Enterprise Project Governance: How to Manage Projects Successfully Across the Organization


Dealing with Uncertainty

By Paul Dinsmore & Luiz Rocha

Rio de Janeiro, Brazil

The Development of Risk Management

Before the early 1980s, risk was relatively new to those outside the insurance industry. At that time companies were able to transfer certain risks to insurance companies. These transferred risks related to natural catastrophes, accidents, human error or fraud. Later, companies began to look more closely at financial risks, like exchange rates, commodity prices, interest rates and stock prices. This was the beginning of financial risk management as a formal system.

A major drive towards more formalized approaches to risk management, corporate governance and internal controls resulted from the high-profile collapses of major corporations since the late 1990s. These scandals found executives testifying that they were unaware of unethical activities carried on by their companies.  This prompted new regulatory environments such as Sarbanes-Oxley (SOX) in the US, the Combined Code on Corporate Governance in the UK and the Basel II Accord for the banking sector, all with a strong focus on internal controls and making company executives responsible for establishing, evaluating and monitoring the effectiveness of their company’s internal control structure.  The most widely accepted definition of internal control was developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO): “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; compliance with applicable laws and regulations.”

The most contentious aspect of SOX is Section 404, which requires management to produce an annual internal control report which must affirm the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. The report must also contain an assessment of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

Internal controls are fundamental to the successful operation and day-to-day running of a business and assist the company in achieving their business objectives. The scope of internal controls is very broad. It encompasses all controls incorporated into the strategic, governance and management processes, covering the company’s entire range of activities and operations, and not just those directly related to financial operations and reporting. The scope is not confined to those aspects of a business that could broadly be defined as compliance matters, but extends also to the performance aspects.


To read entire article (click here)

This series includes articles by Paul Dinsmore and Luiz Rocha, authors of the book Enterprise Project Governance, published by AMACOM in the USA in 2012.  The articles are extracts and summaries of key topics from their book, providing information and guidance on one of the most important aspects of portfolio, program and project management today – governance.  For information about the book, go to http://www.amacombooks.org/book.cfm?isbn=9780814417461

About the Authors

paul-dinsmoreusa-brazilPaul C. Dinsmore

Paul Dinsmore is President of Dinsmore Associates, and a highly respected specialist in project management and organizational change. A certified project management professional (PMP), he has received the Distinguished Contribution Award and Fellow Award from the Project Management Institute (PMI®). He regularly consults and speaks in North America, South America, Europe and Africa.  Paul is the author and / or editor of numerous articles and 18 books, including the AMA Handbook of Project Management. Mr. Dinsmore resides in Rio de Janeiro, Brazil.

luiz-rochaflag-brazilLuiz Rocha

Luiz Rocha has 35+ years of experience in the industry and business consulting. Luiz worked with Andersen Consulting and Delloite in the USA and Europe when he had the opportunity to manage multi-cultural and geographically dispersed projects in Latin America, North America and Europe. In Brazil he worked with Dinsmore Associates and Petrobras. Luiz is an engineer by background, MSc. in industrial engineering from UFRJ – Brazil, PMP-PMI and IPMA certifications. He is also a published author with two previous books, Business Metamorphosis, in Brazil, and Mount Athos, a Journey of Self-Discovery, in the USA. Luiz can be contacted at [email protected].