Project Complexity and Risk Assessment Tool

The Project Complexity and Risk Assessment Tool (PCRA) is intended to support the Treasury Board Policy on the Management of Projects and the Standard for Project Complexity and Risk.

The Treasury Board Policy on the Management of Projects requires deputy heads to ensure that each planned or proposed project which is subject to the Policy is accurately assessed to determine its level of risk and complexity for the purposes of project approval and expenditure authority.

This questionnaire is a derivative of Interis Consulting Inc.'s taxonomy-based questionnaire for project risk assessments. Interis' questionnaire draws extensively on the Continuous Risk Management Guidebook (1999) of the Software Engineering Institute (SEI). In consultation with project managers in the Government of Canada Interis has modified and extended the series of questions to reflect public sector and broader strategic considerations.

Risk and Complexity Definitions

The SEI, the authoring agency of the Continuous Risk Management Guidebook, uses the following definition for the term "risk":

The possibility of suffering loss.

Source: Webster's

The Government of Canada (GC) cites the SEI as the basis for the concepts, methods, and guidelines embodied in the Integrated Risk Management Framework (IRMF). Within that Framework, the following definition of risk provides a standard for the GC:

Risk refers to the uncertainty that surrounds future events and outcomes. It is the expression of the likelihood and impact of an event with the potential to influence the achievement of an organization's objectives.

Source: Government of Canada: Integrated Risk Management Framework (2001)

Risk has three key characteristics. The first is that it looks ahead into the future. The second is that there is an element of uncertainty: a condition or a situation exists that might cause a problem for the project in the future. The third characteristic is related to the outcome. Although it is acknowledged that risk, if managed properly, can lead to opportunity, the definition of risk adopted for the purposes of this policy instrument focuses on adverse outcomes. This definition is consistent with the SEI's Continuous Risk Management software engineering practice supported by An Enhanced Framework for the Management of Information Technology Projects and conforms to the risk management concepts of the Treasury Board of Canada Secretariat's Integrated Risk Management Framework.

Project complexity: Complexity is, fittingly, a much more difficult concept to define. Once again, the SEI provides a solid definition from Webster's:

(Apparent) the degree to which a system or component has a design or implementation that is difficult to understand and verify Footnote 1 ;
(Inherent) the degree of complication of a system or system component, determined by such factors as the number and intricacy of interfaces, the number and intricacy of conditional branches, the degree of nesting, and the types of data structures Footnote 2 .

The assessment is divided into seven sections or categories of questions. They are described in Table 1.

This category is designed to build a profile of a given project with respect to key attributes, including funding, budget, size and number of resources, duration, scope, technology scope, stakeholders, dependencies, and external considerations.

This category assesses a project's alignment with the organization's investment plan:

Is the project well-positioned to achieve the goals and objectives of the plan?
Is the project a potential risk to the plan?

This category assesses the extent to which procurement activities present potential risks to the project.

This category assesses whether the project team has the right skill sets in place, with the appropriate roles and responsibilities.

This category assesses the extent to which the project affects the organization operationally and from a legislative perspective.

This category assesses whether the project demonstrates implementation of key project management control measures and deliverables. This assessment includes addressing the state of the project management plan, project management and control disciplines, and information management processes.

This category assesses, by considering the number, type, and degree of certainty of the requirements, the extent to which the specific requirements of the project add risk and complexity.

Table 2 - Value of the sections

Section	Number of Questions	Maximum Score
Project Characteristics	18	90
Strategic Management Risks	6	30
Procurement Risks	9	45
Human Resource Risks	5	25
Business Risks	5	25
Project Management Integration Risks	6	30
Project Requirements Risks	15	75
Total	64	320

The questions are all of equal value in the overall score. Please note though that if questions 1, 3, and 11, which deal with money, scope, and time in the project characteristics section, are all answered as '5', a triple constraint condition will apply resulting in '5' response scoring for all questions in this section (i.e. the maximum score of 90 for the section). In addition, if the project has no procurement (addressed in question 2) the minimum score is automatically assigned for each question in the procurement section.

The criteria in the PCRA consider a very broad range of potential project risks which stem from virtually every possible root cause relevant for just about any project. However, not every project risk will apply to every project in every instance. When the PCRA was validated in 2009, it was determined that approximately 70% of the project risks reflected in the assessment criteria would apply to any single project. Therefore, when calculating the final PCRA score, the total numeric value is normalized to accurately reflect the more realistic range of relevant risks for a single project.

Project has low risk and complexity. The project outcome affects only a specific service or at most a specific program, and risk mitigations for general project risks are in place. The project does not consume a significant percentage of departmental or agency resources.

