This article is the second in a series of three. The other two articles cover the PRINCE2 Principles and the PRINCE2 Processes. They are available to download as ebooks and are designed as study guides to prepare you for the PRINCE2 Foundation exam. Read on to learn all about the PRINCE2 Themes and increase your chances of success in the Foundation exam.
Download PDFThemes in PRINCE2 are those areas of project management which must be addressed continuously throughout the project. Themes are based upon the principles and they are applied throughout the project by using the processes.
The purpose of this theme is to put in place mechanisms which assists the senior decision makers to decide whether the project is (and remains) a worthwhile investment. It is the theme which primarily implements the ‘continued business justification’ principle.
The customer, which invests in a project will have a business case, but so will the supplier. Each one is written to justify its own involvement in the project. (Note: PRINCE2 assumes a customer-supplier environment, whereby the customer specifies what products are required from the project, pays for it and expects to realize some benefits in return. The supplier (person, team or organization) will deliver those products to the level of quality specified by the customer – see the Organization theme below).
A business case is also a document (it’s one of the 26 PRINCE2 management products) and is ‘owned’ by the executive. At all times therefore, the executive needs to ensure there is an acceptable business case, otherwise they should instruct the project manager to close the project. Not wasting any more time and money on a project is much better than continuing with a project which is not worthwhile.
The executive is responsible for providing the first (outline) version of the business case although this can also sometimes be given by corporate/programme management as part of the project brief. This version then gets updated with more detail in the initiation stage of the project.
Every project will deliver one or more ‘specialist’ products (known as outputs), which will then be used at the end of the project by people in the customer organization. By using them, this will change (positively) the way in which they do their everyday (business as usual) work. This change is known as an outcome. The measurable improvements which will then result to the customer organization are what are known as benefits.
For example, a company investing in a new business information computer system sets up a project. The output of the project would be the new I.T. system. The outcome might be that the staff are able to do their work more efficiently. The benefit might be that the company saves money on staff salaries.
The senior user role is responsible for both specifying the benefits of the project, and for realizing them i.e. make sure that they are actually achieved after the project closes. This means that the people who perform the senior user role need to come from those areas of the customer organization which are most often impacted by the changes (outcomes).
How the benefits will be measured, when and by who is documented in a benefits management approach (one of the 26 management products). This gets updated as and when the benefits are realized, which for most projects is after the project has closed. This is because at the end of the project, the specialist products are handed over to the users and the operational or support teams. They then use the products as part of business-as-usual and by doing so, realize the expected benefits (or so we would hope!).
For most commercial organizations, often the business justification for projects is a financial one i.e. will there be a return on investment (in terms of money). But PRINCE2 says that the business justification can be made in other ways too. Consider a proposal to equip a residential apartment block with a water sprinkler system in case of fire. Such a project would have clear benefits (in terms of saving people’s lives in a fire) but it probably cannot expect a return in investment in purely financial terms. The decision to invest in such a project would therefore need to consider the wider benefits to society of keeping its citizens safe.
Your project must create and maintain a business justification (in the form of a business case), and you should review and update it throughout your project. You must define management actions to ensure the expected outcomes are achieved and the benefits are realized. You must define and document the roles and responsibilities for the business case and the management of benefits. Finally, you must produce and maintain a benefits management approach.
The purpose of this theme is to define and set up a project management team structure which defines who is accountable and responsible on the project.
PRINCE2 is based upon a ‘customer/supplier environment’ whereby the customer organization specifies the result (the specialist products), and pays for the project, because it deems that the project can realize sufficient benefits in the future to make the project a worthwhile investment.
The supplier organization is the person or company who/which will supply the products which have been specified by the customer. On a project where all the work is being done in-house, then the customer and supplier will be part of the same organization.
The key decision-making role on the project is known as the project board which consists of 3 other roles: executive and senior user (both from the customer) and the senior supplier (from the supplier). It’s important to note however that the project board is not a democracy and ultimately, it’s the executive who takes the decisions, advised and supported by the other 2 roles.
The executive role can only be performed by one person and must be able to represent the business i.e. that part of the customer organization which is paying for the project). This role is ultimately accountable for the project.
The senior user role which is responsible for specifying and realizing benefits is also responsible for specifying the project’s requirements and products.
The senior supplier is accountable for the quality of the specialist products which they will deliver to the project.
Reviewing project documentation such as plans and a business case could be quite time-consuming so PRINCE2 recommends that project assurance can be delegated by the project board members to others. The project assurance role is all about assuring the project board independently of the project manager that the project is being conducted properly. Project assurance will give advice to the project manager and will review documents prior to their approval by the project board.
The project manager role is responsible for the day to day management of the project and reports on a regular basis the progress to the project board. This in the form of a highlight report. The project manager is responsible for keeping issues and risks under control, monitoring progress, taking corrective action when there is a slippage from the plan, and escalating exceptions to the project board.
Team managers manage teams of specialists who have the requisite skills to enable them to design and build the products which have been specified by the customer. They are responsible for delivering the specialist products, on time and within the agreed tolerances. They report on a regular basis to the project manager.
The change authority role is responsible for taking decisions about requests for change (RFC’s) and off-specifications (more later in the Change theme).
The project support role assists project and team managers with administration, writing of reports, monitoring of progress and with administering tools.
Some of the above roles can be shared (i.e. more than one person can perform the role). In PRINCE2 all roles can be shared EXCEPT for the executive and project manager roles.
Some roles can be combined (i.e. one person can perform multiple roles). However, the project assurance role can never be shared with the project manager, team manager or project support roles, otherwise they would not be independent of the project manager.
All of the above roles form the project management team and they are all stakeholders on the project. However, stakeholders are not just the members of the project management team, but they can be anyone who is affected by the project, be affected by the project or perceive themselves to be affected by it.
PRINCE2 recommends that a communication management approach is written which identifies all the project’s stakeholders, their information needs and the means and frequency of communication e.g. the quality assurance manager requires a copy of the weekly highlight report, written by the project manager.
You must define your project's organization structure and roles (by ensuring all responsibilities in PRINCE2’s role descriptions are fulfilled). You must define your project's approach to communicating and engaging with stakeholders and you must produce and maintain the project initiation documentation (PID), and a communication management approach.
The purpose of this theme is to define and implement the mechanisms whereby the project can establish whether the products are ‘fit for purpose’.
PRINCE2 defines quality as whether a product is ‘fit for purpose’ i.e. whether it meets its agreed and stated requirements. The project’s approach to the management of quality on the project is documented by the project manager in a quality management approach.
Many organizations have a quality management system (QMS) which is a corporate-wide set of quality policies, procedures and standards expected within the organization. The corporate role known as quality assurance (QA) is responsible for defining and maintaining the QMS and for checking that projects remains in compliance. QA often does this by performing a quality audit which looks for evidence of compliance on the project.
QA is not to be confused with quality control, which refers to the performing of those quality methods which will be used to check if a product is “fit for purpose”, the maintaining of quality and approval records, and the gaining of acceptance.
During the quality method, quality records will be maintained e.g. the details of the results of a test and then, based upon the results, the product shall be judged either fit for purpose or not. If it is fit for purpose then the product can be approved and approval records will be needed. This is often a signature on a form or an email and is an example of an approval record.
Once approved the product becomes a baseline. This usually entails giving it a version number and it then becomes subject to change control i.e. nobody is allowed to modify it without gaining approval after raising a request for change (RFC).
If the product is not fit for purpose, the supplier needs to perform some further work on the product to bring it up to a standard where it can be quality controlled once more.
On a project, the project manager is responsible for quality planning which means defining the quality control methods and the project’s acceptance criteria (the measurable attributes of the final product i.e. the product handed over to users at the end which will make it acceptable to the customer). Acceptance criteria are derived from the customer’s quality expectations (the high-level business requirements for the project) and these are agreed before the project begins.
Certain methods (acceptance methods) will need to be performed to check that the final product meets the criteria. If it does, then the project can be closed because it has delivered what it set out to deliver. Acceptance records will record the formal acceptance of the final product by the different stakeholders.
PRINCE2 defines a quality register where the results of quality methods are recorded. This enables the project manager to keep control over all the quality control activities which take place on a project.
You must define and maintain a quality management approach for your project which covers quality control and project assurance, and defines the roles and responsibilities for quality management. You must specify explicit quality criteria for products and maintain appropriate quality records. You must summarize those quality activities in some form of quality register. The customer’s quality expectations and prioritized acceptance criteria must be specified in a project product description and you must use lessons to inform quality planning on the project.
