1. Introduction to the AI Project Management Capability Maturity Model
With the increasing integration of AI into project management processes, risks emerge regarding AI usage being unethical, inefficient and/or ineffective. The materialisation of these risks could result in project failure, financial loss and reputational damage. In January 2025, I published the AI-Assisted Project Management Framework: A Guide for Ethical, Efficient and Effective Human-AI Collaboration in Projects. It provides practical guidance for facilitating responsible AI usage in projects and can be integrated with existing organisation project frameworks, methodologies, processes and approaches. To accompany the AIPMF, I created the AI Project Management Capability Maturity Model (AIPM-CMM) and an assessment questionnaire. This article reminds us of the importance of CMMs and introduces the AIPM-CMM for benchmarking how well AI usage is governed in an organisation’s projects and programmes
Why important? Projects and programmes are the primary mechanism for operationalising an organisation’s strategy. Projects have become so integral in organisation ecosystems in the last ten years, that Antonio Niento-Rodriguez, a renowned thought leader in Project Management, coined the term “Project Economy” to highlight their significance. If our projects are AI-assisted, an additional element of risk is introduced and therefore appropriate governance is essential. A practical way to ensure AI usage is sufficiently governed is by enterprise-wide adoption of the AI-Assisted Project Management Framework (AIPMF). Additionally, a benchmarking instrument for current state analysis and continuous improvement is needed.
2. What is a Capability Maturity Model (CMM)?
A CMM is a structured framework designed to evaluate an organisation’s processes in a specific domain, and provides a path to improvement. The first CMM was developed by the Software Engineering Institute (SEI) at Carnegie Mellon University in 1986. Originally designed for software development processes, it was funded by the U.S. Department of Defense to assess the maturity of software practices used by military contractors. A key figure in the development of CMM was Watts Humphrey, who, after a distinguished career at IBM, joined SEI and laid the foundation for what would become a widely adopted model for process improvement. Over time, the CMM evolved into the Capability Maturity Model Integration (CMMI), which expanded its applicability beyond software development into broader business process optimisation.
A CMM typically consists of several levels, each representing an increasing degree of sophistication and capability. Organisations use these models to identify their current state, define areas for improvement, and establish a roadmap for progression toward higher maturity levels. CMMs provide organisations with a structured roadmap for improvement and optimisation in a given context.
They help in:
- Benchmarking Current Practices against Best Practice: CMMs offer a clear, standardised way to assess where your organisation currently stands in terms of best practices and process maturity.
- Identifying Gaps and Areas for Improvement: By outlining distinct levels of capability maturity, CMMs help pinpoint weaknesses and areas that require attention. Organisations can develop targeted improvement plans to progress from one maturity level to the next.
- Promoting Consistency and Best Practices: CMMs promote uniform standards, facilitating consistent quality, risk management and accountability.
- Supporting Continuous Improvement: The highest levels of the model emphasise ongoing optimisation and adaptation to new challenges and opportunities.
CMMs play their part in enhancing governance and assurance. By establishing clear, measurable benchmarks and standardised processes, organisations can assure that their operations adhere to both internal governance standards and external regulatory requirements, thereby mitigating risks and reinforcing accountability. In our context, the AI Project Management Capability Maturity Model (AIPM-CMM) focuses on the governance of AI usage in projects and programmes across an organisation’s project economy.
3. CMMs for Benchmarking AI Adoption
Readers might be interested to know about some of the AI-adoption maturity models that have been published.
- Gartner’s AI Maturity Model: This framework assists organisations in evaluating their AI utilisation across five levels, from initial awareness to advanced innovation. It emphasises understanding current capabilities and identifying areas for improvement.
- Accenture’s AI Maturity Framework: Accenture provides a model that defines AI maturity and offers strategies to advance and accelerate AI-driven business transformation.
- MITRE’s AI Maturity Model: Developed by MITRE, this model, along with an organisational assessment tool, enables enterprises to measure their progress in AI maturity, focusing on workforce and mission integration.
- EY’s Generative AI Maturity Model: Ernst & Young offers a model to help organisations strategically plan to close generative AI gaps, develop efficient roadmaps, and responsibly harness AI’s transformative capabilities.
- AI Capability Maturity Model by GSA: The General Services Administration’s AI Capability Maturity Model provides a framework for federal agencies to evaluate their AI maturity levels against stated objectives, aiding in developing unique AI roadmaps and investment plans.
While the above frameworks do not explicitly address AI adoption within project management, they nonetheless offer potential adaptability for understanding AI integration in project contexts. It is important to clarify that the AI Project Management Capability Maturity Model (AIPM-CMM) is not concerned with AI adoption or AI literacy in project management. Instead, the model focuses on assessing the maturity of organisational governance mechanisms for AI utilisation in projects and programmes, drawing guidance from the AI-Assisted Project Management Framework (AIPMF).
4. Introducing the AIPM-CMM
The AIPM-CMM (AI Project Management Capability Maturity Model) is a specialised model that assesses the governance of AI usage in an organisation’s projects and programmes. The AIPM-CMM accompanies the AI-Assisted Project Management Framework, which provides guidance for ensuring ethical, efficient and effective use of AI in projects and programmes. However, the AIPM-CMM can still be used if an organisation chooses to use an alternative governance framework for responsible AI use in projects.
From here on, reference to “projects” implies “projects and programmes”.
The AIPM-CMM describes five levels of maturity: Ad Hoc, Initialised, Standardised, Enterprised and Optimised.
Five Levels in the AI Project Management Capability Maturity Model
Level 1: Ad Hoc
Any use of AI in projects is unstructured and uncontrolled. Governance of AI usage in projects is non-existent, sporadic or reactive. There are no formal guidelines for project teams and related roles regarding responsible AI usage.
Level 2: Initialised
AI governance processes in projects are minimally defined and only occasionally implemented.
Level 3: Standardised
AI governance processes in projects are documented, repeatable, and consistent across projects.
Level 4: Enterprised
AI governance processes in projects are institutionalised, integrated across the organisation, and measured regularly. Audits provide independent assurance regarding the ethical, efficient and effective use of AI in the organisation’s projects and programmes.
Level 5: Optimised
AI governance processes in projects processes are continuously refined, proactive and fully aligned with strategic objectives.
5. An AIPM-CMM Assessment Questionnaire
The AIPM-CMM Assessment is structured against four Pillars: AI Strategy & Governance, AI Capability & Infrastructure, Human Capability & Accountability, and Data Readiness & Quality.
The Assessment Questionnaire is on the next page. For each question, indicate the Level in accordance with the following scale:
| 1: Ad-hoc | Non-existent or reactive. |
| 2: Initialised | Some awareness and initial steps taken, but implementation is inconsistent. |
| 3: Standardised | Processes are defined and repeatable, usually only within parts of the organisation. |
| 4: Enterprised | Embedded across the organisation with strong governance and organisation-wide monitoring. |
| 5: Optimised | Fully integrated, continuously refined, and residual risk related to AI-usage in projects is consistently low. |
If you feel your organisation is between levels, for example between Initialised and Standardised for the question on Strategic Alignment, then indicate an “in-between” score: 2.5.
Assessment Questions
Note: reference to “projects” implies “projects and programmes”.
AI STRATEGY AND GOVERNANCE | LEVEL (1 – 5) |
Strategic Governance Alignment Statement: “Our organisation has a clearly defined governance framework* for AI use in projects and programmes, ensuring ethical, efficient, and effective oversight.” Guidance: Assess whether AI governance policies align with overall project management governance, ensuring compliance, accountability, and responsible AI use in projects. *An example governance framework is the AI-Assisted Project Management Framework (AIPMFTM). | |
Executive Sponsorship and Oversight Statement: “Executive leadership actively oversees and enforces AI governance within project and programme management.” Guidance: Consider whether senior management provides structured oversight, accountability, and decision-making support for AI governance in projects. | |
AI Governance Policies and Compliance Statement: “Formal governance policies dictate the responsible use of AI in projects, ensuring compliance with ethical, legal, and organisational standards.” Guidance: Evaluate the presence and enforcement of AI governance policies, including auditability, bias mitigation, and ethical AI principles in the project context. | |
AI Usage Risk Management Statement: “AI-related risks, including bias, lack of transparency, and inaccuracy, are managed within our project governance framework.” Guidance: Assess whether risk management frameworks explicitly address AI risks and ensure AI-driven decisions in projects are auditable and explainable. | |
TOTAL: | |
AVERAGE (divide total by 4): |
AI TOOLS AND INFRASTRUCTURE | LEVEL (1 – 5) |
AI Infrastructure Compliance and Integration Statement: “AI systems used in projects are compliant with organisational governance policies and integrated into secure, regulated environments.” Guidance: Consider how AI tools comply with data governance standards and integrate with existing project management platforms securely. | |
AI Tool Access to Organisation Data Statement: “AI tools used in projects have controlled and auditable access to organisational data, ensuring compliance with data security standards.” Guidance: Assess whether AI tools access only necessary data under strict governance policies, with clear audit trails, role-based permissions, and safeguards against unauthorised use or data breaches. Consider how data access policies align with regulatory and organisational standards. | |
AI Issue Management Statement: “Clear escalation pathways exist for addressing AI-related issues in projects, including AI system downtime, ensuring timely intervention and risk reduction.” Guidance: Assess whether there are processes for reporting, reviewing, and resolving AI-related issues, such as biased outputs, ethical dilemmas, or system malfunctions. Consider whether corrective actions are well-documented and understood. | |
Scalability and Governance of AI Infrastructure Statement: “AI governance frameworks evolve to accommodate scaling AI use while maintaining ethical and regulatory compliance.” Guidance: Evaluate how governance policies adapt to emerging AI technologies and increased AI adoption in projects. | |
TOTAL: | |
AVERAGE (divide total by 4): |
HUMAN CAPABILITY AND ACCOUNTABILITY | LEVEL (1 – 5) |
AI Governance Literacy Statement: “AI governance training is mandatory for project teams to ensure responsible AI use and compliance with organisational policies.” Guidance: Consider whether training covers AI ethics, risk management, regulatory compliance, and decision accountability. Consider whether training covers proper AI tool usage, AI ethics, risk management, regulatory compliance, and decision accountability. | |
AI Tool Usage Competence Statement: “Project teams are able to make efficient and effective use of AI tools used in their projects.” Guidance: Establish whether users of AI tools in projects are continuously learning how to make the best use of the available AI tools. | |
Role Definition in AI Governance Statement: “Roles and responsibilities for AI governance in projects are clearly defined, ensuring accountability at every level.” Guidance: Reflect on whether policies specify AI tool users, approvers, and senior officers responsible for governance (see the AIPMFTM role recommendations). | |
Human Oversight in AI Decision-Making Statement: “AI-generated insights are critically assessed by human decision-makers, ensuring responsible and context-aware outcomes.” Guidance: Evaluate how well teams are trained to interpret AI recommendations and balance them with human judgment. | |
TOTAL: | |
AVERAGE (divide total by 4): |
DATA READINESS & QUALITY | LEVEL (1 – 5) |
Organisation Project Data Availability and Quality Statement: “We securely maintain a data repository that stores both historical and ongoing project data, ensuring it is validated and available in suitable formats for AI applications in projects.” Guidance: Evaluate whether processes exist to securely store project data and subject it to systematic cleaning and validation (project data includes – but is not limited to – project plans, risk logs, issue logs, change logs and lessons learnt). | |
Project-Level Data Availability Statement: “A Data Readiness Assessment is performed during project planning, to verify that the data earmarked for AI tools is accurate, complete, easily available and contextually relevant.” Guidance: Assess if there is a procedure or checklist that each project follows to evaluate data availability and quality before usage in AI systems. | |
Data Ownership and Custodianship Statement: “Clear roles for Data Owners at the executive level and Data Custodians at the project level ensure enduring accountability and operational stewardship of project data.” Guidance: Consider whether responsibilities are explicitly assigned, with Data Owners overseeing strategic data governance and Data Custodians managing day-to-day data quality and accessibility in projects. | |
Data Quality Auditing and Improvement Statement: “Regular audits and continuous improvement processes are in place to monitor, verify, and enhance the quality and availability of data used by AI tools in projects.” Guidance: Examine if systematic auditing schedules are established to routinely assess data quality across projects. Evaluate the mechanisms for identifying data issues, implementing remedial actions, and tracking improvements over time. | |
TOTAL: | |
AVERAGE (divide total by 4): |
Scoring
- The overall AIPM-CMM maturity level is derived from the aggregate average across all four pillars (total score for each Pillar summed and divided by 4).
