Log in / Register
Home arrow Business & Finance arrow Project Risk Governance

Appendix 3: A Project Risk Governance Maturity Model

Table A3.1 Levels and dimensions of a project risk governance maturity model

Projects in Organisations

Ad Hoc





Project- versus Product- Based Organisation

Organisation is product-based with few projects

Increasing project activity

Project activities become formalised

Projects are managed professionally

Organisation is project-based

Project-Based Organisation (PBO) Characteristics

No or little awareness of a PBO

Some recognition of PBO advantages

PBO advantages and disadvantages are evaluated

PBO complexities recognised and managed

Comprehensive understanding of operating as a PBO

Project-Based Organisation Structure

PBO does not exist

Some features of a PBO are observed

PBO operates as a pyramid structure

Transition to an intergrated structure

An integrated organisational PBO structure

Business and Project Interaction

Ad Hoc





Business Strategy Formulation

Business strategy is formulated superficially

Business strategy formulation is taken seriously

Formal processes exist for business strategy formulation

Business strategies are fully implemented

Effectiveness of business strategies is measured

Business and Project Strategy Alignment

Business strategy gives little consideration to projects

Business strategy begins to recognise importance of projects

Both business and project strategies are formulated

Business and project strategies are aligned hierarchically

Business and project strategies are integrated

Alignment with Project Risk Management

Project risk management not part of business strategy

Impact of project risks on business strategy is recognised

Project risk management included in project strategy

Project risk management part of business/project strategy alignment

Project risks recognised as adding strategic business value

Strategies for Value- Protecting

Emphasis is on identifying and managing negative project risks

Strategies emerge on how best to manage negative project risks

Value-protecting strategies developed for preventable and external project risks

Implementation of value- protecting strategies monitored

Support for value- protection permeates the organisation

Strategies for Value- Creating

Positive project risks are not or only superficially recognised

Obvious opportunities from positive project risks are recognised

Obvious value-creating strategies are developed and implemented

Full range of value-creating strategies are developed and implemented

Proactive exploitation of positive project risk is a strategic priority

Corporate and Project Governance

Ad Hoc





Corporate Governance (CG)

CG practised in isolation

CG principles adapted to the organisation's characteristics

CG principles fully developed and published

CG principles recognise responsibility for risk management

CG principles manage risk as a strategic dimension of business success

Conformance and Performance

CG emphasises conformance aspects

Some recognition given to CG performance aspects

Both conformance and performance aspects of CG are defined

Conformance and performance aspects of CG are related to risk management

CG performance regularly reviewed and improved

Project Governance (PG)

No or little recognition of PG

Some recognition of the role of PG

PG is distinguished from project management

A behaviour-oriented view of PG

An outcome-oriented view of PG

Introduction to Project Risk Governance (PRG)

No or little recognition of PRG

Importance of PRG within PG starting to be recognised

Principles of PG and PRG are developed and articulated

PG and PRG are managed as separate responsibilities

CG, PG and PRG activities overlap

Project Risk Governance - Processes

Ad Hoc





Scope of Project Risk Governance (PRG)

No or little recognition of PRG

Some recognition of the strategic role of project risk

PRG processes and structures are defined

PRG processes and structures are implemented

An integrated model of PRG operates

Portfolio, Programme, Project Management (PPPM)

Project portfolio is managed

Overall risk in project portfolio is assessed

PRG extends to project programmes

Role of PRG differs for PPPM

PRG processes are integrated across PPPM

Investment Management

Obvious project costs and benefits are recognised in project investments

Impact of project risks considered in project investments

Structure of project business cases defined

Business cases formally assessed by steering committees

Business cases include intangible benefits and non-financial evaluations

Value Realisation

No or little monitoring of project value realisation

Monitoring of realisation of major project costs, benefits and risks

Project value realisation methodology defined and implemented

Performance in project value realisation monitored

Benefits are realised as defined in the project business cases



PRG, if exists, is superficially monitored for performance

Some measures of PRG performance developed and monitored

Full set of PRG performance metrics defined

Full set of PRG performance metrics implemented and monitored

PRG performance metrics integrated with corporate performance metrics

Project Risk Governance - Structures and Relationships

Ad Hoc





Organisational Leadership

No or little awareness of project risks among executives

Some recognition of the strategic importance of project risk

Executive management develops principles of PRG

Executive management take responsibility for PRG

Leadership capacity supports and shapes PRG

Board of Directors

Hands-off attitude by board to risk matters

Board focuses on Enterprise Risk Management (ERM)

