SkarpSkarp

Chapter 4 of 20

Stakeholders, Governance, and Core Project Artifacts

Meet the people who can make or break your project and the governance structures and artifacts that keep everyone aligned. You’ll see how key registers and logs turn stakeholder and risk chaos into something you can actually manage and answer questions about confidently.

27 min readen

Where Stakeholders and Governance Fit in Your Project

Zooming In

Earlier you learned what a project is and how life cycles work. Now we zoom in on the people, rules, and documents that keep that project under control.

Three Big Ideas

We focus on: stakeholders (who cares and why), governance and decision rights (who decides what), and core artifacts like the stakeholder register, risk register, and project charter.

Exam Angle

CAPM scenarios often involve an upset stakeholder, a new risk, or a decision conflict. You must know definitions, what goes into each register, and how governance and escalation paths work.

Life Cycle Link

In predictive projects, governance and registers are defined early. In adaptive projects, they evolve but still need structure. Always ask: who are the stakeholders and which artifact should capture this?

Stakeholders: The Official Definition and Why It Matters

PMI Stakeholder Definition

You must know this exactly: a stakeholder is "An individual, group, or organization who may affect, be affected by, or perceive itself to be affected by a decision, activity, or outcome of a project, program, or portfolio."

Broad Scope

Stakeholders can be internal or external, individuals, groups, or whole organizations, and the definition applies to projects, programs, and portfolios.

Perception Counts

If someone perceives themselves to be affected, they are a stakeholder, even if you think the impact is small, like a nearby community group worried about noise.

Two-Way Influence

Stakeholders can affect the project and be affected by it. The team, sponsor, managers, suppliers, regulators, customers, and users all count as stakeholders.

Practical Implication

Early in any project, you identify stakeholders systematically and keep the list updated as new people and groups appear.

The Stakeholder Register: Your People Map

What Is the Stakeholder Register?

It is a living document that captures key information about each stakeholder so you can plan and manage engagement throughout the project.

Basic Identification

Include name, role, organization, contact details, and whether they are internal or external, an individual or a group.

Classification

Record power/interest or power/influence levels, their support (supporter, neutral, resistant), and sometimes impact or urgency ratings.

Expectations and Interests

Document what each stakeholder cares about: schedule, cost, quality, compliance, user experience, plus any specific requirements or constraints.

Engagement Needs

Capture preferred channels and frequency, language or time zone needs, and key messages to emphasize with that stakeholder.

Exam Link

When a new stakeholder appears or attitudes shift, the next step is often to update the stakeholder register and adjust your engagement or communication plans.

Example: Building a Simple Stakeholder Register

Scenario: New LMS Project

You manage a project to roll out a new learning management system. Stakeholders include the Vice Provost (sponsor), students, instructors, IT, a vendor, and compliance offices.

Sponsor Entry

Vice Provost: internal individual, high power and interest, strong supporter. Cares about on-time, on-budget launch with minimal disruption. Engaged via monthly steering meetings and weekly emails.

Students Entry

Students: internal group, medium power, high interest, mixed support. Care about usability, mobile access, reliability. Engaged via beta tests, surveys, tutorials, and social media updates.

Data Protection Office Entry

Data Protection Office: internal group, high power, medium-high interest, conditional support. Cares about GDPR compliance and data residency. Engaged via early design review and formal sign-off.

Exam Signal

If a powerful stakeholder like the Data Protection Office appears late in a scenario, it often signals incomplete stakeholder identification or an outdated stakeholder register.

Risk Register: Turning Uncertainty into a Managed List

What Is the Risk Register?

It is the main document that stores identified risks and key information about them, covering both threats (negative) and opportunities (positive).

Describing Risks

Each risk has an ID and a clear statement, often in cause–risk–effect format, explaining what might happen and why it matters.

Categories and Ratings

Risks are grouped into categories like technical, schedule, cost, or legal, and rated for probability and impact, sometimes combined into a risk score.

Risk Owner and Responses

Assign a risk owner to monitor each risk. Record the response strategy and actions, such as mitigate, avoid, transfer, accept, exploit, or enhance.

Exam Link

When new risks are found in a scenario, the next step is usually to update the risk register and then adjust your plans if needed, especially in planning-heavy predictive projects.

Example: Risk Register Entries for the LMS Project

Risk R-01: Vendor Delay

Vendor has limited experience with the legacy database, so integration may take longer and delay go-live. Medium probability, high impact, owned by the technical lead, response is to mitigate.

Risk R-02: Student Champions

If student ambassadors are recruited early, adoption could rise and support calls fall. High probability, medium impact, owned by the change manager, response is to enhance this opportunity.

Risk R-03: GDPR Non-Compliance

Some features store personal data outside the EU, risking GDPR issues. Low probability but very high impact, owned by the compliance officer, response is to avoid by disabling features and ensuring data residency.

Exam Point

Notice that both threats and opportunities appear in the risk register. The exam may test whether you remember that opportunities belong there too.

Project Governance, Decision Rights, and Escalation Paths

What Is Project Governance?

Project governance is the framework for how decisions are made, who has authority, and how issues are escalated, aligned with the wider organization.

Decision Rights

Governance clarifies who can approve the charter, scope or budget changes, and major design decisions, often via a change control board.

Roles and Responsibilities

It defines how the sponsor, project manager, functional managers, and (in agile) the product owner share responsibility and accountability.

Governance Bodies

Steering committees, change control boards, and review boards are examples, each with specific decisions and meeting cadences.

Escalation Paths

When the team cannot resolve an issue, governance defines how to escalate it to the project manager, sponsor, or steering committee.

Exam Behavior

If a scenario describes a conflict beyond the project manager’s authority, the best answer usually follows the defined governance and escalation paths.

Project Charter and Core High-Level Artifacts

Role of the Project Charter

The charter formally authorizes the project and gives the project manager authority to use resources. It is issued by a sponsor or similar authority.

Charter Contents

It includes purpose and objectives, key stakeholders, high-level requirements and risks, major milestones and budget, and the project manager’s authority.

High-Level Governance in the Charter

The charter may outline who approves changes, key decision bodies, and whether the approach is predictive, adaptive, or hybrid.

Related Artifacts

The business case justifies the project. The project management plan later integrates detailed scope, schedule, cost, risk, and stakeholder engagement plans.

Charter vs. Registers

The charter lists major stakeholders and big risks at a high level. The stakeholder and risk registers hold detailed, evolving information during planning and execution.

Thought Exercise: Mapping a Scenario to Artifacts

Work through this scenario and decide which artifact(s) each piece of information belongs in.

Scenario: You are kicking off a project to implement a new mobile banking app.

You know:

  • The CEO is the sponsor and wants the app live before year-end to stay ahead of competitors.
  • The head of Compliance insists that all features must comply with current financial regulations and GDPR.
  • You have identified 15 distinct stakeholder groups, including marketing, IT security, customer support, and external regulators.
  • There is a significant risk that third-party identity verification services may be overloaded during peak hours, causing login failures.
  • The organization uses a formal change control board (CCB) for any scope or budget changes over a certain threshold.

Your task (mentally or in notes): For each bullet, decide which artifact is the best primary home:

  1. CEO as sponsor and high-level deadline.
  2. Compliance requirements and regulatory constraints.
  3. List of 15 stakeholder groups and their interests.
  4. Risk about identity verification service overload.
  5. Existence and authority of the CCB.

Then check yourself:

  • Items like (1) and the overall deadline belong in the project charter.
  • (2) appears at a high level in the charter and in more detail in requirements documentation and compliance sections of plans.
  • (3) is captured in detail in the stakeholder register.
  • (4) is recorded in the risk register.
  • (5) is part of governance, usually summarized in the charter and detailed in the project management plan (change control process).

Quiz 1: Stakeholders and Registers

Test your understanding of stakeholders and the stakeholder register.

A new community group complains that your construction project will increase traffic in their neighborhood. They were not on your original stakeholder list. According to PMI's definition, how should you treat this group?

  1. They are not stakeholders because they are not part of your organization.
  2. They are stakeholders only if the sponsor agrees to add them.
  3. They are stakeholders because they perceive themselves to be affected by the project.
  4. They are not stakeholders because they do not fund or use the project deliverables.
Show Answer

Answer: C) They are stakeholders because they perceive themselves to be affected by the project.

PMI defines a stakeholder as an individual, group, or organization who may affect, be affected by, or perceive itself to be affected by a decision, activity, or outcome of a project, program, or portfolio. Because the community group perceives itself to be affected, they are stakeholders and should be added to the stakeholder register.

Quiz 2: Governance and Risk

Test your understanding of governance, decision rights, and the risk register.

During execution, your team identifies a high-impact risk that was not previously documented. What is the BEST next action for the project manager?

  1. Immediately change the schedule to add more buffer without consulting anyone.
  2. Document the risk in the risk register and initiate appropriate risk analysis and response planning.
  3. Escalate the risk directly to the CEO, bypassing established governance bodies.
  4. Ignore the risk until it actually happens to avoid unnecessary panic.
Show Answer

Answer: B) Document the risk in the risk register and initiate appropriate risk analysis and response planning.

Newly identified risks should be documented in the risk register, then analyzed and addressed through appropriate response planning. Unilateral schedule changes or bypassing governance are not aligned with proper project management practice, and ignoring the risk violates proactive risk management.

Key Term Flashcards: Stakeholders, Governance, and Artifacts

Use these flashcards to reinforce key terms from this module.

Stakeholder (PMI definition)
An individual, group, or organization who may affect, be affected by, or perceive itself to be affected by a decision, activity, or outcome of a project, program, or portfolio.
Stakeholder register
A living document that identifies stakeholders and captures information such as their roles, interests, influence, support level, and engagement and communication needs to support stakeholder engagement.
Risk register
The primary document used to record identified risks (threats and opportunities), including descriptions, categories, probability and impact, risk owners, and planned responses and status.
Project governance
The framework that defines how project decisions are made, who has authority, what governance bodies exist (such as steering committees or change control boards), and how issues and decisions are escalated.
Decision rights
Explicit agreements about who has the authority to make specific types of decisions on the project, such as approving scope changes, budget adjustments, or major design choices.
Escalation path
The predefined route for raising issues or decisions that cannot be resolved at the current level, typically moving from the team to the project manager, sponsor, and governance bodies.
Project charter
The document that formally authorizes the project, names the project manager, and provides high-level information such as objectives, key stakeholders, major risks, summary budget and milestones, and high-level governance.
Business case
A document that justifies the project in terms of expected benefits, costs, and risks, explaining why the organization should invest in the project.
Change control board (CCB)
A formal group of stakeholders with the authority to review, approve, defer, or reject changes to the project baselines (especially scope, schedule, and cost).
Risk owner
The person responsible for monitoring a specific risk and ensuring that agreed response actions are carried out.

Pulling It Together: Mini Scenario Walkthrough

Apply everything from this module to a compressed scenario.

Scenario: You are the project manager for a hybrid project to upgrade your university's Wi‑Fi network.

During planning:

  • The sponsor signs the project charter, naming you as project manager and listing key stakeholders: IT director, facilities manager, student union president.
  • You create a stakeholder register with detailed entries for these and other groups (faculty, security, external contractors).
  • You also start a risk register, identifying threats (equipment delivery delays, exam-week outages) and opportunities (leveraging existing cabling to save cost).
  • Governance rules state that a change control board (CCB) must approve any change that impacts the go-live date or budget by more than 5%.

Later in execution:

  • A new stakeholder emerges: the accessibility office, concerned that new login portals might not meet accessibility standards.
  • A contractor warns that a key supplier might go out of business, potentially delaying access point deliveries.
  • The facilities manager and IT director disagree on whether to prioritize dorms or lecture halls.

Your mental checklist:

  1. New stakeholder: Add the accessibility office to the stakeholder register, capture their interests, and adjust your engagement and communication plans.
  2. New supplier risk: Add the risk to the risk register, analyze probability and impact, assign a risk owner, and plan a response (e.g., qualify a backup supplier).
  3. Priority conflict: Use the defined governance and escalation path. Try to facilitate agreement, but if they cannot agree, escalate to the sponsor or steering committee as defined, rather than deciding alone.

Pause and see if you can explain, in your own words, which artifact you would update first in each situation and why. This mirrors how CAPM scenario questions will expect you to think step by step.

Key Terms

risk owner
The person responsible for monitoring a specific risk and ensuring that agreed response actions are carried out.
stakeholder
An individual, group, or organization who may affect, be affected by, or perceive itself to be affected by a decision, activity, or outcome of a project, program, or portfolio.
business case
A document that justifies the project in terms of expected benefits, costs, and risks, explaining why the organization should invest in the project.
risk register
The primary document used to record identified risks (threats and opportunities), including descriptions, categories, probability and impact, risk owners, and planned responses and status.
decision rights
Explicit agreements about who has the authority to make specific types of decisions on the project.
escalation path
The predefined route for raising issues or decisions that cannot be resolved at the current level.
project charter
The document that formally authorizes the project, names the project manager, and provides high-level information such as objectives, key stakeholders, major risks, summary budget and milestones, and high-level governance.
project governance
The framework that defines how project decisions are made, who has authority, what governance bodies exist, and how issues and decisions are escalated.
stakeholder register
A living document that identifies stakeholders and captures information such as their roles, interests, influence, support level, and engagement and communication needs to support stakeholder engagement.
change control board (CCB)
A formal group of stakeholders with the authority to review, approve, defer, or reject changes to the project baselines.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself