MJ21 NCCP Slide

NCCP (Jun ‘21 – Q1a)
The executive board has become concerned at negative coverage about NCCP in the local
press, as well as feedback from staff and volunteers expressing concern about the direction
the charity is taking. It is therefore seeking advice from you as to the most appropriate way
forward.
Prepare a report for presentation to the board which:
Assesses NCCP’s internal and external stakeholders and recommends appropriate ways of
managing them. (16 marks)
Professional skills marks are available for demonstrating analysis skills in carefully
considering how different stakeholders can be appropriately managed. (4 marks)
The executive board has become concerned at negative coverage about NCCP in the local
press, as well as feedback from staff and volunteers expressing concern about the direction
the charity is taking. It is therefore seeking advice from you as to the most appropriate way
forward.
Useful model: Mendelow matrix
Prepare a report for presentation to the board which:
Assesses NCCP’s internal and external stakeholders and recommends appropriate ways of
managing them. (16 marks)
Professional skills marks are available for demonstrating analysis skills in carefully
considering how different stakeholders can be appropriately managed. (4 marks)
• Up to 2 marks per well explained point which assesses internal and external
stakeholders.
• Up to 2 marks per well explained point which recommends how a relevant stakeholder
should be managed.
• Answer structure:
o Identify the stakeholder (any 4 will suffice)
o Assess interest with justification 2 marks
o Assess power with justification
o Position in the matrix (ME/KI/KS/KP?)
2 marks
o Recommend how to manage expectation
Points could include, but are not restricted to (up to a maximum of 16 marks in total):
• Paid staff/unpaid volunteers: high interest, low power individually but higher power
collectively
• Keep informed of changes - consult on negotiable matters to retain sense of
ownership/participation
• Corporate donors: high power, lower interest but increasing in the light of media
reports
• Keep satisfied by demonstrating good corporate governance
• Ceeville Council: high interest, high power - controls 31% of funding - asking for
further information to validate funding
• Key player – ensure NCCP strategy consistent with their requirements
• Board of trustees - high interest and high power – by virtue of their position
• Key player – ensure strategy is consistent with NCCP’s mission
• Course participants: high interest, low power
• Keep informed of new courses - also consult collectively to ascertain impact of
new/future courses
• Wider community - low power, low/medium interest
• Keep informed of NCCP’s developments, especially because of negative media
Paid employees and unpaid volunteers high interest, low power – keep informed
• High interest because paid staff rely on NCCP for salaries and unpaid volunteers show
commitment to NCCP by working unpaid – survey - 82% respondents expecting to be
working at NCCP in one year’s time – so, interest likely to continue.
• Survey results: both group and individual power reduced over last year – need
manager’s permission to make decisions - however, strong team culture - individuals
working effectively together - increases collective power, especially when small number
of staff (12).
• Keep employees and volunteers informed of future plans - particularly important to
explain and sell strategy to launch new art courses - at odds with staff’s current
understanding of NCCP’s mission - where possible, consult to ensure they retain sense of
involvement and participation.
Donors low interest, high power – keep satisfied
• Corporate donors - high power – average, each donation represents 3·5% of NCCP’s total
income - levels of interest - may vary – have some sort of personal link to NCCP but,
because of media reports, taking a keener interest in how their donations being used.
• Keep corporate donors satisfied by demonstrating good corporate governance and if

possible increase disclosure.
high interest, low power – keep informed
• Personal donors - high interest - made a personal choice to donate - however, average
personal donation: $24 - not significant - total value of all personal donations over a year
is less than one average corporate donation.
• Should still be kept informed about NCCP’s future direction – given less priority vs
corporate donors
Ceeville Council (CC) high interest, high power – key player
• Provides 31% of NCCP’s funding - faced with its own budgetary restrictions, taking a
much closer interest in how recipients of its funding behave.
• Engage with closely - comply with any funding requirements, even if CC do not see it as a
priority – e.g. run Business Skills courses to secure funding, even though they require
high subsidy and not well attended.
Board of trustees high interest, high power – key player
• Set up by Richard Tempest to oversee executive board - therefore has high power and
high interest in the way NCCP is run.
• Executive board must demonstrate good corporate governance and show how its actions
support NCCP’s mission and objectives.
Course participants high interest, low power – keep informed
• High level of interest in NCCP’s current and future course offerings - low power
individually to influence NCCP’s behaviour.
• Although no need to meet every expectation, sensible to seek feedback to ascertain
what courses may/may not be in demand in future.
The North Ceeville community low interest, low power – minimal effort / keep informed
• Community members who do not fall into above categories - low power to influence
NCCP’s behaviour - not currently involved with charity – so, relatively low interest.
• Minimal effort sufficient – however, because of recent media coverage – more
appropriate to keep them informed about NCCP’s plans in order to protect NCCP’s brand.
NCCP (Jun ‘21 – Q1b)
Critically assesses NCCP’S sources of competitive advantage. (10 marks)
Professional skills marks are available for demonstrating evaluation skills in assessing
NCCP’s most important sources of competitive advantage. (4 marks)
Answer structure:
• Identify and explain NCCP’s sources of competitive advantage – that is, how do they
derive competitive advantage?
• Critically assess - what are the issues with those sources of competitive advantage?
• Up to 2 marks per well explained point which critically assesses NCCP’s sources of
competitive advantage.
• Points could include, but are not restricted to: • Pick any 5 points
o Heavy subsidy on courses to make them affordable but may be used by those who do
not need it, leaving those in need to go without
o Council funding not a source of CA but corporate donations might be
o High social reputation but undermined by recent news reports
o Staff motivation - source of competitive advantage, but falling
o Most courses hosted by freelancers, so no source of competitive advantage
o Risk of getting ‘stuck in the middle’ – neither cost not differentiation advantages.
• NCCP’s courses - heavily subsidised – objective: make education affordable for those who
would don’t have opportunity - however, pricing structure same for all – so, risk that
those who can afford benefit from subsidy to detriment of those who cannot.
• NCCP - reliant on Council funding and corporate donations to subsidise courses - funding
not exclusive to NCCP – in fact, more stringent compliance criteria means NCCP may fall
behind – however, corporate donations rely on long-standing relationships - nurtured
over many years - source of competitive advantage.
• NCCP - ‘well-respected’ for its good value courses and social environment – this
reputation would have been a source of competitive advantage – however, undermined
by recent news reports because of Mr. Allen’s plans for premium courses aimed at more
affluent members of community and associated negative publicity.
• NCCP - service organisation - reliant on its employees / volunteers to provide good
service – experienced / motivated staff - key source of competitive advantage - according
to Ceeville Echo, NCCP ‘used to be well-respected’ - implication that no longer the case.
• Reinforced by staff survey - 31% no longer happy working at NCCP – a year ago, was nil -
fall in happiness likely to undermine service quality – erodes competitive advantage,
although 78% of respondents still believe they work effectively (84% 1 year ago).
• All this suggests that levels of service not totally fallen yet but, if staff issues not
addressed, could become more of a problem.
• Most educational organisations - seek to differentiate based on quality of courses -

however, most of NCCP’s courses run by freelancers – may also be available to any other
educational provider – not unique.
• Overall, risk of getting ‘stuck in the middle’ - ability to secure significant funding (through
Richard Tempest or CC) reducing - nothing to indicate NCCP able to add value through
efficient processes (cost leadership).
• Possible to add value through enhanced social relationships (differentiation) which

