cisa-d3-acquisition-development-project-governance-and-management

Project Governance and Management

isaca-cisa · framework · Gold standard

Drawn fromCISA Review Manual · ISACA peer-reviewed case sets·Reviewed May 4, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Project Governance and Management

Project Governance and Management is the formal system of policies, structures, roles, decision rights, and control processes that provides oversight, accountability, and strategic alignment across the full IS project lifecycle. Within the ISACA CISA framework, it encompasses two complementary disciplines: (1) Project Governance — the structural layer establishing who holds authority to make decisions, how competing interests are resolved, how risks are escalated, and how projects align with organizational strategy; and (2) Project Management — the operational layer of planning, organizing, directing, and controlling project activities to deliver systems within agreed scope, schedule, budget, and quality parameters. Together they ensure that approved IT investments are executed with discipline, visibility, and accountability. Project governance is NOT simply project management with more meetings — it is the accountability architecture that sits above day-to-day management. It is NOT a one-size-fits-all framework; governance structures must be calibrated to project size, risk, and organizational maturity.

Where it stops · what it isn't

—IS: The policies, committees, decision rights, escalation paths, reporting structures, and control mechanisms that provide oversight of an IT project from initiation through closure
—IS: The planning, monitoring, and controlling processes (scope, schedule, budget, quality, risk, communications) used by a project manager to deliver IS projects
—IS: Integration points between project-level governance and enterprise-level governance (ERM, portfolio management, PMO oversight)
—IS NOT: Day-to-day software development or technical system design (covered under System Development Methodologies)
—IS NOT: IT operations governance or steady-state IT service management (covered under COBIT/ITIL frameworks)
—IS NOT: The business case or feasibility analysis used to initiate a project (covered in the prerequisite competency: Business Case and Feasibility Analysis)
—IS NOT: A substitute for organizational change management, though governance structures must account for change impact

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

REQUIRES

Business Case and Feasibility Analysis

ENABLES

Enterprise Risk Management (ERM)System Development MethodologiesPortfolio and Program Management

PART OF

Information Systems Acquisition, Development, and Implementation (CISA Domain 3)

RELATED TO

IS Acquisition and Vendor ManagementRequirements Engineering and Management

CONSTRAINS

Agile and Hybrid Delivery Methodologies

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.