profits of $111 billion. For six years in a row Fortune magazine had named Enron ‘America’s most innovative company’. It was certainly innovative in its accounting practices: the profits it posted were inflated and indeed fraudulent. With each passing year the accounting deceptions of the previous year grew larger to cover the gap between the ever-increasing profits that markets and shareholders want and the spiralling losses that were in fact occurring.
Arthur Andersen, which was one of the ‘Big Five’ accountancy practices and responsible for auditing Enron’s accounts, virtually disappeared following lawsuits brought against it as a result. It had employed around 85,000 people worldwide. The concern which Cadbury had sought to address over the true independence of auditors who received consulting work worth far, far more than the audit fees was clearly still an issue.
Investors do not like bad news.
Managers do not like giving bad news and will go to extraordinary lengths to convince even themselves that actually things are not as bad as they seem and that they will get better.
There really is a need for truly independent ‘health checks’ of business ventures.
This is the background to corporate governance, but what does it have to do with project governance? Well, the Financial Reporting Council makes clear in their Internal Control: Revised Guidance for Directors on the Combined Code (The Turnbull Guidance)7  that:
A company’s system of internal control has a key role in the management of risks that are significant to the fulfilment of its business objectives. A sound system of internal control contributes to safeguarding the shareholders’ investment and the company’s assets.
We already know that projects are departures from the norm for most organizations and that they can be both vital for the organization’s survival and growth whilst at the same time represent huge risks for it. If we need further proof of that consider the case of the ill-fated, privatized UK rail infrastructure company of the 1990s, Railtrack and the West Coast Route Modernization project. The initial budget for the project was a staggering ￡2.4 billion. Now it should be borne in mind that Railtrack was floated on the London Stock Exchange in 1996 for ￡2.5 billion, so this was a ‘bet the company’ scale of project. However, costs escalated dramatically and by the time they reached ￡7 billion the government considered it time that Railtrack be refused further funding and placed into administration. Railtrack had bet the company on a project and lost. There were of course other accidents, errors of judgement and mistakes en route but one single project that got out of control essentially brought about the downfall of Railtrack, a seemingly low-risk utility company in which many thousands of employees and ordinary citizens were shareholders.
If we draw comparison again between the requirements of good corporate governance and good project governance we will recognize that gateway or stage reviews provide a good audit function for projects and that they, together with steering group meetings, also provide a route of transparency up through the senior management team who are then required by corporate governance to disclose risks to shareholders.
The one final word of caution that I would like to add is that one must beware of ‘groupthink’. Although it is important to ensure that decision making is not solely invested in one person, it is a fact that groups of people will often take greater risks than individuals. If you are not the sole person responsible then you will not take all the blame if it goes wrong, and you may therefore be willing to take more risk. Also when individuals are members of a group they tend to avoid promoting viewpoints that differ from the consensus of the group. If you are the only person in the group opposing the project that can be a very lonely place to be. In these circumstances silence is seen as agreement. Therefore, I would always encourage Project Sponsors to consider if they would still recommend a particular course of action if it was their money that was funding it, and also to ensure that safeguards are in place to counter groupthink.
We discussed in Chapter 1 the Project Sponsor’s key role in ‘owning’ the business case and that the business case will change throughout the lifetime of the project as estimates of cost, programme and benefits become further refined as the project is developed. We also said that it is vital that the Project Sponsor be prepared to recommend stopping the project if the project’s business case turns negative. This chapter has concerned the processes that govern the Project Sponsor in the fulfilment of these duties and provide the assurance to the organization that this is being done. The next chapter will cover the Project Sponsor’s duty in preserving health, safety and the environment, which is even more important than preventing corporate failure.