pillar: “pillar-5” tags: [“PMO”, “Portfolio Management”, “Governance”, “Checklist”, “Frameworks”, “Templates”] categories: [“Tools, Frameworks & Templates”] author: “Glen Fullerton” featured: false

Executive Summary

Portfolio governance is easier to perform than to perform well. A PMO can conduct governance reviews, maintain risk registers, produce status reports, and run steering committee meetings — all of the visible activities of governance — without actually governing the portfolio in any meaningful sense.

The difference between governance as activity and governance as function comes down to whether the right questions are being asked, answered with sufficient accuracy, and used to drive decisions. A portfolio governance review that does not surface the portfolio’s highest risks, does not assess whether the organization is overcommitted, and does not produce actionable recommendations for executive decision-making is a reporting exercise, not a governance exercise.

This checklist is designed for PMO leaders who want to assess whether their portfolio governance is functioning as designed — and for those preparing to establish or significantly strengthen portfolio governance in their organizations. It covers five governance domains: strategic alignment, capacity and feasibility, risk and dependency management, delivery performance, and executive decision support. Each domain includes the specific questions that rigorous portfolio governance must be able to answer, and the indicators that distinguish genuine governance from governance theater.

The checklist is intended as a quarterly governance health assessment, not a daily operations tool. Used consistently, it surfaces governance gaps before they become portfolio failures and creates a structured basis for governance improvement investment.

How to Use This Checklist

Work through each domain in sequence. For each question, assess whether your current governance structure and data can answer it with confidence. Use the following rating:

Green — The question can be answered accurately from current governance data, without offline analysis or estimation.

Yellow — The question can be answered approximately, but the answer requires significant manual effort, estimation, or data reconciliation that reduces confidence.

Red — The question cannot be answered reliably from current governance data, or the answer would require more than two days of analytical work to produce.

At the end of each domain, the pattern of ratings tells you where governance is strong, where it is weak, and where investment is most needed. A portfolio governance structure with predominantly Green ratings across all five domains is functioning as a genuine governance capability. Consistent Yellow or Red ratings indicate structural gaps that no amount of reporting enhancement will resolve.

Domain 1: Strategic Alignment

Strategic alignment governance answers the fundamental question: is the portfolio delivering what the organization decided to prioritize?

This sounds straightforward. In practice, most portfolios accumulate programs approved against strategic priorities that have since shifted, programs whose connection to current strategy is indirect at best, and programs that represent organizational inertia rather than active strategic choice. A portfolio that has not been assessed for strategic alignment in more than six months is almost certainly carrying programs that no longer represent the best use of the organization’s delivery capacity.

Checklist Questions:

☐ Can you produce a current list of the organization’s active strategic priorities — specific enough to assess program alignment against them — without spending more than an hour locating and consolidating source documents?

☐ For each active program in the portfolio, can you articulate the specific strategic priority it supports and the mechanism by which it contributes to that priority’s achievement?

☐ Have you conducted a formal strategic alignment review of the portfolio within the last six months? Did that review result in any programs being deprioritized, deferred, or cancelled?

☐ Do you have a defined process for reassessing portfolio alignment when organizational strategic priorities change — for example, following a major business event, leadership change, or strategic planning cycle?

☐ Are there programs in the current portfolio that you would struggle to connect to a current strategic priority with a specific, credible argument — as opposed to a general connection to broadly applicable objectives like “operational efficiency” or “customer experience”?

☐ When you present the portfolio to executive leadership, do you present it organized by strategic priority — showing which programs are contributing to which objectives — or primarily by operational category or delivery status?

Domain Assessment: Predominantly Green ratings indicate strategic alignment governance is functioning. Yellow or Red ratings on the alignment review question or the program-to-priority connection question indicate that the portfolio may be carrying strategic deadweight — programs consuming delivery capacity without clear current strategic justification.

Domain 2: Capacity and Feasibility

Capacity governance answers the question the portfolio most needs answered and most organizations cannot answer accurately: can we deliver what we have committed to?

Portfolio overcommitment is the most consistent structural failure in enterprise portfolio management. It is also the most preventable — if capacity is treated as a governance input rather than a post-hoc explanation for delivery shortfalls. A portfolio governance structure that does not maintain current capacity visibility is not governing the portfolio’s feasibility. It is managing the consequences of feasibility decisions it never made.

Checklist Questions:

☐ Do you maintain a current view of organizational delivery capacity by functional area — engineering, architecture, program management, business analysis, and any other functions that represent significant delivery constraints in your portfolio?

☐ Is your capacity view updated at least monthly, and does it reflect actual available capacity (accounting for operational obligations, production support, leave, and non-project time) rather than theoretical headcount?

☐ Can you produce a current comparison of total committed portfolio demand versus available delivery capacity, by functional area, without more than a day of manual data collection and reconciliation?

☐ Do you know which functional areas are currently overcommitted — committed to more work than their available capacity supports — and by approximately how much?

☐ When a new program is approved for the portfolio, is the capacity impact assessed against the current portfolio commitment before approval, or is capacity assessment deferred to resource planning during program initiation?

☐ Have you had a formal portfolio capacity review with executive leadership in the last quarter? Did that review result in any portfolio reprioritization decisions based on capacity constraints?

☐ Do your portfolio reports include a capacity utilization view, or do they report only on delivery status without reference to the capacity picture?

☐ Can you estimate, with reasonable confidence, the capacity impact of approving a hypothetical new program of average size for your portfolio — how much of available capacity it would consume and which existing commitments would be affected?

Domain Assessment: Capacity governance is the domain where most PMOs have the most significant gaps. Red ratings on the capacity-versus-commitment comparison and the new program capacity impact questions are the most consequential — they indicate that the portfolio’s feasibility cannot be assessed at the governance level, which means overcommitment will be discovered during execution rather than prevented at intake.

Domain 3: Risk and Dependency Management

Risk governance answers the question that executive leadership most needs answered and least often gets: what are the threats to portfolio delivery that require leadership attention or action now?

The distinction between risk management as a documentation exercise and risk management as a governance function is stark. Documentation-oriented risk management produces comprehensive risk registers, well-formatted risk matrices, and regularly updated probability-impact assessments. Governance-oriented risk management surfaces the risks that matter — the ones that could materially affect portfolio outcomes — at the governance level, in time for leadership to take action that changes outcomes.

Checklist Questions:

☐ Can you identify, without consulting the risk registers, the three highest-risk programs in the current portfolio and the primary risk driver for each?

☐ Does your portfolio-level risk view distinguish between risks that are being actively managed within program governance and risks that require escalation to executive governance for decision or resource allocation?

☐ Have any risks been escalated from program governance to executive governance in the last quarter? If yes, were they escalated before they became delivery problems, or after?

☐ Do you maintain a cross-program dependency map that shows which programs have dependencies on deliverables from other programs, and is it actively maintained — updated when program plans change — rather than created at program initiation and not revisited?

☐ Can you identify the three highest-risk dependencies in the current portfolio — the dependencies whose failure would cause the most significant cascade impact across the portfolio?

☐ Do your portfolio governance reviews include a dependency status update that surfaces dependency risks that are approaching materialization, rather than simply confirming that dependencies are being tracked?

☐ Is there a defined escalation path for dependency conflicts — situations where one program’s delay will affect another program’s delivery — and has that escalation path been used in the last six months?

☐ Does your portfolio risk view incorporate external risks — regulatory changes, vendor stability, technology changes, organizational events — or is it limited to program-internal delivery risks?

☐ When you present risk information to executive leadership, does the presentation result in executive decisions or actions, or primarily in acknowledgment and continued monitoring?

Domain Assessment: The escalation question is the most diagnostic in this domain. Risk governance that never results in executive action — because risks are either managed within program teams without escalation or escalated after they have already damaged delivery — is not functioning as a governance capability. Red ratings on the escalation effectiveness questions indicate that risk management is operating as a documentation discipline rather than a governance function.

Domain 4: Delivery Performance

Delivery performance governance answers the question that portfolio status reporting most often addresses but least often answers well: are we actually delivering what we committed to?

The gap between status reporting and delivery performance governance is significant. Status reporting describes current state — milestone completion, schedule variance, budget utilization. Delivery performance governance assesses trajectory — whether the program is on a path to deliver its committed outcomes, and whether the current delivery rate and risk profile support the committed timeline and budget.

Checklist Questions:

☐ Do you track delivery predictability at the portfolio level — the percentage of programs that deliver what they commit to, when they commit to it — and has that metric improved over the last four quarters?

☐ For programs currently showing schedule variance, do you have a view of whether the variance is being recovered or compounding — and what the realistic completion timeline is based on current delivery rate rather than the original plan?

☐ Can you distinguish, in your portfolio view, between programs that are on track to deliver their committed outcomes and programs that are on track to complete their scope but may not deliver the outcomes the business case projected?

☐ Do your governance reviews include a forward-looking assessment — what do the next 90 days look like for the portfolio, and what are the decisions or interventions required to maintain delivery commitments — rather than focusing primarily on what happened in the last reporting period?

☐ Is there a defined trigger for escalating programs from program-level governance to portfolio-level governance — based on schedule variance, cost variance, risk escalation, or outcome risk — and is that trigger applied consistently?

☐ Do you track the accuracy of program estimates at completion — comparing original estimates to actual outcomes — and use that data to improve future estimation accuracy?

☐ When a program completes, is there a formal review of whether the original business case outcomes were achieved? If yes, are those findings fed back into intake evaluation criteria for future programs of similar type?

☐ Do programs in your portfolio have clearly defined benefit realization metrics — specific, measurable outcomes that will confirm the business case has been achieved — and are those metrics tracked post-implementation?

Domain Assessment: The delivery predictability and forward-looking assessment questions are the most diagnostic. A governance structure that tracks what happened but cannot assess what is likely to happen has limited governance value for executive decision-making. Red ratings on these questions indicate that portfolio governance is operating as a historical record rather than a decision-support function.

Domain 5: Executive Decision Support

Executive decision support governance answers the meta-question: is portfolio governance producing the intelligence that executive leadership needs to make portfolio-level decisions?

This domain is the test of whether all of the governance activities in the preceding four domains are adding up to something useful. A PMO can have strong strategic alignment governance, reasonable capacity visibility, a functioning risk escalation process, and meaningful delivery performance tracking — and still fail at executive decision support if those governance activities do not connect to a coherent, decision-oriented intelligence product that executive leadership actually uses.

Checklist Questions:

☐ In the last quarter, can you identify at least two specific portfolio-level decisions that executive leadership made using intelligence produced by the PMO’s governance process?

☐ Do executive governance forums — portfolio steering committees, investment reviews, strategic planning sessions — regularly result in documented decisions, or primarily in acknowledgment of status and continuation of existing plans?

☐ Is the PMO involved in the preparation of executive-level discussions about portfolio priorities, investment allocation, or strategic program decisions — or does the PMO learn about those decisions after they have been made?

☐ Does your primary executive governance deliverable — whether a portfolio review deck, a leadership brief, or a dashboard — lead with the questions executive leadership needs answered rather than with a comprehensive status summary?

☐ Can you answer the following questions from current governance data, without more than two hours of preparation: What is the highest-risk program in the portfolio and what should leadership do about it? Where is the portfolio overcommitted and what should be reprioritized? What decisions does leadership need to make in the next 30 days to protect portfolio delivery commitments?

☐ When you present to executive leadership, does the presentation generate questions and decisions, or primarily acknowledgment?

☐ Has any executive leader consulted the PMO proactively — outside of scheduled governance forums — for portfolio intelligence to inform a decision they were making? If yes, how frequently?

☐ Do executive sponsors of active programs view the PMO as a governance partner that helps their programs succeed, or as a reporting and compliance function that creates administrative burden?

Domain Assessment: The proactive consultation question is the most revealing in this domain. When executive leaders consult the PMO outside of scheduled forums because they find the PMO’s portfolio intelligence genuinely useful, the governance function is working. When the PMO’s involvement is limited to scheduled reporting cycles, the governance function is performing activities that are not producing the decision support value they were designed to create.

Interpreting Your Results — Priority Investment Areas

Predominantly Red in Domain 2 (Capacity): This is the highest-priority governance gap in most organizations. Without capacity visibility, the portfolio cannot be governed for feasibility. Invest in building the capacity data infrastructure and governance processes before addressing other domains.

Predominantly Red in Domain 3 (Risk and Dependency): Risk governance that does not result in executive action is governance theater. The investment needed is typically not in risk tools or templates but in escalation path design and executive sponsorship for acting on escalated risks.

Predominantly Red in Domain 5 (Executive Decision Support): If the other four domains are reasonably functional but executive decision support is weak, the governance activities are not being synthesized into decision-relevant intelligence. The investment needed is in how governance outputs are packaged and presented — a shift from status reporting to portfolio intelligence.

Predominantly Yellow Across All Domains: Yellow ratings typically indicate that governance is happening informally and approximately but has not been formalized into reliable, repeatable processes. The investment needed is in governance infrastructure — documented processes, data standards, and governance cadence — rather than in new capabilities.

Predominantly Green Across All Domains: If your honest assessment produces predominantly Green ratings, your portfolio governance is functioning well. The governance question to ask is whether the quality of executive decisions and portfolio delivery performance reflects that governance capability — and if not, why the governance is not translating into outcomes.

The Quarterly Governance Health Review

Used as a quarterly assessment, this checklist provides a structured basis for tracking governance improvement over time. A practical quarterly governance health review process:

Week 1: Complete the checklist assessment. Rate each question. Identify the domains and specific questions with the most Red ratings.

Week 2: For each Red-rated question, identify the root cause — is it a data gap, a process gap, an authority gap, or an organizational condition gap (executive engagement, governance authority, business unit cooperation)?

Week 3: Prioritize the top three governance gaps by impact — which gaps, if closed, would most improve portfolio delivery performance and executive decision quality? Develop a specific improvement plan for each.

Week 4: Present the governance health assessment and improvement priorities to the PMO’s executive sponsor. Governance improvement investment requires executive understanding of the current state and executive support for the changes required.

Leadership Recommendations

1. Conduct this assessment honestly, not aspirationally. The value of the checklist depends on accurate self-assessment. Rate questions based on what the governance structure can actually do, not what it is designed to do or what it could do with additional preparation.

2. Use Red ratings as investment priorities, not performance criticism. Red ratings indicate governance gaps — structural absences in the governance capability that have organizational root causes. They are inputs to governance improvement planning, not performance indictments of the PMO team.

3. Share the assessment with your executive sponsor. The governance gaps most consequential for portfolio performance — capacity visibility, risk escalation authority, executive decision engagement — require executive understanding and support to address. The checklist assessment is a structured basis for that conversation.

4. Track ratings across quarters to measure governance improvement. A checklist rating that does not change over time, despite governance improvement investment, indicates that the investment is not addressing the root cause of the gap. Consistent tracking surfaces this disconnect before the investment is fully sunk.

5. Distinguish governance capability gaps from organizational condition gaps. Some Red ratings reflect PMO capability gaps — processes, data, or analytical capabilities the PMO needs to develop. Others reflect organizational condition gaps — executive engagement, governance authority, or business unit cooperation that the PMO depends on but cannot control. The remedies are different. Misattributing organizational condition gaps to PMO capability gaps produces improvement investment that does not close the gap.

Conclusion

Portfolio governance is not self-evidencing. A PMO can perform all of the visible activities of governance — status reviews, risk registers, steering committee meetings, portfolio dashboards — without those activities producing genuine governance value. The gap between governance as activity and governance as function is the gap between a PMO that documents the portfolio and a PMO that governs it.

This checklist is a structured tool for assessing which side of that gap your portfolio governance currently occupies — and for identifying the specific investments that would move it toward genuine governance capability. Used consistently and honestly, it surfaces governance weaknesses before they produce portfolio failures, and creates the accountability structure that governance improvement requires.

The goal is not a perfect checklist score. The goal is a portfolio that delivers what the organization has decided to prioritize, governed by a PMO that gives executive leadership the intelligence to make those portfolio decisions well.

Follow-On Reading

© Glen R Fullerton | Governance Intelligence Institute