retain existing participants and attracts new ones - however, disruption caused by new
CEO risks alienating existing participants – have to re-build social benefits from scratch.
The new CEO is concerned that the executive board is not being sufficiently pro-active in
managing risk and implementing controls and is therefore neglecting its duty towards
NCCP’s stakeholders. He had put risk management at the top of the agenda for the next
executive board meeting and has asked you to help him prepare for the meeting.
Prepare briefing notes for the CEO to share with the board which:
Evaluate the executive board’s approach to risk management and recommend how it
could be improved. (12 marks)
Professional skills marks are available for demonstrating communication skills in adopting
an appropriate tone which is easily understood by board members. (3 marks)
The new CEO is concerned that the executive board is not being sufficiently pro-active in
managing risk and implementing controls and is therefore neglecting its duty towards
NCCP’s stakeholders. He had put risk management at the top of the agenda for the next
executive board meeting and has asked you to help him prepare for the meeting.
Prepare briefing notes for the CEO to share with the board which:
Evaluate the executive board’s approach to risk management and recommend how it
could be improved. (12 marks)
Professional skills marks are available for demonstrating communication skills in adopting
an appropriate tone which is easily understood by board members. (3 marks)
• Evaluate the weaknesses in the board’s approach to risk management and recommend
improvements to their approach.
• Up to 2 marks for each relevant point evaluating the board’s approach to risk
management (maximum 6 marks).
• Points could include, but are not restricted to: • Pick any 3 points
o Do not see RM as strategically important – only operational risks considered in an
unstructured and reactive manner
o One-off project - gap between reviews too long (‘some point in the future’)
o No attempt to assess P & I / prioritise – so cannot plan appropriate risk actions
o Two-week deadline – 150 risks – between 4 board members – impractical - may result
in unnecessary haste
o No risk monitoring – crucial because risks are not static
o Wrong to assume small charities unlikely to be target for cyberattacks
• Up to 2 marks for each relevant point recommending how the approach to risk
management could be improved (maximum 6 marks).
• Points could include, but not restricted to: • Pick any 3 points
o Add columns to risk register which record likelihood and impact
o Add column to risk register to identify when risk will be reviewed
o Include review of risk register at executive board meetings
o Communicate risk management policy to staff and volunteers
o Promote strong risk awareness culture.
Evaluation of current risk management process
• Board reluctant to be involved in risk management – instead operational staff expected

to manage risks as they arise – unstructured approach promoting reactive culture -
strategic risks threatening going concern of NCCP unlikely to be identified and managed.
• Thorough risk identification exercise - lasted full day - involved relevant operational staff
- but, thoroughness undermined because exercise treated as one-off project - suggestion
that exercise will be repeated ‘at some point in the future’ too vague - unacceptable.
• Identified large number of risks, but no attempt to assess them – without assessment,
cannot prioritise most important risks and plan appropriate risk actions, especially when
list runs to 150 items - executive board cannot address most serious/urgent risks first.
• Sharing 150 risks between four executive members challenging - compounded by two-
week deadline to identify and implement appropriate action - in an attempt to meet
deadline, directors may not effectively consider/implement full range of risk actions.
• Even if actions sufficient, risks not static – can change without warning - historically, CC’s
criteria have changed annually - trend expected to continue - highly unlikely board’s
actions identified in current register would be sufficient to deal with changing risk.
• Wrong and dangerous to assume that small charity like NCCP unlikely to be a victim of a
cyberattack – will promote a lax attitude / culture towards cybersecurity – no one will
take cyberattacks or security seriously – makes NCCP vulnerable to cyberattacks.
Actions to improve risk management process
• Risk identification should be permanent, on-going activity – also, need to estimate

likelihood and impact of each risk identified – so, add risk assessment to register by
adding ‘likelihood’ and ‘impact’ columns.
• Add another column to identify when risk should be reviewed - constant risks (e.g. fire
can be reviewed less regularly in line with H&S regulation - however, volatile risks (e.g.
cybersecurity) need to be reviewed more often.
• In order to ensure board meets corporate responsibilities, executive board to review risk
register monthly – give priority to risks due for review or have highest likelihood and
impact.
• Board should explain to staff / volunteers of ongoing nature of risk management and
encourage dialogue - allows risks to be identified and managed better – however, given
tension between CEO and some staff / volunteers, may be challenging to implement.
Identify the external stakeholders with an interest in NCCP’s internal controls and justify
why information on internal controls should be shared with them. (12 marks)
Professional marks are available for demonstrating communication skills in using compelling
and logical arguments to justify why information on internal controls should be shared
externally. (2 marks)
Identify the external stakeholders with an interest in NCCP’s internal controls and justify
why information on internal controls should be shared with them. (12 marks)
Professional marks are available for demonstrating communication skills in using compelling
and logical arguments to justify why information on internal controls should be shared
externally. • Focus on external stakeholders only (2 marks)
Answer structure:
• Identify external stakeholders – use Q1a answer
• Explain why NCCP must report to them about NCCP’s controls
• Up to 2 marks for each relevant point identifying relevant external stakeholders and
justifying why information on internal controls should be shared with them (max 12
marks).
• Points could include, but not restricted to:
o Government: legal requirement (e.g. H&S, GDPR)
o Ceeville Council: funding compliance
o Donor assurance: visibility of how donations are used
o Course participants: protection of personal data
o Local community: CSR benefits
Government departments
• Some controls in NCCP address safety and privacy issues - legally obligated to share
information about this with relevant authority – government bodies may demand
evidence of effective H&S or data protection controls - failure to comply may lead to
serious legal repercussions.
Ceeville Council
• NCCP reliant on CC for about 30% of annual income – therefore, executive board must
comply with any requests from CC for information about internal controls - may arise as
part of its conditions – although, no legal obligation to do so, failure highly likely to result
in funding being reduced/removed.
Donors
• Corporate / personal donations - another 30% of income - high profile cases of charities
misappropriating funds – so, increased interest in how donations managed - appropriate
for NCCP to share general information about how it makes effective use of donor funds.
Course participants
• Participants benefit from subsidised education - will be interested in controls
surrounding courses – e.g. may be concerned whether their personal data kept
confidential or sold to other organisations for their marketing purposes.
Local community
• NCCP - well-established – but has reputation to maintain in local community, among
non-participants or non-donors - appropriate to reinforce reputation by demonstrating
good stewardship on part of executive board – e.g. board may publish an annual risk
report as good practice or demonstrate good CSR.
The CEO is keen to implement his new, premium priced art course. However, in the light of
conflict with other stakeholders, he has asked you to provide an independent perspective
on his proposal.
Prepare an report for the CEO which:
Assesses the viability of the current range of courses offered by NCCP. (6 marks)
The CEO is keen to implement his new, premium priced art course. However, in the light of
conflict with other stakeholders, he has asked you to provide an independent perspective
on his proposal.
Prepare an report for the CEO which:
Assesses the viability of the current range of courses offered by NCCP. (6 marks)
• Up to 2 marks per point which assesses viability of NCCP’s current courses (maximum 6
marks).
• Points could include, but are not limited to:
o Overall number of bookings has increased for the past three years
o Computers for beginners - obsolete and increasingly unpopular
o Website design course - very popular
o New business skills course - meets Council’s needs but not those of the local
community. • Pick any 3 of the above
o Finding a job course - relatively stable • Do not forget to work the numbers
o Overall, no evidence of market research – must be undertaken.
Current course offerings
• Overall number of course bookings - risen for past two years (up 7·4% in 20X5) - suggests
NCCP effective in attracting participants - but, need to identify overall market size and
NCCP’s relative market share to better understand market position.
• However, ‘computers for beginners’ course - unchanged in last 20 years - 21% fall in
bookings in 20X5 – significant technology and IT-literacy changes in last 20 years - course
certainly obsolete – needs to be replaced with job market relevant courses.
• Web design course (up 15% in 20X5) - dramatic growth - indicates high demand for IT
courses relevant to modern business environment - represents 61% of all courses run -
opportunity to exploit.
• New business skills course - NCCP has no choice but to run this course because of
funding condition imposed by CC – heavily subsidised yet low attendances - may be due
to lack of promotion by NCCP - but may be driven by lack of demand in North Ceeville –
no one ‘looking to start own business or be self-employed’.
• ‘Finding a job’ course - relatively stable - represents 31% of NCCP’s bookings in 20X5 -
run by volunteers – so, generates positive contribution.
• No evidence of any market research undertaken - courses operate because they always
have (e.g. computers for beginners), because of funding obligations (e.g. business skills)
or because volunteers exist to run them (e.g. finding a job).
• However, demand for relevant courses - high (e.g. web design) - so undertake market
research to understand what courses would be most popular.
Evaluates the CEO’s proposal to offer the new art course. (8 marks)
Professional marks are available for demonstrating scepticism skills in probing deeply into
the underlying issues relating to the CEO’s proposal. (3 marks)
Evaluates the CEO’s proposal to offer the new art course. (8 marks)
Professional marks are available for demonstrating scepticism skills in probing deeply into
the underlying issues relating to the CEO’s proposal. (3 marks)
• DO NOT apply SAF

• Instead, analyse financial (work the numbers) and non-financial factors
• 4 marks • 4 marks
• Max 5 marks • Max 5 marks
Up to 2 marks per well explained point which evaluates CEO’s proposal.
Points could include, but are not limited to: • Pick any 2 or 3 points only
Financial factors (up to a maximum of 5 marks) : • Do not forget to work the numbers
• Up-front investment of $20k - represents 42% of cash reserves ($48K)
• Without 9 participants for each course, course will run at a loss
• Payback – must run 12 courses over 12 months ($12,000/$1,040 profit per month)
• Level of investment means this must be a long-term undertaking
• Need market research to support assumptions about demand
• Need to consider impact on council/donor funding
Note: Candidates will be awarded credit for other relevant calculations not shown above.
Non-financial factors (up to a maximum of 5 marks):
• Course social and may increase community participation - consistent with mission but
not educational/job-related and against Richard Tempest’s intention
• Close friend designing course - raises questions of integrity/objectivity
• Opportunity cost – availability of NCCP facilities – risk of pushing out existing courses
• Intellectual property – potential source of competitive advantage but clear contract with
presenter needed – commitment/fees/availability
• Pick any 2 or 3 points only
• Only 240 participants each year – smaller than any other course• Do not overwrite
• Risk of alienating less affluent course participants (already happening)
• Max 5 marks only
• Risk of alienating staff and volunteers as per survey; reliant on goodwill from volunteers
• Possibility of participants going on to attend subsidised courses (positive and negative)
Art courses
Financial factors
• Requires up-front investment of $20k including design fee and purchasing first year’s
materials and books [$12,000 (design fee) + (($25 artist materials + $8 book) x 20
participants x 12 courses) = $19,920] - represents 42% of cash reserves ($48K) -
significant piece of expenditure – may have implications for other initiatives.
• Will take 12 courses in 12 months at expected capacity to pay back course design
investment [$12,000 design fee/$1,040 profit per course = 11·5, rounded to 12 courses]
• However, if demand for any course falls below nine participants, that course will run at a
loss [breakeven point for a course = $800 fixed cost/($125 – $25 – $8) contribution per
booking = 8·69, rounded up to 9 participants.
• Given these challenges, crucial to undertake market research to validate expected
attendance figures before making any financial commitment - otherwise, risk that
investment could generate a loss.
• Also, newspaper article - states CC may cut NCCP’s funding if its agenda not consistent
with CC’s priorities - if conflict between the two, income significantly affected – CC’s
agenda must be given priority in order to sustain NCCP’s long-term financial stability.
Non-financial factors
• Difficult to perceive job opportunities for art courses – however, social aspects ensures
consistency with NCCP’s mission - but ‘premium’ courses combined with reference to
‘wealthy’ individuals not consistent with Richard Tempest’s vision to support neglected
individuals in community.
• Accomplished artist selected to design and deliver course - fee agreed for course design
– you need to be careful when work commissioned from friends – so, appropriate to
encourage a number of people to submit tenders judged by a neutral panel.
• Undertaking art course at a busy time (weekend) - risk – no space, time for other courses
- risk of pushing out existing courses - important to consider any lost financial and non-
financial opportunities.
• Retaining copyright of course – potential source of competitive advantage - however,
clear contract with presenter needed to agree number of courses and dates - more
difficult in year two, as fees, availability and number of courses may need to be reviewed
depending on demand.
• Overall, this course expected to be delivered only to 240 people in year one - represents
just 1·3% of bookings received in 20X5 - smaller than any other course – perhaps, time
and money needed to invest in this course could be used more effectively elsewhere.
• Ceeville Echo article - complaints from locals about high price of new courses - reinforced
by staff survey which states existing participants deterred from coming to NCCP - new
course - further provocation to those concerned about NCCP losing sight of its mission.
• This unrest particularly relevant to staff - latest survey shows dramatic fall in happiness
and trust on executive board – percentage of staff / volunteers expected to be working at
NCCP in one year’s time fallen from 82% to 45%.
• Can be argued that some turnover of staff and volunteers important to bring in fresh
ideas – so, 18% leaving over a year could be managed - however, risk that new course
will provoke further unrest - may be difficult to replace volunteers who leave.
• Also possible that more participants attend subsidised courses – positive note: may
increase participant numbers and subsequently, income – negative outcome: failure to
attract sufficient participants for new course.
The CEO is concerned about NCCP’s exposure to cybersecurity risk and has instructed the
operations director t both sponsor and manage a project to improve cybersecurity at NCCP.
The operations director has limited experience of cybersecurity and has asked you to
prepare a response to the CEO which justifies why he should be the project sponsor, but
not also the project manager.
Draft sections of a report to present to the board which explain the need for
cybersecurity at NCCP and recommend actions the board should take to meet its
cybersecurity responsibilities. (10 marks)
Professional skills marks are available for demonstrating commercial acumen skills in
highlighting the key benefits to NCCP of cybersecurity and recommending practical actions
the board should take. (4 marks)
Max 6 marks – 3 points
cybersecurity responsibilities. (10 marks)
Max 6 marks – 3 points
cybersecurity responsibilities. Max 6 marks – 3 points (10 marks)
But totally 10 marks – so 5 points

