Project Governance

Establish and operate the oversight structure for consulting engagements, ensuring clear decision-making, accountability, and stakeholder alignment throughout. For building the implementation plan itself (workstreams, phasing, business cases), see implementation-planning. This covers the full project management lifecycle: from initial governance setup through ongoing status reporting, risk management, and project closure.

Governance Structure Selection

Right-size governance to project complexity. A 3-person engagement doesn't need the same governance as a 50-person transformation.

Light Governance (small project, trusted relationship)

• Project sponsor + engagement manager
• Weekly check-ins
• Minimal formal documentation
• Suitable for: focused advisory work, small team, established client relationship

Standard Governance (most projects)

• Steering committee + working team
• Monthly steering committee meetings
• Bi-weekly working sessions
• Written status reports
• Suitable for: typical consulting engagements with clear scope and moderate complexity

Complex Governance (large transformation, multiple workstreams)

• Executive sponsor + program director
• Steering committee + project boards per workstream
• Weekly program review
• Multiple workstream leads with defined interfaces
• Suitable for: enterprise transformations, multi-year programs, high-risk initiatives

Selection factors: project size, number of stakeholders, risk level, organizational culture, regulatory requirements.

Project Charter

The charter is the foundational document. Get sign-off before substantive work begins.

Charter elements:

• Project name, sponsor, project director, engagement manager
• Start date and target end date
• Problem statement: what problem does this solve?
• Expected outcomes: what will this achieve?
• Strategic alignment: how does this support organizational strategy?
• Scope: what's in, what's out, what assumptions are we making, what constraints apply
• Success criteria: specific, measurable targets
• Key milestones with target dates and dependencies
• Budget by category with tracking columns (budget, spent, remaining)
• Sign-off section for sponsor and project director

RACI Matrix

RACI clarifies who does what. The single most important rule: one Accountable person per activity. Multiple "A"s means nobody is accountable.

RACI definitions:

• R (Responsible): Does the work
• A (Accountable): Final decision authority, owns the outcome
• C (Consulted): Provides input before the work is done
• I (Informed): Kept updated after the work is done

Build the RACI by project phase. A typical consulting engagement has phases like:

Discovery: Conduct interviews (R: engagement manager, A: project lead), gather data, synthesize findings, review current state.

Analysis: Apply analytical frameworks, build financial models, develop options.

Recommendations: Develop strategy, build business case, prepare executive presentation.

For each activity, assign exactly one A. The person doing the work (R) and the person accountable for the outcome (A) can be the same person on small teams but should be separated on larger engagements.

Decision Rights

Clarify decision authority before issues arise. Verbal agreements fade.

Decision Type	Decider	Input Required	Process
Scope changes	Sponsor	EM, client lead	Change request
Methodology	Engagement manager	Team	Team decision
Deliverable content	Engagement manager	Client lead	Review and approve
Timeline adjustments	Engagement manager	Sponsor	Notification
Budget reallocation	Sponsor	EM	Approval required
Resource changes	Engagement manager	HR/PMO	Coordination
Go/no-go on recommendations	Engagement manager	Team	Team consensus

Escalation Path

Issue Type	First Escalation	Second Escalation	Timeline
Technical	EM to client lead	Sponsor	48 hours
Schedule	EM to sponsor	Steering committee	24 hours
Budget	EM to sponsor	Finance	24 hours
Strategic	Sponsor to steering committee	Board	Immediate

Escalate early, not late. Surprises destroy trust faster than bad news delivered promptly.

Meeting Cadence

Steering Committee

• Frequency: Monthly (or as governance tier dictates)
• Duration: 60-90 minutes
• Attendees: Sponsor, client executive, partner, engagement manager
• Purpose: Strategic direction, major decisions, risk review
• Agenda structure: Status overview (5 min), key decisions needed (15 min), deep dive topic (30 min), risks and issues (15 min), next steps (5 min)

Project Team

• Frequency: Weekly
• Duration: 60 minutes
• Attendees: Engagement manager, analysts, client lead
• Purpose: Work coordination, progress tracking, blocker resolution
• Agenda structure: Quick wins and blockers (10 min), workstream updates (30 min), decisions needed (10 min), next week planning (10 min)

Working Sessions

• Frequency: 2-3x per week as needed
• Duration: 60-90 minutes
• Attendees: As needed for specific work
• Purpose: Analysis, draft development, problem-solving

Status Updates

• Frequency: Bi-weekly (written)
• Distribution: Extended stakeholders
• Format: Standardized report (see Status Reporting below)

Stage Gate Framework

Stage gates provide formal checkpoints where the project must demonstrate readiness before proceeding.

Typical Consulting Stage Gates

Gate 1: Plan Approval (end of planning phase)

Required evidence: approved charter, completed RACI, detailed work plan, team assigned, approved budget, initial risk register.

Gate 2: Issue Review (end of analysis phase)

Required evidence: findings documented, options evaluated, draft recommendations clear, client aligned on direction.

Gate 3: Design Approval (end of design phase)

Required evidence: solution documented, business case validated with updated financials, implementation roadmap approved, change plan approved.

Gate 4: Go-Live Review (end of implementation)

Required evidence: deliverables accepted, benefits tracking in place, control plan operational, lessons learned captured.

Gate Decisions

Decision	Meaning	Action
GO	Approved to proceed	Move to next stage
GO WITH CONDITIONS	Approved with specific modifications	Document conditions and track completion
REDO	Insufficient readiness	Address gaps and return to gate
STOP	Terminate project	Initiate closure procedures

Status Reporting

RAG Methodology

RAG (Red-Amber-Green) provides a standardized way to communicate project health.

Status	Definition	Action Required
GREEN	On track, no significant issues	Continue normal monitoring
AMBER	Some concerns, mitigation in place	Monitor closely, escalate if worsens
RED	Critical issues, intervention needed	Immediate escalation, recovery plan

Status Report Structure

A status report should cover these sections, in this order. Keep it to 2 pages for steering committee consumption.

Executive summary: 2-3 sentences. Overall status, key wins, key concerns. If a steering committee member reads only this section, they should know the state of the project.

Status dashboard: RAG rating and trend (improving, stable, declining) for each dimension: schedule, budget, scope, quality, resources.

Progress this period: Deliverables completed, key achievements, work in progress with completion percentages.

Milestone status: Each milestone with target date, forecast date, status, and variance. Use symbols (achieved, at risk, missed) for quick scanning.

Budget status: Total budget, spent to date, percentage spent vs. percentage complete, forecast at completion, variance. A project that is 50% through its budget but 30% complete has a problem.

Burn rate analysis: Planned vs. actual spend by period. Diverging trends signal trouble before it shows up in the overall numbers.

Risks and issues: Top risks with probability, impact, and mitigation. Open issues with severity, owner, and due date. Resolved issues from this period.

Forward look: Next period priorities, upcoming milestones, decisions required, dependency awareness.

Governance: Steering committee meeting notes, escalations, change log.

Status Reporting Discipline

• Be honest with RAG status. Don't greenwash problems
• Escalate RED issues immediately. Don't wait for the next status report
• Quantify progress wherever possible. "Good progress" is not a status
• Focus on what changed since the last report
• Keep the executive summary to 3 sentences maximum
• Send reports at the same time each period. Consistency builds trust
• Track action items from previous reports explicitly
• Report outcomes achieved, not just tasks completed

Risk Management

Risk Identification

Systematically identify risks using established categories.

Category	Scope
Strategic	Market changes, competitor actions, regulatory shifts
Financial	Cost overruns, currency fluctuation, funding uncertainty
Operational	Process failures, key person dependency, supply chain
Technical	Technology issues, integration problems, cybersecurity
Regulatory	Compliance requirements, legal exposure, data privacy
Schedule	Delays, dependencies, resource availability
Quality	Defects, scope creep, acceptance criteria disputes

Identification techniques: Team brainstorming, expert judgment, SWOT analysis, historical checklists from similar projects, root cause analysis working backwards from potential failures, horizon scanning for emerging risks.

Risk Assessment

Probability scale (1-5):

• 5 (Very High): >80% likelihood
• 4 (High): 60-80%
• 3 (Medium): 40-60%
• 2 (Low): 20-40%
• 1 (Very Low): <20%

Impact scale (1-5):

• 5 (Very High): >30% schedule delay, >20% cost overrun, major quality failures
• 4 (High): 15-30% delay, 10-20% overrun, significant quality issues
• 3 (Medium): 5-15% delay, 5-10% overrun, moderate quality issues
• 2 (Low): <5% delay, <5% overrun, minor quality issues
• 1 (Very Low): Minimal impact across all dimensions

Risk score: Probability x Impact

Score Range	Classification	Required Action
19-25	CRITICAL	Immediate action, steering committee visibility
10-18	HIGH	Priority mitigation, active management
5-9	MEDIUM	Active monitoring, mitigation plan in place
1-4	LOW	Accept and monitor

Risk Response Strategies

Strategy	When to Use
Avoid	Change the plan to eliminate the risk entirely. Use for high-impact, high-probability risks where avoidance is feasible
Mitigate	Reduce the probability or impact. Most common strategy. Define specific actions with owners and deadlines
Transfer	Shift risk to another party (insurance, outsourcing, contractual terms). Use when another party can manage the risk more effectively
Accept	Acknowledge and monitor. Use when cost of mitigation exceeds expected cost of the risk, or when probability is very low

For each risk above LOW, document: mitigation actions with owners and timelines, contingency plan if the risk materializes, cost of mitigation vs. cost of occurrence.

Risk Monitoring

Review cadence:

• Weekly: project manager checks trigger indicators
• Monthly: full team review, identify new risks, update statuses
• Quarterly: steering committee deep dive on trends and strategic risks

Early warning indicators: For each significant risk, define the signal that would indicate the risk is about to materialize, the monitoring method, and the monitoring frequency.

Risk trends: Track total risks, high/critical risks, closed risks, and new risks over time. A rising count of high risks is itself a risk.

Issue Management

Issues are risks that have materialized, or problems that need resolution.

Issue severity definitions:

• Critical: Project cannot proceed without resolution. Requires immediate action
• High: Significant impact on project outcomes. Requires escalation
• Medium: Moderate impact. Needs attention within normal management cadence
• Low: Minor impact. Address in normal course of work

Track each issue with: ID, description, severity, status (open/in progress/resolved), date created, owner, due date, and resolution.

Hybrid Delivery Framework

Many consulting engagements blend agile and waterfall approaches. This is pragmatic, not fashionable.

When to use which:

• Waterfall for workstreams with clear requirements and sequential dependencies
• Agile for workstreams with evolving requirements or iterative design
• Hybrid when different workstreams have different characteristics

Sprint-phase alignment: Sprints operate within project phases. Each sprint delivers incremental progress. Phase gates still apply at phase boundaries.

Hybrid governance elements:

• Steering committee reviews at phase boundaries (waterfall cadence)
• Status reporting at sprint cadence (weekly)
• Scope management through backlog grooming (agile)
• Quality gates through Definition of Done (per sprint)

Project Closure

From a governance perspective, closure requires: final status report delivered, steering committee sign-off obtained, and decision rights formally handed back to the client organization. For the full closure methodology (deliverable handover, knowledge transfer, lessons learned, financial reconciliation), see the project-closeout skill.

Principles

• Governance enables, it doesn't restrict. If governance isn't adding value, it's adding overhead. Redesign it
• One accountable person per decision. Multiple "A"s in a RACI means nobody is accountable
• Document explicitly. Verbal agreements fade, especially across organizational boundaries
• Escalate early, not late. Surprises destroy trust faster than bad news delivered promptly
• Living documents over shelf-ware. A RACI that isn't updated when roles change creates false confidence
• Right-size to complexity. Light governance for light projects, heavy governance only when the risk warrants it
• Get sign-off on decision rights before the first disagreement, not during it
• Be honest with RAG status. Greenwashing problems delays resolution and erodes credibility
• Close properly. The last impression matters as much as the first