## **Learning Outcomes**

After reading this article, you will be able to identify and plan for compliance requirements in a project context, distinguish between internal and external compliance, and explain the project manager's responsibilities in maintaining compliance throughout the project life cycle. You will understand how to classify compliance needs, support compliance using appropriate methods, and assess the effect of non-compliance, ensuring readiness for relevant PMP exam scenarios.

## **PMP Syllabus**

For PMP, you are required to understand how to plan and manage project compliance. This includes recognizing compliance requirements, supporting compliance efforts, and analyzing non-compliance risks. During revision, focus on:

- Confirming and classifying project compliance requirements (such as legal/regulatory, safety, and security).
- Determining potential threats to compliance throughout the project.
- Using processes and methods to support compliance (e.g., documentation, audits, training).
- Analyzing and explaining the consequences of non-compliance for the organization and project objectives.
- Knowing the project manager's accountability for compliance-related planning and monitoring.
- Measuring project compliance and reporting status to stakeholders as required.

## **Test Your Knowledge**

_Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision._

1. Which of the following is most likely to be a source of an external project compliance requirement?
   a) Project team ground rules
   b) Internal HR policy
   c) Governmental safety regulation
   d) Stakeholder expectation

2. A project manager discovers that a critical deliverable does not comply with a mandatory industry standard. What is the best action?
   a) Document the issue and take no further action
   b) Revise the deliverable to achieve compliance
   c) Ignore and move to the next phase
   d) Only inform the team, not stakeholders

3. When planning compliance, the project manager should first:
   a) Wait for an external audit to find issues
   b) Identify and confirm all compliance requirements relevant to the project
   c) Focus only on internal guidelines
   d) Assume all deliverables will be compliant by default

## **Introduction**

Project compliance is essential to deliver a project that is legally permitted, safe, and consistent with both internal and external requirements. Failure to maintain compliance can cause severe penalties, shutdowns, reputational harm, or even cancellation of the project. Planning for compliance means systematically confirming, categorizing, and tracking requirements, putting support systems in place, and preparing for potential threats.

### What Is Project Compliance?

Project compliance is adherence to all relevant rules, regulations, and standards that may affect the project. These can be imposed by law (external) or originate within the organization (internal).

> **Key Term: Project compliance**
> The process of ensuring that all project activities, deliverables, and outcomes conform to mandatory legal, regulatory, and organizational requirements.
>
> **Key Term: Compliance requirement**
> Any specific rule, law, standard, or guideline that the project must satisfy to remain valid or operational.

### Compliance Categories

Compliance requirements can be classified into two main groups:

#### 1. External Compliance

These requirements are set by outside parties and typically cannot be negotiated. Common examples include:

- **Legal and regulatory:** Laws passed by government/authorities (e.g., data privacy, employment, environmental impact, health and safety).
- **Industry standards:** Recognized best practices or certifications (e.g., ISO, OSHA, FDA).
- **Societal norms:** Local community expectations or environmental norms.

#### 2. Internal Compliance

These refer to rules, processes, and policies developed within the organization, such as:

- **Organizational governance:** Standard operating procedures, reporting structures, escalation paths.
- **Internal policies:** HR guidelines, IT protocols, procurement requirements, quality procedures.
- **PMO/Project management processes:** Templates, reporting formats, document version control, approval chains.

> **Key Term: Internal compliance**
> Requirements that originate from organizational policies, standards, procedures, or project management guidelines set by the company.
>
> **Key Term: External compliance**
> Requirements imposed by legal, regulatory, or industry bodies and are outside the direct control of the performing organization.

### Sources of Compliance Requirements

To plan effectively, the project manager must confirm compliance requirements using:

- Project charter, contracts, and agreements
- Regulatory databases or legal advisors
- PMO guidelines and templates
- Lessons learned from prior projects

### Methods to Support Project Compliance

Compliance planning is not passive; the project manager is responsible for active support. Effective support methods include:

1. **Documentation and Tracking:** Keep a central compliance register listing all requirements, responsible parties, deadlines, dependencies, and status.

