In any project, change is inevitable whether it comes from within the project or from external sources, therefore it makes sense to have an agreed process in order to identify, assess and control any potential and approved changes to what was originally agreed for the project.
What is needed is a systematic and common approach. Once the project plan and other key associated documents have been approved, these become the project "baselines" and can only be changed after approval by the appropriate authority, normally the Project Board. Change control is not there to prevent changes, but to ensure that every change is agreed by the relevant authority before implementation.
An important and vital element, is the projects use of configuration management (CM). Configuration management may be provided as a continuous organisational service or be provided by a Project Support Office (PSO). Everything that the project produces is subject to configuration management, this includes management documentation as well as specialist products and deliverables. It is important therefore to integrate the use of change control procedures with the configuration management system used by the project.
The system that is set-up to manage change should also include the management of the general issues. An Issue Register should be set up early in the project to capture and assist in the management of change and issues. A configuration management strategy document must be created as part of planning and this defines the way in which changes and issues are to be managed and handled throughout the project.
The difference between an issue and a risk is that the issue has already happened, whereas a risk is something that may or may not happen at some point in the future.
Whenever an issue is raised, it may be managed informally, usually by the project manager, however if it is to be managed formally then the project manager would enter it into the issue register before proceeding any further. The PRINCE2 methodology states that an Issue Report is created in tandem and contains supplementary information regarding that particular issue.
Changes come in two flavours:
Request For Change (RFC). This comes from the customer or user and is a request to change one of the project baselines in some way. If there are any extra costs involved in implementing the RFC, then the customer would normally pay for it. Since all RFC's are a change to what had been originally agreed, it is normally the Project Board alone will have the authority to agree such changes.
Off Specification. These are normally raised from the supply side of the project, and details some aspect that should be provided by the project, but currently is not, or is forecast not to be provided. This might include products or deliverables that are missing, or a product not meeting its specification or quality criteria.
At the beginning of a project it needs to be decided how changes and issues are to be prioritised, and it is usual that a ratings system might include terms such as, Must Have, Should Have, Could Have, or Won't Have For Now. Such definitions need to be agreed.
Another aspect that needs to be decided is whether or not the Project Board or senior management wanted to be involved in reviewing all project changes. If many changes are predicted then it may make sense for the Project Board to appoint a change authority who would make decisions on such changes on behalf of the Project Board. In such cases, the "rules of engagement" needs to be determined.
For example, the change authority would only deal with low cost changes. Another aspect is setting up a change budget for the change authority to use to fund any approved changes and their implementation. Such additional budgets should be captured within the project plan before sign-off.
Onwards to the change control procedure itself...
Step 1. Whenever a change or issue is raised, it should be categorised and entered in the issue/change register.
Step 2. An impact analysis should now be carried out and will normally involve relevant specialist team members.
The impact analysis should consider the change or issue impact (which may be positive or negative) on a variety of projects aspects such as:
- Time
- Cost
- Quality
- Scope
- Business Case
- Benefits
- Risk
The change or issue should be prioritised, first, by the originator, and second, after impact analysis. It is important when carrying out the above impact analysis, that representatives from the project business area, the users of the end products, and those who are supplying resources to the project, are fully involved so that a balanced decision can be reached.
Step 3. Having understood the full impact of the change or issue, the next step is to consider alternative options and proposing the best actions to take in order to resolve the issue or implement the change. A balanced view is needed and consideration should be given all these options on the projects duration, cost, quality, scope, benefit, and risk performance targets. The advantages gained should be balanced against the impact of implementing the issue or change.
Step 4. A decision is now needed whether or not to implement the change. For a RFC, this would normally need escalating to the Project Board for their decision, whereas an Off-Specification may be decided by the project manager if they have sufficient authority.
If the project is using Management By Exception where tolerance boundaries have been set, then should any proposed implementation deviate beyond these tolerances, the Project Board must be involved in the decision whether to implement or not.
During implementation, the project manager should ensure that its status is reported to the Project Board up to the point when the issue or change has been fully implemented.