The purpose of this theme is to define how, when, for how much, by whom and where the project will deliver products.
PRINCE2 recommends 3 levels of plan each level matching the information needs of the 3 levels of the project management team. These are
- Project plan (used by the project board) containing project levels costs, timescales and control points. An updated version is created at the end of each stage to reflect actual progress and revised forecasts
- Stage plan (used by the project manager) for day-to-day management of the project. There is one for each management stage
- Team plan (used by a team manager) – covers all the work done by a team
It’s important to remember that exception plans are new plans (not updated versions of existing plans) and they can be used to replace stage plans or the project plan. In the latter case, it must be authorised by corporate management.
Plans not only specify which products will be delivered in the scope of the plan, but also the timescales and costs required. PRINCE2 recommends the following are included in the budget for a plan:
- money to fund the activities to create specialist products (and management activities)
- money to fund responses to risks (risk budget)
- money to fund authorised changes to baseline products (change budget)
- cost tolerance
PRINCE2 recommends an approach to creating all levels of plan called product-based planning. A key step is to define and analyse products. There are 4 steps:
- Writing a project product description - to define what the project must deliver in order to gain acceptance
- Creating a product breakdown structure - to show the products within scope (note: external products are those that already exist or are being created outside the scope of the plan)
- Writing product descriptions - for the major products
- Creating a product flow diagram - to define the sequence in which the products will be developed
There are several factors to consider when deciding on the number and length of management stages:
- The planning horizon at any point in time - it may depend upon the nature of the work
- The delivery steps – it’s beneficial if management stages align with end of delivery steps
- Alignment with programme activities
- The level of risk
You must ensure that plans enable the business case to be realized. You must have at least two management stages. You must produce and maintain a project plan, a stage plan for each management stage and exception plans when requested. You must use product-based planning when creating all plans. You must define the roles and responsibilities for planning and use lessons to inform all your planning. Finally, you must create and maintain a project product description, a product description for each product, and a product breakdown structure.
The purpose of this theme is to identify, analyse and control uncertainty and thereby improve the chances of a successful project.
In PRINCE2, a risk is defined as an uncertain event, which (if it occurs) will have an effect (either negative or positive) on the project’s objectives. A risk should NOT be confused with a project issue, which is an event which has happened but wasn’t planned. However, if and when a risk does actually occur then it becomes a project issue.
Risks can be either:
- threats (which have a negative impact), or
- opportunities (which have a positive impact).
Every organization has its own unique attitude towards risk taking. This is known as risk appetite.
Each plan in PRINCE2 will have a risk budget, which is money to be used to fund any risk responses.
Risk tolerance refers to the threshold level of risk, which once exceeded (or forecast to be exceeded) will result in an exception report being triggered i.e. an exception has occurred.
Information about all project risks are maintained in a risk register, and a risk management approach is written to outline the general approach to risk management during the project. Included in this approach is a description of the risk management procedure containing 5 steps:
- Identify - threats and opportunities are identified and described in terms of the cause (source of the risk), event (area of uncertainty), and effect (its impact).
- Estimate the probability (likelihood), impact, proximity (when it is likely to occur), and
- Evaluate the overall net effect of all risks
- Plan - one or more specific risk responses
- Implement - the chosen risk responses and assign:
- A risk owner – the individual responsible for managing the risk
- The risk actionee/s – the people(s) assigned to carry out the risk response(s).
- Communicate – report the status of risks to stakeholders using the various PRINCE2 reports
PRINCE2 defines 6 responses to threats: avoid, reduce, accept, transfer, share, and prepare contingent plans, and 6 responses to opportunities: exploit, enhance, reject, transfer, share, and prepare contingent plans.
After performing these responses to primary risks, there is usually some level of risk left over. This is known as residual risk. Any risks caused by performing risk responses are known as secondary risks.
You must define a risk management approach covering the risk management procedure to be used, and the roles and responsibilities for risk management. You must maintain some form of risk register to record and manage risks and must ensure that risks are identified, assessed, managed and reviewed throughout the project. You must use lessons to inform risk identification and management.
The purpose is to identify, analyse and control any potential and approved changes to baseline products (i.e. products that have been approved).