Up to 2 marks per well explained point which explains the need for cybersecurity at NCCP
(Up to a maximum of 6 marks).
Points could include, but not limited to: Maximum pick 3 points for 6 marks
• Cybersecurity - issue for all organisations/individuals as society dependent on technology
• NCCP uses such technology - so is at risk
• High impact on NCCP if risk occurs - so robust controls needed
• No reason to assume charities exempt from cyber-attack – media reports suggest
otherwise
• Anyone can target NCCP’s systems – so, need to consider data protection
(participant/donor/staff details)
Up to 2 marks per point which recommends actions the board should take to meet its
cybersecurity responsibilities (up to a maximum of 6 marks).
Points could include, but not limited to :
• Board must be seen by all to take ownership of cybersecurity as priority
• But, BOD needs expert advice - lacks experience and has limited technical understanding
• Clear cybersecurity policy needed and communicated to relevant stakeholders
• Establish contingency plans in event of cyber breach
• Quarterly review of cybersecurity risk – current risk management approach not sufficient
to address this.
Maximum pick 3 points for 6 marks
Need for cybersecurity
• Cybersecurity: protection of an individual’s/organisation’s technology and data from
unauthorised access or attack.
• NCCP relies on technology to operate – e.g. technology used to teach (computers for
beginners and website design courses) and for administration (email, administration,
banking) - also has website - at risk of cyberattack.
• Although password controls in place, only represents one aspect of cybersecurity -
hackers can circumvent passwords and might:
o Alter NCCP’s website data to include inaccurate or offensive content.
o Impersonate NCCP to its stakeholders to commit fraud
o Infect NCCP’s systems with a virus - courses may have to be cancelled.
So more robust controls needed.
• Recent media article provides evidence that small size charities are being targeted – so,
need cybersecurity measures.
• If cybersecurity controls weak - likely to attract hackers – also, may be targeted by a

