Creating a Compliance Matrix for Your Project

May 21, 2020 Product Development, Project Management

A Tutorial to Ensure You Meet Your Customer’s Needs and Don’t Forget the Details

You’re about to wrap up a big project. You are proud of the work you’ve done, and you believe you covered everything the customer asked. Afterall, you spent a lot of time on it and you’re pretty sure the customer will be happy with it. But how do you know you covered everything; how do you prove it? Are you truly confident that the result of your hard work fully meets your customer’s expectations? What happens if you missed something?

Unfortunately, just because you worked hard on something and you’re proud of the outcome doesn’t mean you’ve fulfilled your obligations. So, what can you do to ensure you’ve completed the job? The answer is a simple, yet effective project management tool known as a compliance matrix.

What is a Compliance Matrix?

A compliance matrix is a tool to help you identify, track, monitor and organize all your customer or stakeholder requirements. Further, it is intended to help project managers and business leaders verify they have completely satisfied complex work scopes. In addition, the tool can assist you in identifying project risks where you may need to spend more time.

Moreover, by having a line by line body of evidence that demonstrates how you’ve fulfilled a contract or work scope, you can also reduce or avoid customer disputes over the details down the road. Below is an overview of a compliance matrix.

When done correctly, the compliance matrix eventually becomes a standalone artifact that serves as your proof of meeting the customer’s expectations. Ultimately, the bigger the project, the more powerful the tool becomes.

Who Benefits from a Compliance Matrix and When Are They Necessary?

Generally speaking, everyone benefits from using a compliance matrix – the project team, the organization, the customer. Activities like writing proposals, doing contract work for a customer and developing new products can all be enhanced by using this tool.

Here are just some examples of how a compliance matrix can benefit your small business:

Proposal managers can use a compliance matrix to ensure their proposal satisfies the requirements of the RFP.
Program managers can use this tool to illustrate how they’ve met their customer’s obligations.
Product developers can use a compliance matrix to verify all technical aspects of the product are met and discrepancies are negotiated away.
Lab managers can ensure they’ve setup their test conditions correctly by using a compliance matrix.
The Project team can verify all details have been addressed.
By sharing a compliance matrix with your customer at the end of the project, the client can be reassured that you have met their initial expectations.

Some Quick Definitions for Making a Project Compliance Matrix

A compliance matrix builds a line by line record of your customer’s or stakeholder’s requirements, with a corresponding statement for how you satisfy each item. Before we get to the detailed steps for creating one, let’s go through a few definitions to make it easier.

For each customer requirement or request, you will assign a rating as follows:

Compliant – You fully satisfy the requirement.

Non-Compliant – You do not or cannot meet the requirement.

Intend to Comply – You do not meet the requirement currently but have a plan to become compliant.

Partially Compliant – You comply in some areas, but not others.

Heading / Information – (Optional) For non-requirements, such as a section title.

Although traditionally a compliance matrix would simply use ‘compliant’ or ‘non-compliant’ rating, the other three classifications can offer useful context to your project, depending on the nature of your business.

How Do I Create a Compliance Matrix?

Now that that we’ve reviewed the definitions, let’s get into the details. A compliance matrix is not difficult to create, and you can customize it as you wish.

You can get a free downloadable guide to create your own compliance matrix by clicking the green arrow below.

Making A Compliance Matrix
Building-a-Compliance-Matrix.pdf
Version: V1

508.6 KiB
3713 Downloads
Details

1. Create a Header

It’s always good practice to treat the compliance matrix as a formal document and give it a header for communication purposes. For a compliance matrix, here are some good examples of the type of information you may want to include as part of the header:

Project Title – Identify the Project.
Customer / Stakeholder – Identify the Customer or Stakeholder.
Reference Document – Identify the document number which is used to create the matrix. For instance, this could be a customer specification number or a Statement of Work (SOW) number.
Project Kickoff Date – List the date the project started or is expected to start.
Project Estimated Completion Date – List the estimated completion date.
Total Number of Requirements – List the total number of requirements in the document or customer request.
Number (%) Compliant – Quantify the total number of compliant items and the % of the total.
Number (%) Non-Compliant – Quantify the total number of non-compliant items and the % of the total.
Number (%) Intend to Comply – Quantify the total number of intend to comply items and the % of the total.
Number (%) Partial Compliant – Quantify the total number of partially compliant items and the % of the total.
Date of Last Evaluation – Identify the date the requirement compliance matrix was reviewed or updated.

Below is an example of what this header might look like.

Basic information such as this helps project leaders communicate key details to customers, stakeholders and the project team itself. Certainly, while at the beginning of the project the number of compliant items may be low, as you work through the project details over time, your compliance status should increase and eventually reach 100%.

2. Establish Unique Identifiers

Next, establish a numbering scheme that can give each line item or requirement its own identification tag.

Creation of identifiers is up to you; however, whatever method you choose should help you to organize, track, and reference customer requirements in communications within the organization as well as with your customer:

Some ways to create a unique identifier for each requirement include:

Numerical Order – 1, 2, 3, etc.
Internal Reference Number – 12345-01, 12345-02, 12345-03, etc. for your contract number 12345.
Document ID – For a Statement of Work (SOW) use SOW-01, SOW-02, SOW-03, etc.
Document # – For Customer Document Number GP19401, use GP19401-01, GP19401-02, etc.

Finally, a word of caution. It is tempting to use the customer paragraph reference, such as:

However, if the customer’s document is revised over time, this reference number may be eliminated, changed or reused, making the compliance matrix difficult to manage. Thus, creating your own unique identification system will permanently connect your compliance matrix to that specific requirement.

3. List Each Requirement

In the next column, add the individual requirements and line items. List one requirement per unique identifier.

For instance, for SOW item 14:

By listing your individual requirements, you can search, sort, filter, and organize the requirements as needed.

4. Compliance Status

Next, classify where you stand with respect to each requirement. Using the definitions we reviewed earlier, assign a compliance status for each requirement at that point in time – compliant, non-compliant, etc.

Pro Tip: Challenge yourself and be critical of your selections to ensure you have truly satisfied the customer’s expectation. Are you sure you’re compliant? How might the client’s interpretation differ, or how might the customer challenge you on this rating?

5. Define Current Risk of Each Requirement

At the specific point in time of your compliance matrix review, identify the level of risk you foresee in meeting each work scope item. Here are some basic definitions and guidance for assigning risk to each customer requirement:

Low Risk – Naturally, anything to which you’re already fully compliant could be considered low risk. Additionally, items which you are confident you can meet, or that do not present any issues for you could also be considered low risk.

Medium Risk – For those requirements to which you are currently partially compliant (or intend to comply) but have work to do to become fully compliant, you may want to classify these each as medium risks. While you feel the requirement can be met, any uncertainty also means there is no guarantee you’ll be able to meet it.

High Risk – Requirements where you are not compliant, and you have concern in your ability to meet the customer’s expectation should be classified as high risk.

Classifying the risk of each requirement helps prioritize your focus on areas of risk and can provide additional context to the program’s status.

6. Verification / Justification of Compliance

Perhaps more important than whether you’re compliant to a customer requirement is how you justify and back-up your ‘compliant’ ratings.

Again, at the end of the project, the compliance matrix will become a standalone artifact that demonstrates how you have fulfilled every line of the work scope. It’s really about creating a cross reference between the customer’s request and your proof.

Therefore, as you classify each item as ‘compliant,’ include a statement or reference an artifact as evidence.

You may wish to:

Reference the number of a report containing the underlying evidence.
- Example: “See Report R237-291”
Identify a customer memo accepting the work you’ve already done.
- Example: “See Project Memo #47 for Agreement”
Include a definitive statement that the client will see and can accept.
- Example: “Product weight is 72.38 lbs., less than 75.00 lbs. requirement.”

The evidence is as much to illustrate you’ve completed the job per specifications as well as it is to protect your client and give them assurances you did what they asked.

7. Actions

The last main component to making a compliance matrix for a project is to include a column for actions.

Generally, for areas where you are compliant to a requirement, there should be no further action required.

However, if your current status is anything but fully satisfactory to a customer’s request, then there should be actions you list indicating the steps you need to take to get there.

Finally, if you are not compliant and do not intend to become compliant (for whatever reason), the corresponding actions should indicate how you will remove, revise, or update the requirement.

This is often the case if:

The requirement is impossible to satisfy.
You are unable to meet the requirement as written.
The requirement is obsolete, invalid, or otherwise no longer applicable (scope has changed).

Typically, any areas where you cannot meet a requirement should entail negotiating with the client in order to take the necessary steps.

Managing Your Compliance Matrix Over Time

As we’ve stated, the percent of compliant items will be low at the beginning of the project – you just started!

Further, over time, things will change. Decisions will be made – by you or the customer – that either add, remove or change requirements.

Finally, you will work through the project or activity and complete, meet, or comply with each item.

To effectively manage your compliance matrix over time:

Regularly review the compliance matrix for its accuracy.
Never re-use or renumber unique identifiers. For new items, create a new identifier. For removed items, leave the identifier in the matrix and simply say ‘Removed’ or ‘Deleted:’

Regularly review the compliance with the project team to discuss issues or concerns.
Review the compliance matrix with the customer or stakeholder to address any specific issues.

Over time, as you work on the project and revisit the compliance status will increase as you march towards project closure.

Final Tips for Creating a Compliance Matrix

Finally, here are a few additional tips for creating and managing your compliance matrix.

Have a dedicated person manage your requirements – Depending on the size and scale of the project, consider having a dedicated individual managing and monitoring requirements status. The added focus he or she will have will ensure consistency in how you determine and measure compliance status.

Create a unique compliance matrix per customer document – Many projects come with several customer documents or related RFP items. To keep it as clean and manageable as possible, create one compliance matrix for each customer document.

Send it to client, whether they ask for it or not – Some customers may ask for it, some will not. Regardless, publishing your compliance matrix (especially at the end of the project) helps protect you should the client take issue with a particular aspect of the work you’ve done.

Incorporate all lines of a customer document into your compliance matrix – For purposes of completeness, include the headings and titles. While these do not contain specific requirements themselves, designating them simply as ‘Heading/Information’ under the Compliance Status column ensures all lines of the document have been reviewed, leaving no stone unturned.

Graphically present compliance status versus time – Create a graph representing the percentage of ‘compliant’ items over time. A graphical representation showing how your level of compliance increases over time is an excellent reporting tool, internally and externally. And, if you’re nearing project completion, but you are only 60% compliant to the customer’s work scope, something is amiss.

Here are four examples of how you might want to illustrate % Compliance versus time. You may also wish to include the % of Non-Compliant, % Intend to Comply and % Partial Compliant to give added context to the visual.

Ways to illustrate project progress over time

Making and Managing a Project Compliance Matrix

A compliance matrix is incredibly useful and powerful tool that organizes large amounts information and builds a body of evidence to demonstrate how you have fulfilled a customer’s request. By tracking and monitoring where you stand with respect to every line item of your customer contract in such a robust way, you can protect both yourself and the client. A compliance matrix is something you can easily incorporate into your project management tool box for your small business.