One of the greatest challenges in projects is the need to comply with certain rules and regulations, both internal and external to the organization executing them. Traditionally, compliance is documented as requirements (typically non-functional) during the project planning phase; however, there are organizational elements that make this compliance even more complex. This paper identifies the concept of compliance as superior to the compliance project goals, and aligns the concepts proposed in A Guide to the Project Management Body of Knowledge (PMBOK® Guide)—Fourth Edition, from a framework perspective. It also proposes tools to improving the results of compliance in projects.
Historically, the implementation of projects has been framed in a series of best practices that recently have been codified under the auspices of the Project Management Institute (PMI). Such practices are now reflected in the PMBOK® Guide, whose fourth edition was published in 2008.
The PMBOK® Guide proposes a range of tools and processes to managing projects under a series of standardized concepts. Erroneously, the PMBOK® Guide has been considered a methodology, and many project managers use it as a guide for the step-by-step implementation of the tasks of a project.
On the other hand, many industries and governments have been standardizing and requiring operations, processes, governance, and other elements of the management of a business to be governed by a series of standards. These standards ensure the public that the products or services provided by the organizations meet the minimum standards of quality, stability, security, and reliability, as expected under certain criteria.
However, there is a large gap in the way such requirements and standards are reflected in the process of implementing a project. In general, typical project management practices consider these standards in one of two ways: Inputs in the meaning the PMBOK® Guide called “environmental organizational aspects,” affecting many of the 42 processes defined in the text, or as requirements documented in the scope of the project. However, these options do not cover a critical aspect of compliance: rules and regulations are living entities of multiple dimensions not always covered by the scope of the project.
Here is a practical example: Bank A is covered by a set of government regulatory rules. These standards require compliance with certain activities to be implemented at different levels of the organization. The bank decides to make changes to its transactional platform and, of course, considered the inclusion of requirements in the scope of the project, for example, to make sure that the audit is present in the “user acceptance testing.” Traditional project management methodology assumes the project members know the regulatory standards and, therefore, the technical requirements and design specifications, and the development itself reflects those standards. In the testing phase, the audit becomes involved and discovers that some of the components do not conform to those standards. This leads to rework of components of the project, with its consequent over budget and delays. In other words, the original assumption of full knowledge of the implications of the rules was false.
Based on almost 20 years of experience in the administration of projects in diverse industries (and pressured by the constant need for increased compliance with laws and regulations), the author of this document recognized the need to add an additional layer to the traditional practices of project management to achieve greater visibility of compliance aspects. After consulting with various sources, analyzing several methodological proposals in various industries, and managing projects under various methodologies, the use of the concept of “compliance” emerged as the best choice to achieving positive results.
The adaptation to various methodologies and more than 15 projects executed under this framework has proven its efficiency, as well as the ability to ensure compliance under various rules and regulations.