A baseline refers to a product which has undergone its quality controls, has been deemed ‘fit for purpose’ and has been approved by those with authority. At this point the product is usually given a version number e.g. version 1.0).
A project issue is an event which has happened, wasn’t planned and requires management action. There are 3 types:
- Requests for change (RFC) - request to change a baseline.
- Off-specifications - this requirement/product hasn’t/cannot be delivered.
- Problems/concerns – anything else.
If a project issue is forecast to exceed a tolerance (for time, cost, quality, scope, benefits or risk) it’s an
Project issues can be managed in 2 ways:
- Formally - requires formal advice from the project board – the issue gets logged in the v and an issue report is written.
- Informally – the issue gets recorded in the daily log.
The project’s approach to managing issues and changes is documented in a change control approach. This contains an issue & change control procedure which describes how all project issues will be managed. It contains 5 steps:
- Capture – record the issue either in the issue register or daily log
- Examine – perform an impact analysis (impact on cost, time, quality, scope, benefits, risks)
- Propose - consider alternative options for responding
- Decide – which option is the best overall value for money
- Implement – perform the recommended option(s)
A change authority reviews and approves RFC’s and off-specifications and by default is performed by the project board. A change budget is used to fund changes.
In order to make changes to a product effectively a project needs to be able to identify the different version of products. This is done using a configuration item record which records the status and version of a product. It is updated whenever the status of a product changes. To find out the status of a product at any time a product status account can be requested. This is a report which reports the status of one or more products. It can be useful for a project manager to find out whether a product has been approved or whether a product has undergone its quality methods.
You must define a change control approach to define your project's issue and change control procedure, and the roles and responsibilities for change control. The approach will also define how product baselines are created, maintained and controlled. You must ensure that all issues are captured and managed throughout the project and you must maintain some form of issue register to record issues and their related decisions. You must use lessons to inform issue identification and management.
The purpose is to put in place mechanisms (controls) to monitor and compare what has actually happened on the project against what should have happened, to control deviations from the baseline and to provide forecasts for the remainder of the project.
Progress control is achieved through:
- delegating authority from one level of management to the level below
- dividing the project into management stages and authorising the project one management stage at a time
- time-driven and event-driven progress reporting and reviews
- raising exceptions
The project’s controls should be documented in the project initiation documentation (PID).
Tolerances refer to the permissible deviation from plan before bringing to the attention of the next higher authority. Corporate management sets project tolerances, the project board sets stage tolerances and the project manager agrees work package tolerances with a team manager.
If project tolerances are forecast to be exceeded, the project board escalates (in the form of an exception report) to corporate management for a decision. If stage tolerances are forecast to be exceeded, the project manager escalates (in the form of an exception report) to the project board for a decision. If work package tolerances are forecast to be exceeded, the team manager escalates (in the form of a project issue) to the project manager for a decision.
Monitoring and reporting requires a time-based approach whereas controlling the project (i.e. decision making) requires an event-based approach. PRINCE2 defines 2 types of progress control:
- Time-driven controls – created at agreed frequencies (e.g. highlight reports and checkpoint reports)
- Event-driven controls – these take place when a specific event occurs (e.g. exception report or issue report)
Some other examples of event-driven controls are:
- Work package - authorized by a project manager to trigger the work done by a team
- Lessons log - contains lessons often learned in the reviewing of progress e.g. checkpoint report
- Lessons report – used by corporate management to improve standards and to collect statistics to help future estimating
- End stage report - used by the project board to assess the project's continuing viability at the end of a stage
- End project report - used by the project board to evaluate the project and authorise closure
The progress controls used by a project manager include:
- Baselines: project plan, stage plan, exception plan, work package
- Reviewing progress: issue register, risk register, quality register, product status account, daily log
- Capturing/reporting lessons: lessons log, lessons report
- Reporting progress: checkpoint report, highlight report, end stage report, end project report
You must define your project's approach to controlling progress in the project initiation documentation (PID). You must manage by stages, set tolerances and manage by exception against these tolerances. You must review the business justification when exceptions are raised and learn lessons throughout the project.
By now, if you have learned the definitions provided in bold in this article and the other two in the series, you should be well-placed to pass the PRINCE2 Foundation exam with flying colours. Good luck with your exam.