A project rated at this level affects multiple services within a program and may involve more significant procurement activities. It may involve some information management or information technology (IM/IT) or engineering activities. The project risk profile may indicate that some risks could have serious impacts, requiring carefully planned responses. The scope of a tactical project is operational in nature and delivers new capabilities within limits.

As indicated by the name, projects within this level of complexity and risk introduce change, new capabilities and may have a fairly extensive scope. Disciplined skills are required to successfully manage evolutionary projects. Scope frequently spans programs and may affect one or two other departments or agencies. There may be substantial change to business process, internal staff, external clients, and technology infrastructure. IM/IT components may represent a significant proportion of total project activity.

At this level, projects require extensive capabilities and may have a dramatic impact on the organization and potentially other organizations. Horizontal (i.e. multi-departmental, multi-agency, or multi-jurisdictional) projects are transformational in nature. Risks associated with these projects often have serious consequences, such as restructuring the organization, change in senior management, and/or loss of public reputation.

2. Instructions

The PCRA contains 64 questions. The questions are all given an equal percentage in the overall score. This tool is accompanied by the PCRA User Guide and an Excel spreadsheet that will tabulate the final score and rating automatically.

There are a few rules for completing the PCRA:

Every question must be answered. If you are sure a question does not apply to your project, answer with the lowest score ("1") for that question;
If the answer to a question is unknown, answer with the highest score ("5") for that question; and
If you answer "1" to Question 2 in the "Project characteristics" section (3.1), questions in the "Procurement risks" section (3.3) should be answered with a "1" only.

If you require more specific information regarding the purpose of the section or the significance of a particular rating, please refer to the User Guide. For the definitions of terms, please refer to the Glossary included at the end of the User Guide. Some of the terminology used in the assessment tool may not be a best fit for your organization. Please consult your departmental coordinator on how the terms are to be applied in your organization.

The tool is also available on-line. For further information on how to setup a user account and complete the assessment online, please contact your departmental coordinator or agency lead.

3. Project Complexity and Risk Assessment

3.1 Project Characteristics (18 Questions)

1. What is the total project cost estimate?

The inherent complexity and risk of the project may increase with the size of the project.
Complexity normally increases when more money is being managed and the impact of realized risks increases.
The total project cost estimate is to be either an indicative cost estimate or a substantive cost estimate.

1 = $1-5 million
2 = $5-10 million
3 = $10-25 million
4 = $25-100 million
5 = over $100 million

2. What percentage of the total project cost estimate is for procurement?

The inherent complexity and risk of the project may increase with more procurement.
When more of the project is being procured rather than supplied internally, the initiative is considered more complex.

1 = No procurement is required—answer "1" to all questions in the "Procurement risks" section (3.3).
2 = under 25 per cent
3 = 26-50 per cent
4 = 51-75 per cent
5 = over 75 per cent

3. Relative to the average project in your organization, which of the following adjectives describes the total project cost estimate?

The inherent complexity and risk of the project may increase if the size of the total project cost estimate relative to the average cost of the organization's projects is large.
This comparison can be done by referring to the investment plan and reviewing the overall portfolio of projects. Based on this portfolio of planned projects, the organization may group its projects according to the categories of small, medium and large. Each project can then be referred to within their respective project size category.

1 = Small
3 = Medium
5 = Large

4. How many people (part-time or full-time on the project, including Government of Canada employees and individual contractors) are required to complete this project at its peak activity?

The inherent complexity and risk of the project may increase as the size of the project increases from a human resources perspective.
When planning a project, a department may wish to verify that the personnel required are available in sufficient number and with the needed skills. When projecting the number of people required at the peak activity for the project, one should ideally consider the availability of these resources internally and what can be acquired from outside the department, normally contracted personnel.
Human resources engaged directly by a vendor for any components of the project (e.g. produce a good or service) are not included in this figure. This is captured by question 2.

1 = under 10
2 = 10-25
3 = 26-100
4 = 101-250
5 = over 250

5. From project defintion to project close-out, what is the expected duration of the project?

The inherent complexity and risk of the project may increase with the length of the project.
For example, the longer the project timeframe, the more management resources are required and the greater the likelihood that external factors affecting the project requirements, project objectives, and the project baseline will change.

1 = under 12 months
2 = 12-24 months
3 = 24-36 months
4 = 36-48 months
5 = over 48 months

6. How many sponsoring or funding departments or agencies are involved?

The inherent level of complexity and risk may increase as the number of sponsoring or funding departments or agencies increase.
Include only the departments or agencies that will co-sponsor or jointly fund the project, which should involve mutually agreed upon collaboration between Government of Canada organizations, provincial governments or private sector organizations that would include their active participation, direction, and/or funding. The names of collaborating organizations are to be included in the question textbox.
Common service providers such as Public Works and Government Services Canada (PWGSC), Shared Services Canada, or central agencies should not be included.