disgruntled stakeholder – e.g., course participant unhappy with new premium courses or
staff who feels disrespected and unvalued, as survey shows - risks not fully appreciated.
• NCCP’s legal duty to protect data of donors, participants and staff - BOD liable for any
loss of data resulting from inadequate cybersecurity controls.
Actions by the board
i. Be seen to make cybersecurity a priority
Currently, cybersecurity sole responsibility of finance director - however, as NCCP as a
whole could be impacted, important all directors seen to be make cybersecurity a
priority – so, including it on agenda of board meetings and take other active steps - OD
to be responsible for monitoring cybersecurity and reporting to board.
ii. Seek expert advice where necessary
Directors - not expected to be technical experts in cybersecurity – since no practical
expertise in this area, and lack of knowledge of rapid changes within this field,
appropriate to seek expert advice from independent consultant.
iii. Establish and communicate a clear cybersecurity policy
Raise awareness of cybersecurity - communicate to staff about importance of password
controls - can form basis for more complete policy.
Cybersecurity policy - explains what is and is not acceptable practice - needs to be
shared with all relevant stakeholders.
As staff and course participants will be working on NCCP’s systems, important they
understand their responsibilities (e.g. what types of internet use allowed).
iv. Contingency plans
No cybersecurity controls 100% secure – so, important to have contingency plans - can
be implemented rapidly in case of a breach - should include protocols for backing up
and retrieving data – e.g. hiring services of a cloud service providers (CSP) to manage
NCCP’s data.
v. Regular review of cybersecurity risks
Although cybersecurity risks included in NCCP’s wider risk management programme,

more regular review of these risks important as new cybersecurity risks emerging all
the time because of new technology – again, engaging a CSP an advantage – could
advise on and prepare NCCP for new cybersecurity risks.
Draft an email on behalf of the operations director to send to the CEO which explains why
it would be appropriate for him to be the project sponsor, but not both the sponsor and
project manager for the cybersecurity project. (6 marks)
Draft an email on behalf of the operations director to send to the CEO which explains why
it would be appropriate for him to be the project sponsor, but not both the sponsor and
project manager for the cybersecurity project. (6 marks)
• No professional marks
• 3 reasons will suffice for 6 marks
• Technical project
• Up to 2 marks per point which justifies why the operations director (OD) would be an
appropriate project sponsor but not project manager for the cybersecurity project.
Points could include, but are not limited to: • Pick any 3 reasons for 6 marks
• Good from a CG approach - no one person securing and spending funds
• Stakeholder management – OD ideally placed to secure buy-in from other directors; PM
manages team.
• OD manages resources at a strategic level – has expertise required by PS - OD’s lack of in-
depth knowledge of cybersecurity might put project at risk
• PS can oversee and offer independent perspective on PM’s operational activities
• OD remains key point of contact with PM - so, other members of board can focus on
company issues and not worry about project.
• Segregating PS and PM roles advisable from a corporate governance perspective - no
single person who secures resource, spends it and reports on its use.
• PS – senior manager – primary customer of project - ensures other senior leaders

understand and buy into project – PM - needs more detailed operational expertise -
works with members of project team - provides immediate direction for project delivery.
• As operations director, I set overall direction for project; I have required seniority,
capabilities and authority to undertake PS role most effectively - my lack of in-depth
knowledge of cybersecurity means difficult for me to manage operational aspects of
project - makes me much less suitable for PM role than I am for PS role.
• Important for me as PS to ensure financial and other resources (e.g. specific members of
staff) made available - once allocated, PM decides how best to use.
• Separating PS and PM roles, allows me to concentrate more effectively on senior role
and I would be able to provide an independent perspective on project’s operational
activities.
• As OD and PS, I can represent project to board and ensure all stakeholders made aware
of progress and any issues - as OD, I’m in a good position to advise board, how resources
being used operationally - other board members can focus on strategic issues and do not
have to take worry about project.

MJ21 NCCP Slide

Uploaded by

Copyright:

Available Formats

You might also like

MJ21 NCCP Slide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MJ21 NCCP Slide

Uploaded by

Copyright:

Available Formats

NCCP (Jun ‘21 – Q1a)

• Keep corporate donors satisfied by demonstrating good corporate governance and if

• Most educational organisations - seek to differentiate based on quality of courses -

• Possible to add value through enhanced social relationships (differentiation) which

• Board reluctant to be involved in risk management – instead operational staff expected

• Risk identification should be permanent, on-going activity – also, need to estimate

Prepare an report for the CEO which:

Prepare an report for the CEO which:

• DO NOT apply SAF

But totally 10 marks – so 5 points

• If cybersecurity controls weak - likely to attract hackers – also, may be targeted by a

v. Regular review of cybersecurity risks

Although cybersecurity risks included in NCCP’s wider risk management programme,

• PS – senior manager – primary customer of project - ensures other senior leaders

You might also like