2. **Training:** Ensure all relevant team members are aware of compliance needs by including them in onboarding and ongoing training sessions.

3. **Audits and Reviews:** Schedule internal audits or compliance checks at predefined points to confirm adherence.

4. **Clear Communication:** Communicate requirements and progress with stakeholders, regulatory bodies, and auditors.

5. **Templates and Checklists:** Use organization-provided templates to standardize compliance tracking and avoid missed obligations.

6. **Escalation Paths:** Define procedures to resolve or escalate compliance issues quickly.

> **Key Term: Compliance register**
> A document that records all compliance requirements, their status, responsible persons, and associated deadlines.

### **Worked Example 1.1**

_A multinational engineering project is required to satisfy both country-specific labor laws and a unique internal safety policy. How should the project manager plan for compliance?_

> **Answer:** The project manager should identify and categorize all compliance requirements (external legal and internal policy), assign responsibilities, document them in a compliance register, train team members on each requirement, and monitor execution with regular compliance checks.

### Common Threats to Compliance

Several factors can threaten project compliance, such as:

- Ignorance or misunderstanding of the requirements
- Changes to laws or standards mid-project
- Failure in documentation, tracking, or version control
- Overlooking regulatory details in scope changes
- Lack of stakeholder involvement in compliance discussions

### Consequences of Non-Compliance

Non-compliance may result in:

- Project delays or shutdowns from regulatory stop orders
- Legal penalties (fines, lawsuits)
- Reputational damage to the organization
- Loss of licenses, certifications, or contracts
- Additional costs for remediation and rework
- Safety incidents or harm to the public

> **Key Term: Non-compliance**
> The failure to meet one or more mandatory internal or external requirements, putting the project or organization at risk of penalties or harm.

### **Exam Warning**

> Neglecting compliance requirements or assuming they only apply at project closure is a frequent error on the PMP exam. Compliance must be planned and tracked from initiation through closing, and lapses are the project manager's responsibility to prevent—not just the organization's legal team.

### Measuring and Monitoring Compliance

- Set up regular reviews to confirm that requirements are being met.
- Track open compliance actions to closure.
- Document evidence of compliance (e.g., certificates, test reports, audit findings).
- Adjust compliance plans in response to changes in law, standards, or internal policies.

### **Worked Example 1.2**

_A project to implement a new IT system discovers halfway through that a new regulation affecting data handling has been enacted. What actions should the project manager take?_

> **Answer:** The project manager must update the compliance register, clarify the new requirements with legal or regulatory advisors, communicate required changes to the team and stakeholders, revise project plans or deliverables as necessary, and verify ongoing compliance through targeted audits.

### **Revision Tip**

> In the exam, when asked about the best next action on a compliance issue, choose steps that are proactive (plan, train, track), not just reactive (wait for audit/find an issue). Compliance is a continuous, managed process on all projects.

## **Summary**

Project compliance is an active and ongoing process beginning at project initiation. Requirements come from both internal and external sources and must be documented, categorized, and tracked throughout the life cycle. The project manager plays a central role in planning, controlling, and reporting compliance, and must act quickly to address new obligations or breaches, as the consequences can be severe.

## **Key Point Checklist**

_This article has covered the following key knowledge points:_

- Compliance requirements may be internal (organizational) or external (legal, regulatory, or industry standards).
- The project manager is responsible for planning, tracking, and reporting project compliance.
- A compliance register is used to track requirements, responsible persons, status, and deadlines.
- Active compliance support includes documentation, training, audits, communication, and clear escalation paths.
- Non-compliance can result in penalties, work stoppages, loss of contracts, reputational damage, and increased costs.
- Compliance must be addressed throughout the entire project life cycle—not just at closing.
- Monitoring compliance involves regular reviews, documentation, and updating plans in response to new requirements.

## **Key Terms and Concepts**

- Project compliance
- Compliance requirement
- Internal compliance
- External compliance
- Compliance register
- Non-compliance


Compliance and value management - Planning and managing project compliance