There are growing pressures on businesses to improve delivery confidence throughout project and programme lifecycles and increase return on investment. Our programme assurance specialists explain the changes they’re seeing in approaches.  

Projects and programmes can touch or take place across all parts of an organisation; from the introduction of HR or payroll systems to enterprise and technology transformation programmes, and asset and infrastructure programmes – all involving organisational and behavioural change. Whatever your project or programme, getting a level of assurance that its designed well to enable effective change and implementation is critical.    

Technology and organisational change programmes are dominated by an agile, iterative approach, while asset and infrastructure programmes remain predominantly waterfall and sequential. The organisations, skillsets, and cultures that support them can often become polarised regardless, leading to a sub-optimal approach being taken that ultimately impacts on the success of the projects or programmes.

While agile and waterfall programmes both face the same inherent risks, the difference between them is the development process, including the frequency of delivery activities, the team structure, and organisation of the work. Therefore, how risks are mitigated and where assurance teams need to look for evidence changes.  

What's the difference between waterfall and agile projects and programmes? 

Waterfall programmes have sequential, progressive stage gates leading to a clearly defined outcome, while agile programmes are overtly iterative and the precise nature of how to deliver the required programme outcomes and benefits may be very uncertain at first. This changes the timing of management controls and assurance activities, as well as how they're executed, but it’s still the case that agile programmes should have logical, identifiable assurance points in their lifecycle.

Overall, both approaches bring strengths and weaknesses, and professionals should select the right techniques and methodologies that best suit the programme, the project environment, and the contracting parties – with an emphasis on the required behaviours, leadership, and governance. The selected approach should focus on creating the best opportunities for successful programme delivery, rather than being driven by familiarity or habit.   

Common pros and cons of agile and waterfall projects and programmes  

Pros Cons

Works well when the detailed requirements are unknown or subject to change 

Give flexibility to 'course correct'

Needs regular stakeholder feedback

The team is co-located, multi-functional and enables to work in a collaborative way

Early return on investment by regular delivery 

No advantage for projects where the scope and detailed requirements are well understood and change can be controlled

Uncertainty around scope and schedules can make stakeholders nervous

Less effective if the 'team' is distributed

Demands management and prioritisation of the backlog


Pros Cons

Works best when there are defined requirements

Best for stable environment

The team is distributed and hence control can be managed by defined deliverables. milestones and dependencies

Best if scarce skills or resources have limited availability

Plans are repeatable for similar projects 

Requires investment to define scope and schedule before work begins Scope changes can be slow and the adverse impact increases over the life cycle

 Risk of nothing to show for the money until the end

Change adds effort and risk, so a strict change control process must be in place to avoid 'scope creep'



Agile programme risks  

Over the years we’ve observed an ongoing switch to agile project delivery particularly in enterprise transformation, technology enabled, and organisational change projects.  

Therefore, assurance requirements are changing where old methods no longer suffice when it comes to agile. Is it chaos theory or good practice? A common misconception is the belief that agile programmes are somehow chaotic 'free-for-alls', that lack any type of rigour or formal processes – something that's guaranteed to make them riskier and a challenge to assure. That's not the case. It's how the risks are addressed and mitigated that's important.      

Agile programmes typically move quicker, therefore risks can come to fruition sooner, and programmes can quickly go off the rails. Assurance needs to be woven through the fabric of the programme as a constant feature, that everyone understands and responds to. Being aware of this enables organisations to effectively set up processes and governance structures at the outset that support appropriate programme-planning and implementation.      

In the following short video you can find out how assurance adapts to agile project and programme delivery, including a recent example of a successful system implementation.

The video is playing. This video is playing in mini-player mode.

Financial risks  

The potential financial consequences and lack of return on investment are huge from failed, delayed, or over-expensed projects. Whether the project is mature or is just setting up, leaders need to be educated and equipped to keep up with changing stakeholder needs and financial pressures during the project life cycle. Where the current volatile financial scene looks at every penny spent, productivity, efficiency, and performance are key for large-scale spending. Getting it done right, therefore, is ever more important.  

Failure to manage risk correctly can also lead projects to falter. Governance and oversight accountability issues, skills gaps in leaders for meeting the changing needs of projects, lack of consistency in controls, and insufficient consideration of the bigger picture of the lifecycle are all issues that need to be identified and managed in order to avoid potential financial consequences.

Obtaining effective assurance

Regardless of the programme delivery approach, timely assurance will help both the programme and its stakeholders to understand and manage the best path to deliver success. Assurance should be integral to the whole programme lifecycle. The programme should have its own assurance process, eg, oversight by the programme office, management reporting, and governance oversight. You need more than just end-of-project assurance to validate successful delivery. Getting assurance throughout the delivery lifecycle and at key decision points helps the organisation manage risks within risk appetite and enable benefit realisation from the programme outcomes.

As with any initiative, it's essential to establish a clear assurance approach. This involves identifying the different providers responsible for delivering assurance activities. The provision of assurance should be coordinated with areas of risk or potential risk for the programme, and should also consider how assurance contributes to governance and adjusts to the evolving risk profile throughout the programme's lifecycle. 

Assurance is normally provided within the programme itself (first line), and by specialists or peers elsewhere in the organisation, eg, legal, technical, content and design, but who aren't part of the programme’s activities or structure (second line). These two lines can sometimes be merged or blended to suit the individual circumstances.

Programme sponsors should also plan for additional, independent (third line) assurance, or seek to leverage a similar external independent approach into line two. This is particularly important if the agile delivery is an integral part of a wider change. While working in an agile way typically incorporates a level of assurance into the programme’s development iterations, experts who aren't directly involved may spot things that people in the team or the wider organisation are less likely to see, and may bring in valuable experience from similar initiatives.

Generative AI (GenAI) can be a vital tool for addressing emerging challenges and driving innovation across industries. This includes providing assurance and identifying potential future issues that can be mitigated through analysing indicators across a portfolio. Together with broader automation and digital strategies, the aim is to reduce the costs and time involved in assurance. This is an evolving area necessitating a different skillset from the assurer beyond their existing experience and the capacity to contextualise risks.

Case study: providing real-time assurance through collaboration

A large retailer undergoing a major transformation programme required robust assurance  

 We worked collaboratively with the in-house internal audit team to deliver assurance activities, including the transformation assurance plan. Seconding a director into the audit team provided a lead across all transformation work, contributing insight to planning, and delivering audits using innovative approaches and real-time auditing.  

We also undertook programme governance health checks, work-stream deep-dive audits, and stage-gate reviews. Specific deep-dive audit topics included: access and security testing, release management, data migration, stage-gate reviews, pre-user acceptance testing (UAT), UAT execution, and stage-gate UAT exit.   

Management benefited from the perspective and challenge of our ‘heartbeat’ approach, where we provided real-time assurance to the business – facilitated through programme and change boards, process design workshops, and design authority meetings.  

Our transformation and audit specialists also devised and facilitated a training day on delivering audits within a transformation environment, in particular those programmes which use an agile methodology. This included relevant case studies, group activities, and takeaway materials.

The outlook    

Responding to these risks, seizing opportunities to improve efficiency and ROI, addressing regulations, and meeting changing stakeholders’ expectations are just some of the reasons why tailoring programme assurance to your delivery method improves effectiveness.

Read more about our Project, programme, and portfolio assurance service →