AIPGF Foundation: Assurance, Metrics, and Continuous Improvement

Topic snapshot

Sample questions

These questions are original PM Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Assurance, Metrics, and Continuous Improvement

A portfolio PMO is reviewing AIPGF assurance outcomes to improve AI governance maturity across multiple projects using AI tools for deliverables.

Exhibit: Evaluation stage assurance themes (last 6 weeks)

Recurring findings (3 projects):
- AI-assisted outputs lacked named accountable approver
- No retained prompt/output evidence for audit
- Inconsistent use of bias/privacy checks in reviews
Positive practice (1 project):
- AI Assistance Plan includes HITL review + decision log link

What is the best next action to raise the baseline governance maturity across the portfolio?

• A. Update standard templates and gate checks, and share the practice portfolio-wide
• B. Ask each project to fix issues locally without changing portfolio standards
• C. Pause AI use until every project can demonstrate perfect audit evidence
• D. Increase assurance sampling frequency but keep current guidance unchanged

Best answer: A

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: The exhibit shows repeated control gaps across several projects and a working pattern in one project (HITL review plus linked decision log in an AI Assistance Plan). The most effective maturity uplift is to standardise and spread the proven practice by updating portfolio artefacts and assurance gates so all projects adopt it consistently.

Good practice sharing at scale turns what was learned in Evaluation into portfolio-wide capability. Here, assurance repeatedly found unclear decision rights (no accountable approver), weak Transparency (no retained evidence), and inconsistent review checks, while one project demonstrated a transferable control pattern using an AI Assistance Plan with HITL review and a decision log link. The best next step is to capture that pattern as standard guidance and make it easy to adopt consistently.

Practical steps include:

• Update the AI Assistance Plan template to require accountable approver, evidence retention, and defined review checks
• Add these items to an Activation gate checklist and assurance criteria
• Communicate via a PMO/CoE playbook or community of practice so teams reuse it

This raises the baseline without overreacting or relying on ad hoc fixes.

It converts recurring assurance findings and one proven practice into reusable controls (templates/checklists) that can be adopted across projects.

Question 2

Topic: Assurance, Metrics, and Continuous Improvement

You are the PM for a programme using a generative AI tool to draft stakeholder communications and status reports. The AI Assistance Plan is in place and the tool has been operating for 6 weeks (Activation). The sponsor asks for “a clear view of how AI governance is performing” to decide whether to expand use to additional workstreams.

Exhibit: Monitoring snapshot (last 4 weeks)

• Hallucination rework rate: 14% → 11% (manual rework after review)
• Transparency evidence: 70% of outputs tagged with AI-use disclosure
• Data handling exceptions: 2 incidents of client-sensitive text pasted into prompts (both contained)
• Stakeholder trust pulse: 3.2/5 → 3.8/5
• Open risks: 1 high (confidentiality), 2 medium (bias, over-reliance)

What is the BEST next step to report AI governance performance in a way that supports decision-making (risk, trust, compliance)?

• A. Compile a governance performance report with trends, exceptions, and decision recommendations, then route it to the agreed governance approver
• B. Archive the monitoring data as audit evidence and continue operating until the end-of-phase review
• C. Begin the full Evaluation stage benefits realisation review now and pause further monitoring
• D. Approve expansion to additional workstreams because key metrics are improving overall

Best answer: A

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: The sponsor needs decision-ready reporting, not just data. The next step is to turn monitoring evidence into an interpreted governance performance report that highlights trends, exceptions, and residual risk, and then submit it via the defined decision rights for an informed go/no-go (or adapt) decision on expanding AI use.

AI governance performance reporting should translate monitoring signals into decision support: what is happening, what it means for risk/trust/compliance, and what decision is needed from whom. In this scenario, Activation monitoring shows improvement but also material exceptions (client-sensitive data in prompts) and incomplete transparency tagging, which must be reported with context and recommended controls before scaling.

A decision-ready governance performance report typically includes:

• KPIs/KRIs with trends and confidence/limitations
• Exceptions and incidents (and whether they were contained)
• Status against the AI Assistance Plan (e.g., HITL, disclosure, data rules)
• Residual risk and recommended actions, mapped to decision rights

Raw evidence alone, or premature scaling, undermines informed assurance and accountable approvals.

Decision-makers need an interpreted, evidence-backed performance view (not raw metrics) tied to risks, trust, and compliance with clear recommended actions and approvals.

Question 3

Topic: Assurance, Metrics, and Continuous Improvement

A programme office introduces a generative AI tool to help create project deliverables (draft business cases, status reports, RAID updates). Within weeks, the assurance review finds:

• No defined HITL sign-off for AI-assisted outputs
• Prompts and model outputs are not documented or traceable
• Several teams are using unapproved AI tools outside the agreed environment
• Stakeholders say they “don’t trust where the content came from”
• Benefits tracking shows a shortfall, but there is no evidence to explain why

Which is the most likely underlying cause of these symptoms?

• A. Low AI governance maturity with unclear roles, weak documentation, and ad hoc assurance
• B. The AI tool is producing hallucinations that reduce deliverable quality
• C. Stakeholders are change-averse and therefore reject AI-assisted work by default
• D. The project manager missed a single approval step for one key deliverable

Best answer: A

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: The pattern points to an immature AIPG-CMM state where core governance elements have not yet been institutionalised. At higher maturity, organisations typically have clearer decision rights and HITL approvals, consistent documentation (e.g., prompts/outputs and decisions), repeatable assurance, and a culture that supports responsible use and evidence-based benefits tracking.

In the AIPG-CMM maturity model, increasing maturity typically brings more consistent and embedded governance: clear roles and decision rights, standard artefacts (such as an AI Assistance Plan and traceable records), repeatable assurance activities, and a culture of compliant, transparent AI use. The stem shows multiple breakdowns at once—missing HITL sign-off, undocumented prompts/outputs, unapproved tool use, distrust from stakeholders, and benefits shortfall without evidence—which is best explained by low overall maturity rather than a single isolated mistake or a purely technical model-quality issue. The root cause is that governance and assurance are not yet institutionalised across teams.

These symptoms collectively indicate immature governance controls that normally strengthen with higher AIPG-CMM maturity (role clarity, documentation discipline, assurance, and culture).

Question 4

Topic: Assurance, Metrics, and Continuous Improvement

A programme uses an AI writing assistant to draft stakeholder reports. The AI tool vendor has released a new feature: “auto-ingest connected project folders to personalise outputs.” The sponsor wants the feature turned on immediately.

Exhibit: AI Assistance Plan (excerpt)

Tool: AI writing assistant (v3.2)
Approved use: Draft narrative from provided, non-sensitive inputs
Data rule: No client identifiers or contract terms in prompts
HITL: PM reviews/edits; Comms Lead approves before release
Assurance: Quarterly review; changes to tool capabilities trigger re-approval
Current setting: Folder connectors = OFF (not assessed)

Based on the exhibit, what is the best next action under AIPGF to adapt governance as the tool evolves?

• A. Run a change impact review and seek re-approval before enabling connectors
• B. Enable connectors now because HITL review will catch any issues
• C. Enable connectors only for internal folders without further governance updates
• D. Wait until the next quarterly review to decide on enabling connectors

Best answer: A

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: The exhibit states that changes to tool capabilities trigger re-approval and that folder connectors are currently off because they were not assessed. Turning on auto-ingestion changes the risk profile (privacy, confidentiality, unintended data exposure) and therefore requires a proportionate change impact assessment and updated approvals before use.

In AIPGF, governance should be adapted when AI tools evolve because new features can create new data flows, risks, and assurance needs. Here, “auto-ingest connected project folders” materially changes how information enters the AI tool and could breach the existing data rule (e.g., ingesting identifiers or contract terms) without the team intending to prompt them.

The exhibit already defines the control: “changes to tool capabilities trigger re-approval,” and flags the connectors as “not assessed.” The appropriate action is to treat enabling connectors as a controlled change: assess impact (data access, permissions, logging/auditability, security, privacy), update the AI Assistance Plan and risk register as needed, and obtain the named approvals before switching the setting on. HITL review remains important, but it is not a substitute for governing new data ingestion pathways.

The plan explicitly requires re-approval when capabilities change, and connectors introduce new data-ingestion risks that must be assessed before activation.

Question 5

Topic: Assurance, Metrics, and Continuous Improvement

A PMO completed a 6-week pilot using an AI assistant to draft project status reports and summarise risk logs. The pilot’s AI Assistance Plan required HITL review and capture of prompts, edits, and exceptions.

Results show a 25% cycle-time reduction, but monitoring also logged several “confident but wrong” summaries and inconsistent redaction of sensitive data. An executive sponsor now wants to onboard 20 more projects next month to “scale the benefits.”

Within the AIPGF life cycle, what is the best next step to build organisational capability for ethical, efficient, and effective human-AI collaboration at scale?

• A. Freeze usage until the AI tool guarantees zero hallucinations
• B. Approve immediate rollout and address issues during delivery
• C. Run an Evaluation and update standards, controls, and training
• D. Increase licences and enable auto-send to speed adoption

Best answer: C

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: Scaling human-AI collaboration requires turning pilot evidence into repeatable organisational practices. The pilot already produced both benefits and assurance signals (hallucinations and data-handling weaknesses), so the next step is an AIPGF Evaluation to learn, adapt, and standardise. This supports Human-Centricity, Transparency, and Adaptability before wider activation across the portfolio.

To build capability at scale, AIPGF expects you to convert pilot experience into governed, repeatable ways of working. Here, the PMO has measurable benefit but also recurring assurance issues (hallucinations and inconsistent redaction), so the correct sequence is to enter the Evaluation stage and use evidence to improve the operating model before expanding adoption.

Practical Evaluation outcomes to enable scale include:

• Confirm success metrics and assurance metrics, and baseline targets
• Analyse incident/exception logs and decision logs for root causes
• Update the AI Assistance Plan template (HITL checks, redaction rules, escalation)
• Refresh training, guidance, and lightweight assurance sampling for new teams

Only after these updates are approved should the organisation broaden Activation to additional projects.

Evaluating pilot evidence and institutionalising improvements (metrics, controls, HITL guidance, and training) is the prerequisite to scaling safely and consistently.

Question 6

Topic: Assurance, Metrics, and Continuous Improvement

A PMO is using an AI assistant to draft weekly status reports and initial risk statements for a large programme. In the Activation stage, the sponsor wants KPIs for a performance fee and asks for “maximum speed and measurable benefits,” but the assurance lead warns that poorly chosen metrics could encourage bypassing HITL reviews and weaken transparency.

Which KPI approach best balances efficiency with required governance controls while avoiding incentives for unsafe behaviour?

• A. Gate rewards on HITL pass rate plus measured time saved
• B. Reward zero defects only; require manual drafting always
• C. Reward 80% AI-generated content across all deliverables
• D. Pay per report delivered; skip HITL if on time

Best answer: A

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: Good AI metrics are balanced and include safety and assurance indicators, not just throughput. Making incentives conditional on HITL quality gates preserves human-centric accountability and reduces pressure to skip reviews or over-automate. Pairing time-saved measures with evidence of acceptable output quality supports benefits tracking without driving unsafe behaviour.

In AIPGF, metrics and benefits tracking should reinforce the Principles (Human-Centricity, Transparency, Adaptability) rather than reward behaviour that bypasses controls. When incentives focus only on speed or volume, teams can be pushed to overuse AI, skip HITL checks, and accept hallucinations or unverified claims.

A safer optimization is a balanced KPI set where efficiency metrics (e.g., cycle time reduction) are only rewarded if governance outcomes are met, such as:

• Minimum HITL review coverage and pass rate for AI-assisted outputs
• Low rework/exception rates with documented corrections
• Evidence captured in an AI Assistance Plan/decision log for traceability

The key takeaway is to make “faster” benefits contingent on meeting assurance thresholds, not a substitute for them.

It ties efficiency gains to minimum assurance outcomes (HITL quality thresholds), reducing pressure to trade safety and transparency for speed.

Question 7

Topic: Assurance, Metrics, and Continuous Improvement

A PMO is assessing its AIPG-CMM maturity for AI-assisted status reporting used across multiple programmes. The PMO claims it operates at Level 4 (Managed) for assurance and metrics.

Which observation would be INCORRECT evidence of Level 4 maturity?

• A. AI output quality KPIs are tracked and trended against targets
• B. AI outputs rely on individual judgement with no defined metrics
• C. Assurance findings are logged, closed, and auditable end-to-end
• D. A standard AI Assistance Plan template is used across projects

Best answer: B

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: Level 4 (Managed) maturity is demonstrated by quantitatively controlling AI-assisted work using defined measures, targets, and evidence that assurance activities are executed consistently. Observable artifacts include monitored KPIs and auditable assurance records. Reliance on personal judgement without defined metrics is characteristic of lower maturity and is not consistent with Level 4.

In the AIPG-CMM, Level 4 (Managed) is evidenced by a defined governance approach that is also measured and controlled using quantitative indicators. For AI-assisted project work, this means the organisation can demonstrate repeatable assurance execution and performance/quality monitoring (for example, trends against targets and documented follow-up of findings).

If teams are still relying mainly on individual judgement without defined measures, thresholds, or monitoring, governance is not being managed quantitatively and maturity is closer to ad hoc or merely defined practice rather than Level 4. The key takeaway is that Level 4 is about measurable control and auditable evidence, not just having intentions or informal checks.

Level 4 requires quantitative management, so “no defined metrics” indicates a lower, ad hoc maturity.

Question 8

Topic: Assurance, Metrics, and Continuous Improvement

In the APMG AI Project Governance Framework (AIPGF), what best describes the purpose of the AIPG-CMM (AI Project Governance Capability Maturity Model)?

• A. A project document listing prompts, data sources, and approval steps
• B. A method for measuring AI model accuracy, drift, and bias over time
• C. The three AIPGF life cycle stages for running an AI-assisted project
• D. A scale for assessing and improving organisational AI governance capability

Best answer: D

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: The AIPG-CMM is an organisational maturity model used to benchmark how well AI is governed and to plan improvements. It supports building repeatable, scalable human-AI collaboration through progressively stronger practices, controls, and assurance.

The AIPG-CMM is about organisational capability, not a single project or a single AI tool. In the context of continuous improvement at scale, it helps an organisation understand how consistently it applies AIPGF governance (roles, decision rights, assurance, monitoring, and continuous learning) and what to improve next.

Using a maturity model supports scaling because it:

• establishes a common baseline across teams
• prioritises improvements proportionate to risk and adoption
• enables repeatable, auditable governance practices

It complements project-level artifacts (like an AI Assistance Plan) and life cycle stages (Foundation, Activation, Evaluation) by focusing on sustained capability across the portfolio.

It provides maturity levels to benchmark current capability and guide continuous improvement for governing AI use at scale.

Question 9

Topic: Assurance, Metrics, and Continuous Improvement

An enterprise PMO notices inconsistent AI governance across multiple projects using generative AI for schedules, reports, and draft deliverables. The PMO sets up a cross-project forum to share “what worked,” curates reusable controls and checklists from completed projects, and updates the standard AI Assistance Plan template so new projects start with a higher baseline.

Which AIPGF concept is this practice primarily aligned to?

• A. Evaluation stage intent
• B. Transparency principle
• C. Activation stage intent
• D. Human-Centricity principle

Best answer: A

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: The described practice is about institutionalising learning from AI-assisted projects and using it to improve templates, controls, and guidance for future initiatives. In AIPGF, this is the intent of the Evaluation stage: measure outcomes, capture lessons, and continuously improve governance at scale.

Sharing good practices across projects to raise baseline AI governance maturity is a continuous-improvement mechanism. In AIPGF terms, this aligns most directly with the Evaluation stage intent, where the organisation reviews how AI assistance performed in practice and turns evidence into better governance.

Typical Evaluation-stage outcomes include:

• Updating standards (templates, checklists, decision logs)
• Refining metrics and assurance approaches based on results
• Spreading lessons learned so new projects start “pre-hardened”

The other concepts may be relevant within projects, but they do not primarily describe the cross-project learning loop described in the scenario.

It focuses on capturing learning and feeding improvements back into standards to raise maturity across future work.

Question 10

Topic: Assurance, Metrics, and Continuous Improvement

A PMO is starting an Evaluation-stage baseline across 12 ongoing programmes that use generative AI to draft deliverables (e.g., requirements, comms, schedules). They will use an AIPG-CMM assessment instrument to capture the current state and produce an improvement roadmap.

Which approach should the PMO NOT use when applying the AIPG-CMM instrument?

• A. Record score rationales and confidence, and use gaps to prioritise a proportionate improvement roadmap
• B. Run facilitated sessions with accountable roles to validate scores using evidence from key artifacts
• C. Assess a representative sample of projects/programmes using the same instrument and scoring rubric
• D. Pre-fill maturity scores based on the target state, then adjust only if objections arise

Best answer: D

What this tests: Assurance, Metrics, and Continuous Improvement

Explanation: An AIPG-CMM assessment should capture the current governance capability using consistent criteria and verifiable evidence. