Methodology

The Evie Project Controls Maturity Index

A weighted score of your controls operating model across six domains, calibrated against UK infrastructure, engineering and building-contractor benchmarks. Built to stand up to the kind of scrutiny a director-level review would apply.

Scoring

Each question uses a 5-point behavioural scale from 0 (we don't do this) to 4 (embedded and audited). A domain score is the sum of its answers divided by its maximum, expressed out of 100. The overall Maturity Index is a weighted mean across the six domains.

Commercial & Change Control, Schedule Integrity and Data Integration carry a slightly higher weight (×1.15) because those three domains generate the largest observed commercial and delivery exposure across our ICP.

Bands

Reactive

039

You are firefighting. Reporting is retrospective; leadership questions surface as surprises rather than early warnings.

Developing

4059

Controls exist but sit in silos. Leadership questions still take days to answer with confidence and change is loosely linked to programme.

Controlled

6079

Integrated data, timely reporting, disciplined change and early warning. You catch most issues before they become disputes.

Predictive

80100

Leading indicators are embedded. Leadership gets board-ready answers in minutes and commercial protection is baked into the operating model.

Domains

01. Schedule Integrity & Forensic Planning

×1.15

How trustworthy your programme is as a decision-making artefact — logic quality, float discipline, baseline control, and what actually changed between updates.

What good looks like · Baselined programme with clean logic, disciplined float, a live change log between every reporting period, and forensic-grade traceability of every date movement.

02. Cost Control & EVM

×1.00

Do you actually run earned value, or is cost reporting a monthly spreadsheet exercise that trails reality by weeks?

What good looks like · Live CPI/SPI per WBS element, integrated cost-schedule dataset, forecast that leadership trusts, and reporting effort measured in hours, not days.

03. Commercial & Change Control

×1.15

How fast and how well you price, agree and link change to programme impact — the single biggest source of commercial risk on infrastructure and building projects.

What good looks like · Change priced and agreed within the contract's window, register fully live, every change linked to a programme fragment showing time impact.

04. Risk & Early Warning

×1.00

Whether risk is a live operational discipline with quantitative teeth — or a spreadsheet the QSRA team refreshes twice a year.

What good looks like · Register refreshed continuously, QSRA / QCRA run at least quarterly, leading indicators visible on the exec dashboard, and instability in the programme flagged before it hits critical path.

05. Data Integration & Single Source of Truth

×1.15

How fragmented your controls stack is, how much time you spend reconciling instead of intervening, and whether leadership actually trusts the numbers.

What good looks like · P6 / MSP, cost system and contract data (CEMAR-style) reconciled continuously into a single view — controls team spends its time interpreting, not stitching spreadsheets together.

06. Leadership Reporting & Decision Velocity

×1.00

How fast leadership gets useful answers, and whether the reporting cycle actually improves decisions or just documents them after the fact.

What good looks like · Board-ready answers within the hour, insight-led narrative not status theatre, and a reporting rhythm that feeds intervention rather than paperwork.

Reference frameworks

Question wording and mature-state benchmarks draw on NEC4 guidance, AACE International recommended practices (notably 29R-03 and 52R-06), ISO 21500 terminology, and DCMA 14-point schedule assessment principles. JCT, FIDIC, IChemE and other suites are handled via contract-specific helper text on the Commercial & Change Control domain, so the benchmark reflects the mechanism the user actually operates under.

What the index does not do

It does not replace an on-site controls audit or a forensic dispute review. It is a self-assessment calibrated to expose the gaps that most consistently drive delivery risk and commercial exposure across UK infrastructure and building contractors. Treat it as a director-level thinking tool, not a certification.