1 = The project involves only one department or agency.
2 = The project involves another department or agency.
3 = The project involves two other departments or agencies.
4 = The project involves three other departments or agencies.
5 = The project involves at least four other departments or agencies.

7. How will the outcome of this project change or directly affect business processes, sectors, branches and other departments and agencies?

The inherent complexity and risk of the project may increase the greater the project reach.

1 = The outcome of this project will affect one business process within a sector
2 = The outcome of this project will affect multiple business processes within a sector.
3 = The outcome of this project will affect multiple sectors.
4 = The outcome of this project will affect multiple branches.
5 = The outcome of this project will affect multiple departments or agencies.

8. The proposed or established project governance structure demonstrates adequate support for how many of the following project factors?

appropriate representation of stakeholders and executive management;
documented decision-making processes;
documented roles, responsibilities, and authorities within the governance structure; and
documented information requirements.

The inherent complexity and risk of the project may increase if the governance structure for the project is not appropriate, clearly established and documented.
An appropriate representation of stakeholders and executive management is based on the judgement of the organization.

1 = Support for all factors is demonstrated.
2 = Support for three of the factors is demonstrated.
3 = Support for two of the factors is demonstrated.
4 = Support for one of the factors is demonstrated.
5 = Support is not demonstrated for any of the factors.

9. In supporting the achievement of the expected outcomes, how many of the following criteria apply to the total project cost estimate (either indicative cost estimate or substantive cost estimate)?

Cost estimates are generated at the work-package level.
Cost estimates are based on historical data or industry benchmarks.

The inherent complexity and risk of the project may increase if project cost estimates are not well defined.

1 = Both criteria are met.
3 = One of the two criteria is met.
5 = None of the criteria are met.

10. In supporting the achievement of the expected outcomes, how many of the following criteria apply to the costing model?

The source of funds has been identified within departmental reference levels.
The funds have been internally committed.

The inherent complexity and risk of the project may increase if there is no identified source of funds and if the funds have not yet been committed.

1 = Both criteria are met.
3 = One of the two criteria is met.
5 = None of the criteria are met.

11. Is the project susceptible to time delays? Time delays can have a number of causes, such as the following:

Changes in technology;
Requirements of participating organizations;
Seasonal considerations;
The need for policy approvals; and
External influences.

The inherent complexity and risk of the project may increase if it is susceptible to factors that can increase the potential for time delays.

1 = No, the project is not susceptible.
3 = Yes, the project is moderately susceptible; time delays will have minor effects on the schedule.
5 = Yes, the project is highly susceptible; time delays will have major effects on the schedule.

12. Do geographical considerations influence the manner in which the project is conducted? Consider the following statements:

Project activities or team members are distributed across a wide geographical area.
The project will be conducted in a remote or difficult location.

The inherent complexity and risk of the project may increase if the project is geographically distributed or is conducted in a challenging location.
A remote or difficult location may be one that requires extensive travel time, has limited or restricted access, does not have readily available services or may be distant from other locations that may be important to the project.

1 = Neither statement applies.
3 = One statement is true.
5 = Both statements are true.

13. Do environmental considerations influence the manner in which the project is conducted?

The inherent complexity and risk of the project may increase if there are environmental considerations.
Environmental considerations may take account of contaminated sites or carbon off-sets, and environmental tools may include environmental impact assessments.

1 = No
5 = Yes

14. Are there any socio-economic considerations that must be taken into account?

The inherent complexity and risk of the project may increase if there are socio-economic issues to be considered and/or managed as part of the project.
Considerations may include industrial regional benefits, Aboriginal people's (First Nations, Inuit, Métis) rights and interests, green procurement, relocation of staff, loss of employment, managing designated heritage assets, etc.

1 = No
5 = Yes

15. Consider how the availability of facilities will influence the manner in which the project is conducted:

The inherent complexity and risk of the project may increase if facilities for the project team are inadequate.
Facilities refers to the availability of a space for the project team, such as office complexes, laboratories, convention centres, etc.

1 = Appropriate facilities are available to conduct the project.
3 = Facilities available to the project are inadequate.
5 = Facilities are unavailable for the project.

16. Does public perception influence the manner in which the project is conducted?

The inherent complexity and risk of the project may increase if the project is influenced by public opinion.

1 = No
5 = Yes

17. Do considerations relating to Aboriginal people (including land claims and Aboriginal consultation obligations) influence the manner in which the project is conducted?