- You can also plot your score for each statement on the chart below.
Improvement Recommendations
- Ad-Hoc (Average Score < 1.9)
At this initial stage, AI usage is largely unstructured, and governance is reactive.
- Conduct workshops to educate project teams about the importance of AI governance in projects.
- Appoint a point person to begin auditing AI usage in projects.
- Pilot a project to test and understand AI governance needs in projects.
- Create awareness of the AI-Assisted Project Management Framework (AIPMFTM) and how it can be integrated into existing project frameworks.
- Initialised (Average Score 2.0 – 2.9)
Organisations have taken initial steps but lack formalised structures.
- Develop a draft policy for AI usage in projects, focusing on ethical considerations. Alternatively, consider adopting the AIPMFTM for implementation and evaluation in a group of pilot projects.
- Create a centralised inventory of all AI tools, technologies and data used across projects.
- Implement a system for tracking AI-related issues and resolutions.
- Begin regular reviews of AI usage in projects to identify patterns and areas for improvement.
- Standardised (Average Score 3.0 – 3.9)
Processes are now documented and repeatable across projects.
- Formalise and implement an AI governance policy across all projects. Alternatively, consider adopting the AIPMFTM for implementation across all projects.
- Integrate AI governance into existing project management frameworks.
- Establish clear roles and responsibilities for AI governance.
- Conduct regular audits of AI usage in projects to ensure compliance and identify risks.
- Enterprised (Average Score 4.0 – 4.4)
AI governance is institutionalised and integrated across the organisation.
- Use data analytics to monitor and improve AI governance processes in projects.
- Share best practices and lessons learned across all projects and programmes.
- Invest in advanced training for project teams on ethical, efficient and effective use of AI in projects.
- Optimised (Average Score 4.5 – 5.0)
The organisation has reached a high maturity level with continuous refinement of its processes.
- Continuously refine AI project governance policies and procedures based on feedback and results.
- Serve as a thought leader in AI project governance, contributing to industry best practices as the technology evolves
The above recommendations provide actionable strategies for organisations based on their AIPM-CMM maturity assessment. They are intended to guide the evolution of AI governance practices within project and programme management environments towards higher levels of capability maturity.
6. Conclusion
The AIPM-CMM and supporting Assessment instrument provides a framework for organisations to evaluate and enhance the governance of AI usage in project management. Enterprise-wide adoption of the AIPMF enables organisations to reach higher levels of the AIPMF-CMM. From the initial Ad-hoc level to the aspirational Optimised level, continuously improving processes, the AIPM-CMM guides organisations through a clear pathway for systematic enhancement.
Using this model – and the associated assessment questionnaire – organisations can benchmark their current practices, identify improvement areas, and implement targeted strategies to achieve higher levels of maturity. Adopting the AIPMF, a framework for facilitating ethical, efficient and effective human-AI collaboration in projects, can significantly support organisations in more swiftly getting to AIPM-CMM Level 3. From there on, organisations would be in a position to improve AI governance in projects as the technology and the organisation evolves.
