Search the PMO Conference Library

Watch back all our PMO Conference sessions

PMO Library | Free Articles | Inside PMO | PMO Book Shelf

The Role of the PMO in Effective Project Assurance

PostedFebruary 14, 2025
ByLindsay Scott
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%

In this session, recorded at the PMOLearn! the event in Edinburgh in November 2024, assurance expert Roy Millard focused on the role of the PMO in effective assurance.

For any PMO that includes assurance-focused services, this session looks at the different mechanisms offered by the PMO and how they fit within the Three Lines of Defence Model. During the PMOLearn! session, delegates are also invited to take part in practical exercises which allow them to talk and discuss with other professionals at their table, you’ll see the exercises included in this article.

Key highlighted here include the common services expected by the PMO and also some of the barriers to implementation of these services too.

Recorded Session

Presentation Deck

Download the Deck

Insights

This session focused on the role of PMOs in project assurance and their evolving responsibilities. Kicking off with the definition so everyone is on the same page:

1. The Definition

Definitions and perceptions of assurance vary widely, making clarity essential.

The dictionary definition was:

n. Emphatic declaration, guarantee; self-confidence, assertiveness; insurance esp. of life; certainty. (Source: The Pocket Oxford Dictionary.)

1.the act of assuring

2.the state of being assured; sureness; confidence; certainty

3.something said or done to inspire confidence, as a promise, positive statement, etc.; guarantee

(Source: www.yourdictionary.com)

 

And the definition from the APM:

“Assurance provides confidence in the likelihood of successful project delivery“

However that definition needs to go further: “Assurance ensures confidence in project success and identifies areas for improvement.”

It is the need for improvement that is required in assurance activities too.

 

2. PMO’s Role in Assurance

Historically PMOs were not seen as playing a role in assurance due to their close ties with project teams, which could compromise independence.

Over time, both assurance practices and PMOs have evolved, allowing PMOs to play a more significant role in project, programme, and portfolio assurance.

PMOs are now recognised as key players in ensuring compliance, oversight, and continuous improvement in project delivery and play crucial roles in planning, monitoring, and reviewing assurance activities.

 

3. Three Lines of Defence Model

The Three Lines of Defence Model was introduced as a useful framework for understanding assurance responsibilities. You can check out another session which also covers this model here. The model consists of:

First Line of Defence (Operational Controls)
  • Day-to-day management and execution of projects.
  • Ensuring projects follow defined frameworks, standards, and processes.
  • The PMO’s role:
    • Setting up governance frameworks and processes.
    • Defining risk management and reporting structures.
    • Providing tools and templates for compliance.
Second Line of Defence (Oversight & Compliance)
  • Independent monitoring of project adherence to governance frameworks.
  • Performing compliance checks and health assessments.
  • The PMO’s role:
    • Conducting quality reviews and health checks.
    • Ensuring project managers follow governance guidelines.
    • Tracking and reporting non-compliance.
    • Supporting decision-making by providing project insights.
Third Line of Defence (Independent Assurance)
  • Internal audit or external reviews to assess project governance and risk management.
  • Ensuring the entire assurance structure functions effectively.
  • The PMO’s role:
    • Typically, PMOs do not operate in this line due to a lack of independence.
    • However, some portfolio-level PMOs may contribute to independent assurance by overseeing multiple projects and providing a strategic view.
    • PMOs could facilitate external audits and maintain lessons-learned repositories.

 

4. Specific PMO Assurance Services

The PMO Service Catalogue was referenced in the session with five primary services PMOs could provide in assurance outlined:

1. Monitoring Compliance

  • Tracking adherence to project management frameworks, methodologies, and governance standards.
  • Reporting any non-compliance to senior management.
  • Some organisations shift the messaging to “identifying areas for improvement” rather than “policing” projects.

2. Supporting Sponsors & Stakeholders in Assurance Planning

  • Helping project sponsors develop effective assurance plans.
  • Ensuring that assurance activities are integrated into project planning.
  • Coordinating multiple assurance activities across a project lifecycle.

3. Organising and Conducting Reviews

  • PMOs may:
    • Facilitate internal project reviews (e.g., gate reviews, quality reviews).
    • Support independent reviews by external parties.
    • Conduct their own health checks and audits.
  • Challenges:
    • Ensuring reviews are seen as valuable rather than bureaucratic.
    • Ensuring review processes do not duplicate efforts or create unnecessary overhead.

4. Managing Review Actions

  • Logging and tracking actions from assurance reviews.
  • Ensuring follow-ups happen on key recommendations.
  • Helping projects understand why assurance actions are needed and ensuring they are acted upon.

5. Using Knowledge Management & Predictive Analysis

  • Capturing lessons learned and ensuring knowledge from assurance activities is shared across projects.
  • Using historical data to spot trends in project failures and success factors.
  • Exploring predictive analytics and AI for assurance, though this is still emerging.

 

5. Challenges in Implementing PMO Assurance Services

The session ended with a discussion on barriers to implementing these services, some of those highlighted included:

  • Perception of PMOs as “Project Police”

    • Many organisations view PMOs as compliance enforcers rather than enablers.
    • Language is crucial—some PMOs now frame assurance as “opportunities for improvement” rather than “compliance monitoring”.

  • Senior Management Buy-In

    • PMOs need leadership support to be effective in assurance.
    • If senior leaders do not see the value in assurance, PMOs struggle to enforce standards.

  • Behaviour & Cultural Resistance

    • Many organisations resist formal assurance processes, seeing them as bureaucratic.
    • PMOs must focus on delivering real value through assurance, rather than just following rigid processes.

  • Defining PMO Scope in Assurance

    • PMOs must balance how much assurance they provide versus what should be handled by project teams.
    • In some cases, PMOs define assurance frameworks, but leave execution to delivery teams.

The Practical Exercise

The first part of the exercise was to identify different P3 assurance mechanisms. Each table worked separately on the task. An example:

The second part of the exercise was focused on organising these assurance mechanisms against each of the three lines of defence or typically where and when you would see these mechanisms being carried out.

Here are some of the examples:

The final exercise was a discussion around a particular service which each table decided to focus on – the questions to answer included (a) what is the value of this service to the organisation and (b) what are the challenges of implementing this service in your organisation.

 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
Please Share Your Feedback
How Can We Improve This Article?
Tags:
Table of Contents