project-governance
Project Governance
Establish and operate the oversight structure for consulting engagements, ensuring clear decision-making, accountability, and stakeholder alignment throughout. For building the implementation plan itself (workstreams, phasing, business cases), see implementation-planning. This covers the full project management lifecycle: from initial governance setup through ongoing status reporting, risk management, and project closure.
Governance Structure Selection
Right-size governance to project complexity. A 3-person engagement doesn't need the same governance as a 50-person transformation.
Light Governance (small project, trusted relationship)
- Project sponsor + engagement manager
- Weekly check-ins
- Minimal formal documentation
- Suitable for: focused advisory work, small team, established client relationship
Standard Governance (most projects)
- Steering committee + working team
- Monthly steering committee meetings
- Bi-weekly working sessions
- Written status reports
- Suitable for: typical consulting engagements with clear scope and moderate complexity
Complex Governance (large transformation, multiple workstreams)
- Executive sponsor + program director
- Steering committee + project boards per workstream
- Weekly program review
- Multiple workstream leads with defined interfaces
- Suitable for: enterprise transformations, multi-year programs, high-risk initiatives
Selection factors: project size, number of stakeholders, risk level, organizational culture, regulatory requirements.
Project Charter
The charter is the foundational document. Get sign-off before substantive work begins.
Charter elements:
- Project name, sponsor, project director, engagement manager
- Start date and target end date
- Problem statement: what problem does this solve?
- Expected outcomes: what will this achieve?
- Strategic alignment: how does this support organizational strategy?
- Scope: what's in, what's out, what assumptions are we making, what constraints apply
- Success criteria: specific, measurable targets
- Key milestones with target dates and dependencies
- Budget by category with tracking columns (budget, spent, remaining)
- Sign-off section for sponsor and project director
RACI Matrix
RACI clarifies who does what. The single most important rule: one Accountable person per activity. Multiple "A"s means nobody is accountable.
RACI definitions:
- R (Responsible): Does the work
- A (Accountable): Final decision authority, owns the outcome
- C (Consulted): Provides input before the work is done
- I (Informed): Kept updated after the work is done
Build the RACI by project phase. A typical consulting engagement has phases like:
Discovery: Conduct interviews (R: engagement manager, A: project lead), gather data, synthesize findings, review current state.
Analysis: Apply analytical frameworks, build financial models, develop options.
Recommendations: Develop strategy, build business case, prepare executive presentation.
For each activity, assign exactly one A. The person doing the work (R) and the person accountable for the outcome (A) can be the same person on small teams but should be separated on larger engagements.
Decision Rights
Clarify decision authority before issues arise. Verbal agreements fade.
| Decision Type | Decider | Input Required | Process |
|---|---|---|---|
| Scope changes | Sponsor | EM, client lead | Change request |
| Methodology | Engagement manager | Team | Team decision |
| Deliverable content | Engagement manager | Client lead | Review and approve |
| Timeline adjustments | Engagement manager | Sponsor | Notification |
| Budget reallocation | Sponsor | EM | Approval required |
| Resource changes | Engagement manager | HR/PMO | Coordination |
| Go/no-go on recommendations | Engagement manager | Team | Team consensus |
Escalation Path
| Issue Type | First Escalation | Second Escalation | Timeline |
|---|---|---|---|
| Technical | EM to client lead | Sponsor | 48 hours |
| Schedule | EM to sponsor | Steering committee | 24 hours |
| Budget | EM to sponsor | Finance | 24 hours |
| Strategic | Sponsor to steering committee | Board | Immediate |
Escalate early, not late. Surprises destroy trust faster than bad news delivered promptly.
Meeting Cadence
Steering Committee
- Frequency: Monthly (or as governance tier dictates)
- Duration: 60-90 minutes
- Attendees: Sponsor, client executive, partner, engagement manager
- Purpose: Strategic direction, major decisions, risk review
- Agenda structure: Status overview (5 min), key decisions needed (15 min), deep dive topic (30 min), risks and issues (15 min), next steps (5 min)
Project Team
- Frequency: Weekly
- Duration: 60 minutes
- Attendees: Engagement manager, analysts, client lead
- Purpose: Work coordination, progress tracking, blocker resolution
- Agenda structure: Quick wins and blockers (10 min), workstream updates (30 min), decisions needed (10 min), next week planning (10 min)
Working Sessions
- Frequency: 2-3x per week as needed
- Duration: 60-90 minutes
- Attendees: As needed for specific work
- Purpose: Analysis, draft development, problem-solving
Status Updates
- Frequency: Bi-weekly (written)
- Distribution: Extended stakeholders
- Format: Standardized report (see Status Reporting below)
Stage Gate Framework
Stage gates provide formal checkpoints where the project must demonstrate readiness before proceeding.
Typical Consulting Stage Gates
Gate 1: Plan Approval (end of planning phase)
Required evidence: approved charter, completed RACI, detailed work plan, team assigned, approved budget, initial risk register.
Gate 2: Issue Review (end of analysis phase)
Required evidence: findings documented, options evaluated, draft recommendations clear, client aligned on direction.
Gate 3: Design Approval (end of design phase)
Required evidence: solution documented, business case validated with updated financials, implementation roadmap approved, change plan approved.
Gate 4: Go-Live Review (end of implementation)
Required evidence: deliverables accepted, benefits tracking in place, control plan operational, lessons learned captured.
Gate Decisions
| Decision | Meaning | Action |
|---|---|---|
| GO | Approved to proceed | Move to next stage |
| GO WITH CONDITIONS | Approved with specific modifications | Document conditions and track completion |
| REDO | Insufficient readiness | Address gaps and return to gate |
| STOP | Terminate project | Initiate closure procedures |
Status Reporting
RAG Methodology
RAG (Red-Amber-Green) provides a standardized way to communicate project health.
| Status | Definition | Action Required |
|---|---|---|
| GREEN | On track, no significant issues | Continue normal monitoring |
| AMBER | Some concerns, mitigation in place | Monitor closely, escalate if worsens |
| RED | Critical issues, intervention needed | Immediate escalation, recovery plan |
Status Report Structure
A status report should cover these sections, in this order. Keep it to 2 pages for steering committee consumption.
Executive summary: 2-3 sentences. Overall status, key wins, key concerns. If a steering committee member reads only this section, they should know the state of the project.
Status dashboard: RAG rating and trend (improving, stable, declining) for each dimension: schedule, budget, scope, quality, resources.
Progress this period: Deliverables completed, key achievements, work in progress with completion percentages.
Milestone status: Each milestone with target date, forecast date, status, and variance. Use symbols (achieved, at risk, missed) for quick scanning.
Budget status: Total budget, spent to date, percentage spent vs. percentage complete, forecast at completion, variance. A project that is 50% through its budget but 30% complete has a problem.
Burn rate analysis: Planned vs. actual spend by period. Diverging trends signal trouble before it shows up in the overall numbers.
Risks and issues: Top risks with probability, impact, and mitigation. Open issues with severity, owner, and due date. Resolved issues from this period.
Forward look: Next period priorities, upcoming milestones, decisions required, dependency awareness.
Governance: Steering committee meeting notes, escalations, change log.
Status Reporting Discipline
- Be honest with RAG status. Don't greenwash problems
- Escalate RED issues immediately. Don't wait for the next status report
- Quantify progress wherever possible. "Good progress" is not a status
- Focus on what changed since the last report
- Keep the executive summary to 3 sentences maximum
- Send reports at the same time each period. Consistency builds trust
- Track action items from previous reports explicitly
- Report outcomes achieved, not just tasks completed
Risk Management
Risk Identification
Systematically identify risks using established categories.
| Category | Scope |
|---|---|
| Strategic | Market changes, competitor actions, regulatory shifts |
| Financial | Cost overruns, currency fluctuation, funding uncertainty |
| Operational | Process failures, key person dependency, supply chain |
| Technical | Technology issues, integration problems, cybersecurity |
| Regulatory | Compliance requirements, legal exposure, data privacy |
| Schedule | Delays, dependencies, resource availability |
| Quality | Defects, scope creep, acceptance criteria disputes |
Identification techniques: Team brainstorming, expert judgment, SWOT analysis, historical checklists from similar projects, root cause analysis working backwards from potential failures, horizon scanning for emerging risks.
Risk Assessment
Probability scale (1-5):
- 5 (Very High): >80% likelihood
- 4 (High): 60-80%
- 3 (Medium): 40-60%
- 2 (Low): 20-40%
- 1 (Very Low): <20%
Impact scale (1-5):
- 5 (Very High): >30% schedule delay, >20% cost overrun, major quality failures
- 4 (High): 15-30% delay, 10-20% overrun, significant quality issues
- 3 (Medium): 5-15% delay, 5-10% overrun, moderate quality issues
- 2 (Low): <5% delay, <5% overrun, minor quality issues
- 1 (Very Low): Minimal impact across all dimensions
Risk score: Probability x Impact
| Score Range | Classification | Required Action |
|---|---|---|
| 19-25 | CRITICAL | Immediate action, steering committee visibility |
| 10-18 | HIGH | Priority mitigation, active management |
| 5-9 | MEDIUM | Active monitoring, mitigation plan in place |
| 1-4 | LOW | Accept and monitor |
Risk Response Strategies
| Strategy | When to Use |
|---|---|
| Avoid | Change the plan to eliminate the risk entirely. Use for high-impact, high-probability risks where avoidance is feasible |
| Mitigate | Reduce the probability or impact. Most common strategy. Define specific actions with owners and deadlines |
| Transfer | Shift risk to another party (insurance, outsourcing, contractual terms). Use when another party can manage the risk more effectively |
| Accept | Acknowledge and monitor. Use when cost of mitigation exceeds expected cost of the risk, or when probability is very low |
For each risk above LOW, document: mitigation actions with owners and timelines, contingency plan if the risk materializes, cost of mitigation vs. cost of occurrence.
Risk Monitoring
Review cadence:
- Weekly: project manager checks trigger indicators
- Monthly: full team review, identify new risks, update statuses
- Quarterly: steering committee deep dive on trends and strategic risks
Early warning indicators: For each significant risk, define the signal that would indicate the risk is about to materialize, the monitoring method, and the monitoring frequency.
Risk trends: Track total risks, high/critical risks, closed risks, and new risks over time. A rising count of high risks is itself a risk.
Issue Management
Issues are risks that have materialized, or problems that need resolution.
Issue severity definitions:
- Critical: Project cannot proceed without resolution. Requires immediate action
- High: Significant impact on project outcomes. Requires escalation
- Medium: Moderate impact. Needs attention within normal management cadence
- Low: Minor impact. Address in normal course of work
Track each issue with: ID, description, severity, status (open/in progress/resolved), date created, owner, due date, and resolution.
Hybrid Delivery Framework
Many consulting engagements blend agile and waterfall approaches. This is pragmatic, not fashionable.
When to use which:
- Waterfall for workstreams with clear requirements and sequential dependencies
- Agile for workstreams with evolving requirements or iterative design
- Hybrid when different workstreams have different characteristics
Sprint-phase alignment: Sprints operate within project phases. Each sprint delivers incremental progress. Phase gates still apply at phase boundaries.
Hybrid governance elements:
- Steering committee reviews at phase boundaries (waterfall cadence)
- Status reporting at sprint cadence (weekly)
- Scope management through backlog grooming (agile)
- Quality gates through Definition of Done (per sprint)
Project Closure
From a governance perspective, closure requires: final status report delivered, steering committee sign-off obtained, and decision rights formally handed back to the client organization. For the full closure methodology (deliverable handover, knowledge transfer, lessons learned, financial reconciliation), see the project-closeout skill.
Principles
- Governance enables, it doesn't restrict. If governance isn't adding value, it's adding overhead. Redesign it
- One accountable person per decision. Multiple "A"s in a RACI means nobody is accountable
- Document explicitly. Verbal agreements fade, especially across organizational boundaries
- Escalate early, not late. Surprises destroy trust faster than bad news delivered promptly
- Living documents over shelf-ware. A RACI that isn't updated when roles change creates false confidence
- Right-size to complexity. Light governance for light projects, heavy governance only when the risk warrants it
- Get sign-off on decision rights before the first disagreement, not during it
- Be honest with RAG status. Greenwashing problems delays resolution and erodes credibility
- Close properly. The last impression matters as much as the first