The inherent complexity and risk of the project may increase as the rights and interests of Aboriginal people are considered throughout the delivery of the project.

1 = No
5 = Yes

18. Do health and safety requirements add significant complexity to the requirements for this project?

The inherent complexity and risk of the project may increase if there are health and safety factors to be considered and managed.

1 = No
5 = Yes

3.2 Strategic Management Risks (6 Questions)

19. How well and how clearly does the project align with the organization's mandate and strategic outcomes?

The inherent complexity and risk of the project may increase if the project is not closely aligned with the mandate and strategic objectives of the organization.

1 = The project is directly aligned and it explicity contributes to the strategic outcomes of the organization or program.
3 = There is good alignment with the strategic outcome and there is an indirect contribution to the strategic outcomes of the organization or program.
5 = There is a weak alignment with the strategic outcomes, or the strategic outcomes have not been established.

20. What level of priority is the project to the organization?

The inherent complexity and risk of the project may increase if the project is of lesser priority to the organization.
Lower priority projects may be more likely to face resource allocation issues than those that are considered to be critical priorities.

1 = The project is a critical priority: all resources necessary will be allocated to it.
5 = The project is a normal priority: resources may be shared with a project of equal or higher priority.

21. How thoroughly does the project business case demonstrate the value of the project to the organization?

The inherent complexity and risk of the project may increase if there is not a strong business case that links investments with program results and, ultimately, with the strategic outcomes of the organization.
A business case (when it is required) is defined by the operational requirements of the organization. The requirement for a business case is determined by an organization.
TBS has developed a business case guide and template.

1 = The business case is compelling, and value is extensively documented, OR a business case is not required.
3 = The business case provides a good demonstration of value; some details require further clarification.
5 = The business case does not demonstrate value or is not complete.

22. To what degree is the organization's management and relevant stakeholders aware of the project?

The inherent complexity and risk of the project may increase if the project has not been clearly communicated to management and if there has been a lack of management engagement.

1 = There is consistent, clear, and comprehensive understanding of the project at all relevant levels.
3 = There is good general awareness of the project, its implications, and its budget.
5 = There is minimal awareness of the project in relevant levels of the organization.

23. Does the project have a communications plan?

The inherent complexity and risk of the project may increase if the project does not have a plan to communicate with internal and external stakeholders.
The requirement for a communications plan is determined by the organization. Guidelines of when a communications plan is required should be defined and documented by the organization.
The plan for communications can be a standalone document or part of another project document.

1 = Yes, there is a project communications plan.
3 = The project communications plan has not yet been completed.
5 = No, a project communications plan does not exist.

24. How extensive is the commitment of the organization's senior executive management, stakeholders, partners, and project sponsors to the timely and successful completion of this project? Consider the following criteria:

A senior project sponsor or management champion is engaged.
Stakeholders and partners are willing to reallocate resources if necessary.
Senior executive management oversight is in place.
Commitment from all stakeholders is confirmed.

The inherent complexity and risk of the project may increase if the project does not have adequate commitment.
Criteria a, b, and c are indicators of commitment. Criteria d can be documented with the noted participation of stakeholders in key project meetings.

1 = All four criteria are met.
2 = Three of the four criteria are met.
3 = Two of the four criteria are met.
4 = One of the four criteria is met.
5 = None of the four criteria are met.

3.3 Procurement Risks (9 Questions)

25. The documented project procurement strategy:

The inherent complexity and risk of the project may increase if an appropriate procurement strategy is not in place.

1 = addresses all project requirements.
3 = is high-level and adequately describes required procurement activities.
5 = is incomplete or inappropriate for the project.

26. What is the supplier availability and willingness?

The inherent complexity and risk of the project may increase if there is only a small pool of qualified suppliers in the market.

1 = There are qualified suppliers in the market willing to work with the Government of Canada.
3 = There is a limited number of qualified suppliers in the market or some suppliers are reluctant to work with the Government of Canada.
5 = There is only one supplier or there are no qualified suppliers that can meet the requirements.

27. Will the appropriate products, goods, or services be supplied in a timely manner (according to specified contract delivery dates or required delivery dates) within the expected cost envelope by a qualified supplier?

The inherent complexity and risk of the project may increase if the supplier's ability to deliver the planned products, goods, or services is constrained.
Products, goods or services that do not meet requested specifications are to be considered 'inappropriate' and hence rated as a '5'.
Products, goods or services that cannot be adequately delivered as the supplier is, to some significant degree, unable or unqualified to provide the products, goods or services are also to be rated as a '5'.

1 = There is no potential for products, goods, or services not being readily supplied.
3 = There is a slight potential for slippage of project schedule due to procurement complexity or vendor challenges.
5 = There is a potential that the project deliverables, schedule, or budget may be seriously affected by limited qualified bidders, significant request-for-proposal process delays, or extended challenges.

28. How many of the following statements are true?

The personnel involved in the project's procurement component have expertise in writing specifications or contracts.
The personnel involved in the project's procurement component have subject-matter expertise in the goods or services being procured.
There is a robust review process for contract award.

The inherent complexity and risk of the project may increase if the project does not have strong contracting capabilities and/or controls.
Consider all personnel undertaking activities within the scope of the project work.

1 = All statements are true.
2 = Two statements are true.
4 = One statement is true.
5 = None of the statements are true.

29. How many separate contracts associated with key deliverables are planned for this project?

The inherent complexity and risk of the project may increase if there are several contracts as part of the project.
Contracts exclude MOUs and partnership agreements between co-sponsors that jointly fund the project.

1 = One contract.
2 = Two contracts.
3 = Three contracts.
4 = Four contracts.
5 = Five or more contracts.

30. How many of the following statements are true?

The firm or individual obtaining the contract will subcontract to other companies
Contracts are subject to trade agreements
The results of the contract are dependent on the results of another contract.

The inherent complexity and risk of the project may increase if the contract characteristics are complicated.
Only count the statement as true if it is true for all contracts related to the project as per Question 29.

1 = None of the statements are true.
3 = One statement is true.
4 = Two statements are true.
5 = All of the statements are true.

31. Based on the contract, consider the degree of control over supplier selection and anticipated contract style.

The inherent complexity and risk of the project may increase if there is limited control over the selection of a qualified supplier.
This question refers to control over the selection of a qualified bidder. Whereas the actual complexities introduced with the method of procurement itself are considered in Question 26.
If more than one method of supply is involved, select the method with the highest score.

1 = directed (sole-source, Advance Contract Award Notice - ACAN).
2 = a standing offer call-up.
4 = a supply arrangement procurement.
5 = a public tender (request for quotation, invitation to tender, request for proposal).

32. How many of the following statements pertaining to contract management are true?

The personnel who wrote the contract are involved in the management of the contract.
There is a standardized acceptance process for the review of the completion of contracts (e.g. peer reviewing or field trials).
The lines of communication between the contract authority and the contractor are well-defined and regularized.
There is a standardized process for reporting progress (e.g. punctual evaluation or regular meetings).
There is a mechanism in place to address any contractual disagreements between parties regarding the completion of a contract.

The inherent complexity and risk of the project may increase if effective mechanisms for managing the contracts associated with the project are not in place.

1 = All statements are true.
2 = Four statements are true.
3 = Three statements are true.
4 = Two statements are true.
5 = One or none of the statements are true.

33. Has PWGSC or a delegated contracting authority been formally engaged through a service agreement to provide adequate support for the procurement process?

The inherent complexity and risk of the project may increase if the delegated contracting authority has not been formally engaged and service expectations defined.

1 = Yes, or not required.
3 = This is planned but not yet in place.
5 = No.

3.4 Human Resources Risks (5 Questions)

34. Does the organization anticipate a shortage of available personnel with appropriate skills during a significant period of the project?

The inherent complexity and risk of the project may increase if there is a shortage of appropriate skills.
Consider the organization's staffing plan to address any skill gaps. If no plan exists then the response should be 'yes'.

1 = No
5 = Yes

35. What is the predicted stability of the project team? Consider the following criteria:

The project team has previously worked together.
A low rate of turnover is expected.
It is expected that a suitable replacement will be readily available.

The inherent complexity and risk of the project may increase if the project team is unstable.
Consider common service providers (PWGSC, SSC) as project team members. Discussions with the specific organization may be necessary before answering this question.

1 = All three criteria are met.
2 = Two of the three criteria are met.
4 = One of the three criteria is met.
5 = None of the three criteria are met.

36. What percentage of the project team is assigned full-time to the project?

The inherent complexity and risk of the project may increase if the commitment of project team members is low.
Consider common service providers (PWGSC, SSC) as project team members.

1 = over 80 per cent
2 = 61-80 per cent
3 = 41-60 per cent
4 = 20-40 per cent
5 = under 20 per cent or all part-time

37. Consider the following criteria regarding knowledge and experience:

The project will use a proven approach.
This type of project has been done before in the Government of Canada.
The project will use resources that have been applied to this type of project before.