Board demands attention given to PRG

PRG delegated to executive management

Board accepts overall responsibility for PRG

Project Sponsors

Project sponsors focus solely on their relationship with project managers

Project sponsors link project investments to the project portfolio

Project sponsors prepare business cases for steering committees

Project sponsors responsible for success of project investments

Project sponsors focus on project investments in strategic areas

Project Managers

Project managers control the activities of projects

Project managers focus attention on project risk management

Project managers interact with project sponsors on strategic project risks

Project managers align project risk management with strategic goals

Project managers 'facilitate' project risk management

Steering Committees

Steering committees provide some control over project activities

Steering committees provide high-level control over project risk activities

Steering committees co-ordinate links between PRG structures

Steering committees fulfil 'broker' and 'steward' governance roles

Steering committees oversee performance of PRG

Project Management Office (PMO)

PMO focus only on project activities

PMO evolves organically to consider organisational issues

The role of PMO becomes that of a change agent

PMO is involved in implementing PRG

PMO is regarded as the centre of excellence for project management

Linking Structures and Processes

PRG structures and processes, if they exist, operate independently

It is accepted that PRG structures and processes require integration

Options to integrate PRG structures and processes are evaluated

PRG structures and processes are managed through the project life cycle

PRG structures and processes are linked through the PMO

Project Risk Governance in Context

Ad Hoc





Professional Associations (PAs)

Some project team members belong to PAs

Project team members are encouraged to join PAs

Expectations for memberships and certifications are defined

Memberships and certifications are rewarded

Certifications reflect competence in project risk management

Risk Management Standards

No for few formal standards exist for ERM

Risk management standards provide a guide for ERM

ERM contributes to defining scope of PRG

ERM and PRG are managed separately

ERM and PRG are seamlessly integrated

Project Success

Success factors are linked to project management performance

Success factors are linked to project and project management performance

Project risk management success factors are defined

Project risk management success is measured and monitored

PRG success is measured for its contribution to business value

Human Resources Management (HRM)

No or few separate HRM practices for projects

Some HRM practices developed for projects

Project HRM focus on team dynamics and knowledge sharing

Project HRM practices consider the impermanence of projects

HRM practices for PRG are developed and implemented

Change Management

Some recognition of organisational change management models

Application of change management models at the organisational level

Impact of project changes on project risk is determined

PRG considers impact of project changes on project risk

PRG implemented through successful change management

Paradigmatic Influences

Only aspects of the hard paradigm are followed

Awareness of some aspects of the soft paradigm

Desirable aspects of the soft paradigm identified

Most project-based activities managed within the soft paradigm

Most aspects of the soft paradigm adapted to PRG

The Concept of Project Risk

Ad Hoc





What is Project Risk? - The Basics

Uncertainty of project outcomes is understood

Wide variety of project risk sources are identified

Project risks are defined on the uncertainty spectrum

Information is collected about project risk uncertainty

Scope of project risk management covers full spectrum of uncertainty

Project Risk-A Deeper Perspective

Risk is not a phenomenon

Risk is socially constructed

Distinction between positive and negative project risks

The risk/reward equation is actively managed

Project risks are linked to business returns

Perceptions of Project Risk

Risk is not value-free

Different risk perceptions are recognised

Risk perceptions are defined and evaluated

Suitable project risk perceptions are adopted

Project risk efficiency strategies are implemented

Project Risk and Uncertainty

Concept of risk probability is known

Concepts of uncertainty and risk are differentiated

Characteristics of project risk events are defined

Limitations of probability- based approach are known

Own perceptions of project uncertainty and risk are developed

Project Risk Appetite and Tolerance

Project risk appetite and tolerance are inadequately defined

Importance of project risk appetite and tolerance is understood

Project risk appetite and tolerance are defined

Projects adhere to project risk appetite and tolerance limits

Project risk appetite and tolerance fit corporate governance style

Essentials of Project Risk Management

Ad Hoc





Understanding Projects

Key features of projects are recognised

Concept of project life cycle is understood

Project risks and rewards during life cycle are identified

Financial exposure during project life cycle is monitored

Projects deliver a net financial benefit to the organisation

Importance of Project Risk Management (PRM)

Immaturity of PRM as a knowledge area is not recognised

Importance of PRM as a PM knowledge area is understood

Strategies for PRM are evaluated and defined

Strategies for PRM are implemented

Attention is given to key issues research in PRM

Project Risk Management Plan (RMP)

No or little planning for the project RMP

Inputs to the project RMP are identified and collected

Contents of Project RMP are agreed and developed

Project RMP is followed and regularly updated

Project RMP is comprehensive and includes reporting requirements

Project Risk Modelling and Ranking

Distinction made between qualitative and quantitative approaches

Qualitative analysis used to evaluate project risk events

Quantitative analysis used to evaluate project risk events

Combination of qualitative and quantitative approaches used

Complexity of project risk ranking is taken into account in risk responses

Found a mistake? Please highlight the word and press Shift + Enter  
Business & Finance
Computer Science
Language & Literature
Political science