The inherent complexity and risk of the project may increase if the project is untried, unique, and/or leading edge.
If a third party is delivering the project, then the question is to be answered from their perspective. For example, consider whether the third party will be using a proven approach.

1 = All three criteria are met.
2 = Two of the three criteria are met.
4 = One of the three criteria is met.
5 = None of the three criteria are met.

38. Has the assigned project manager worked on a project of this size and complexity before?

The inherent complexity and risk of the project may increase if the project manager does not have the knowledge and experience to deliver the project.

1 = Yes
5 = No

3.5 Business Risks (5 Questions)

39. Describe the overall effect of this project on the organization:

The inherent complexity and risk of the project may increase if the project necessitates change to the current organizational structures.

1 = Project will fit with the organization's current processes, use existing workforce and skills, and not require substantial changes to technology and other infrastructure.
3 = Some changes to processes, staffing models, or technology will be required.
5 = Significant restructuring of business processes, staffing requirements, partner relationships, and infrastructure will be required.

40. Does the project have a change management plan?

The inherent complexity and risk of the project may increase if there is no change management plan.
Change management is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state. In other words, change management is about helping the people affected by an initiative move to a new situation.
The requirement for a change management plan is determined by the organization. Guidelines on when a change management plan is required should be defined in writing by the organization.

1 = Change management will be required and a change management plan has been prepared. Alternatively, there are no significant change management requirements.
3 = Change management will be required and preparation of a change management plan is incorporated or included in the project management plan.
5 = Change management will be required but there are no plans to establish a change management plan.

41. What is the level of public involvement required to achieve expected outcomes?

The inherent complexity and risk of the project may increase if there is a high degree of public involvement and support required.
The level of involvement is expressed in the number of people, length of time, or number of groups involved.

1 = No public participation is required for project success.
2 = Limited public participation is required for project success.
4 = Moderate public participation is required for project success.
5 = Extensive public participation is required for project success.

42. What level of legal risk will be introduced by this project through the addition of new liabilities, regulatory requirements, and legislative changes?

The inherent complexity and risk of the project may increase if there are legislative or regulatory changes needed to complete the project or implemented the project.
To answer this question find the answer that best represents the situation for the initiative. Not all the conditions in each answer need apply.

1 = No legal review is required; no legislative changes are required; legal costs and effort are assessed as low.
2 = One or more risk events will likely occur resulting in legal costs and effort; a legal review has been completed.
3 = One or more risk events will likely occur resulting in legal costs and effort; a legal review has not been completed.
4 = There is a high probability of liability and other legal risks; extensive legal resources will be required during the project; legislative change is required to implement the project; a legal review has been completed.
5 = There is a high probability of liability and other legal risks; extensive legal resources will be required during the project; legislative change is required to implement the project; a legal review has not been completed.

43. Are there expected challenges to ensure that this project complies with relevant Treasury Board policy requirements, such as those regarding security, accessibility, common look and feel standards for the Internet, and management of government information?

The inherent complexity and risk of the project may increase if there are challenges in meeting policy requirements and/or exemptions are required.
Organizations are to document which policies apply to their project. For instance, if personal information is part of the project then a Privacy Impact Assessment is required and should be noted in the PCRA response.

1 = The project fully complies with all applicable policies. Alternatively, the project is not subject to any of these policies.
3 = There are some challenges associated with policy requirements, but the project team is adequately equipped to address these.
5 = There are some challenges associated with policy requirements and there is a lack of confidence that policy requirements can be met on schedule and within the budget.

3.6 Project Management Integration Risks (6 Questions)

44. How many of the following elements are defined in the project management plan?

scope
costs
schedule
project controls
risks
deliverables
team or skills

The inherent complexity and risk of the project may increase if the project has not been well-defined.

1 = All elements are defined.
2 = Five or six elements are defined.
3 = Three or four elements are defined.
4 = One or two elements are defined.
5 = No plan has been completed.

45. To indicate the extent of the project team's being appropriately organized to undertake a project of this scope, how many of these criteria are met?

Project team composition, resource levels, and roles and responsibilities are defined and documented.
Resources are dedicated (i.e. available when required).
Responsibilities and required authorities for managers and leads within the project team are defined and documented.

The inherent complexity and risk of the project may increase if the project team is not well organized.
The extent to which a project team is organized and structured is to be commensurate with the scope of the project.

1 = All three criteria are met.
2 = Two of the three criteria are met.
4 = One of the three criteria is met.
5 = None of the three criteria are met.

46. Has a project reporting and control process appropriate for the project been documented?

The inherent complexity and risk of the project may increase if the project reporting and control processes have not been documented.

1 = Yes
3 = The development of a project reporting and control process is a planned activity, but not yet completed.
5 = No

47. How many of the following disciplines will, or does the project employ?

quality assurance
risk management
outcome management
issue management

The inherent complexity and risk of the project may increase if best practices are not followed.

1 = All four disciplines.
2 = Three of the disciplines.
3 = Two of the disciplines.
4 = One of the disciplines.
5 = None of the disciplines.

48. Has a risk management plan been completed, and to what degree have appropriate contingency plans been included which respond to the risks as identified in the plan?

Consider the following criteria:

Identified risks have been assessed and prioritized.
Appropriate controls and mitigations are in place for all significant residual risks.
A risk management plan has been integrated into the project management plan.

The inherent complexity and risk of the project may increase if project risks are not managed.
An organizational risk management group should be involved.

1 = All three criteria are met, OR a risk management plan is not required.
2 = Two of the three criteria are met.
4 = One of the three criteria is met.
5 = None of the three criteria are met.

49. Is an appropriate information management (IM) process planned or in place to collect, distribute, and protect relevant and important project information, such as designs, project plans, baseline, and registers?

The inherent complexity and risk of the project may increase if project information is not appropriately managed.

1 = Comprehensive information management practices are in place or planned to support the project throughout its life cycle.
3 = Standard IM practices are planned or in place and resourced.
5 = Minimal IM practices are in place or planned within the project.

3.7 Project Requirements Risks (15 Questions)

50. How many of the following statements are true?

The project solution requires a high degree (greater than normal) of availability.
The project solution requires customization beyond normal configuration.
The project solution requires a high degree of performance quality.
The project solution requires a high degree of reliability.

The inherent complexity and risk of the project may increase if the project solution (the major output that the project will deliver) has intricate requirements. The higher the number of specific requirements, the more risk and complexity is inherent.
Availability refers to the amount of time an asset must be available for use. For instance, a computer system with high availability might be on 99.9% of the time. A building may be in use 24/7. High availability drives different and more complex requirements than low availability. Down time or maintenance time is generally very limited.
A high degree of performance quality means that a solution must produce very accurate, repeatable and complete results or outputs. This may mean that the solution requires very detailed requirements. Moreover, there may be little room for change in the solution during the delivery of the project due to the quality requirements.
Reliability refers to how robust an asset is or refers to its resistance to failure. Assets in high use need to be more reliable and; therefore, drive requirements that are more complex.

1 = None of the statements are true.
2 = One of the statements is true.
3 = Two of the statements are true.
4 = Three of the statements are true.
5 = All of the statements are true.

51. In defining project requirements, how many of the following statements are true?

The requirements can be defined with very few people.
The requirements can be defined in a short period of time.
There are a small number of individual requirements to define.
The requirements do not require a high degree of detail.

The inherent complexity and risk of the project may increase if project requirements are difficult to fully document.
More requirements, details, people and/or stakeholders is generally indicative of higher complexity.

1 = Four of the statements are true.
2 = Three of the statements are true.
3 = Two of the statements are true.
4 = One of the statements is true.
5 = None of the statements are true.

52. To what extent have available sources/methods been employed and verified to provide information for this project as applicable (e.g. research, consultations, workshops, surveys, and existing documentation)?

The inherent complexity and risk of the project may increase if information for planning, integration, and development has not been sought and verified.
Identify and document the steps followed to gather high quality information to support the development of the requirements.
Ideally, an organization is to use organizational practices other than the business case to develop requirements.

1 = All sources/methods have been employed and verified.
2 = All sources/methods have been employed but have not been verified.
3 = Some sources/methods have been employed.
4 = Few sources/methods have been employed.
5 = No information has been gathered or is available.

53. Have the business requirements been validated with users with an appropriate technique, such as walk-throughs, workshops, and independent verification and validation?

The inherent complexity and risk of the project may increase if requirements have not been appropriately validated.
Consider whether the end-users have been involved in the development of the requirements.
End-users are individuals who will be directly required to interact, use or support the project's output (e.g. new business process, information management system, equipment). This practice is undertaken to avoid situations in which those most directly impacted by a project are not consulted or engaged when developing requirements.

1 = Yes
3 = Validation is a planned activity but has not yet been completed.
5 = No

54. Have feasibility studies been conducted, and is there confidence in the assumptions made in the feasibility studies?

The inherent complexity and risk of the project may increase if reliable feasibility studies have not been completed.
Feasibility can also include options analysis activities or recommendations. Prototypes or proof of concept exercises are included as feasibility activities.

1 = Feasibility studies are not required, because none of the requirements are technically difficult to implement.
2 = Feasibility studies were conducted and there is confidence in the assumptions made.
4 = Feasibility studies were conducted, but there is not complete confidence in the assumptions made.
5 = Feasibility studies were necessary but not conducted.

55. What percentage of tasks cannot be fully defined until the completion of previous tasks? These are tasks that may be understood but cannot be documented in detail due to dependency on results from a previous task.

The inherent complexity and risk of the project may increase if there are indefinable requirements (known unknowns).

1 = under 10 per cent
2 = 20 per cent
3 = 30 per cent
4 = 40 per cent
5 = over 40 per cent

56. To what extent are the project's requirements clear, completed, and communicated?

The inherent complexity and risk of the project may increase if there are uncertain requirements or are accepted requirements that are not included in the specifications.
If at the outset all requirements can be defined, then the entire project is to be used as the basis for the response. However, if it is not possible to define all requirements at the time of assessment then the current or upcoming phase of the project is to be used as the basis of the response.

1 = All requirements are clear, complete, and communicated.
3 = Up to 10 per cent of total requirements are not complete or are undocumented.
5 = More than 10 per cent of total requirements are not complete or are unclear.

57. How many of the following project characteristics are expected to remain stable?

quality
functionality
schedule
integration
design
testing

The inherent complexity and risk of the project may increase if there are unstable project requirements. Project characteristics should be expected to remain stable if the project requirements are stable.
Consider how well the current information represents the project requirements. If some of the project characteristics are expected to change due to incomplete or uncertain information then the project requirements are to be considered unstable.

1 = All of the project characteristics are expected to remain stable.
2 = Five of the six project characteristics are expected to remain stable.
3 = Four of the six project characteristics are expected to remain stable.
4 = Three of the six project characteristics are expected to remain stable.
5 = Two or less of the project characteristics are expected to remain stable.

58. Are any other projects dependent on outputs or outcomes of this project?

The inherent complexity and risk of the project may increase if other projects are dependent on this project.

1 = No
5 = Yes

59. Are outcomes of this project dependent on the outputs and/or outcomes of any other projects?

60. What degree of integration with externalities, such as other projects, systems, infrastructure, or organizations, is required?

The inherent complexity and risk of the project may increase if there is a high degree of integration with external elements.
Consider and identify the answer that best represents the situation for the initiative. Not all the conditions in each answer need apply.

1 = There are few complex integration requirements; activities to specify integration are included in the project management plan.
3 = There is adequate understanding and planning for integration.
5 = There are highly complex or numerous integration requirements and insufficient planning of required activities.

61. What degree of integration is required within the project?

The inherent complexity and risk of the project may increase if there is a high degree of integration with internal elements.

1 = There are few complex integration requirements; activities to specify integration are included in the project management plan.
3 = There is adequate understanding and planning for integration.
5 = There are highly complex or numerous integration requirements and insufficient planning of required activities.

62. Relative to the average (typical) project in your organization, which of the following adjectives describes the number of tasks, elements, or deliverables in the work breakdown structure?

The inherent complexity and risk of the project may increase if the project scope relative to the organization's average project scope is large.
This question qualifies the materiality (refer to question 1) of the project considering the number of project tasks relative to the organizational average. This comparison can be done by referring to the investment plan and reviewing the overall portfolio of projects.
Based on the portfolio review, the organization should be in a position to define the average number of tasks is for the portfolio of projects. Each project can then be compared to the average range to answer and support the question.

1 = Small
3 = Medium
5 = Large

63. Does the project schedule accommodate the critical path of the project, including appropriate contingencies?

The inherent complexity and risk of the project may increase if the project schedule does not include contingencies for dependent tasks (critical path).

1 = Yes
5 = No, OR no critical path analysis has been performed.

64. What is the effect on the project of the requirement for scarce resources or resources that are in very high demand?

The inherent complexity and risk of the project may increase if the resources needed for the project are scarce or in high demand.
Resources can be internal or external to the government and can be physical such as materials or human (i.e. people with rare skills). If a resource is scarce internally but available externally, then the resource is not considered scarce.

1 = No scarce resources are required OR not applicable.
2 = The project will incur minor delays or minor cost overruns due to scarcity of resources.
3 = The project will incur moderate delays or moderate cost overruns due to scarcity of resources.
4 = The project will incur significant delays or significant cost overruns due to scarcity of resources and must return to Treasury Board for revised approval.
5 = The success of the project is critically dependent on scarce resources.

Footnotes

Footnote 1

Institute of Electrical and Electronics Engineers. IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries. New York, NY: 1990.

Evans, Michael W. and Marciniak, John. Software Quality Assurance and Management. New York, NY: John Wiley & Sons, Inc., 1987.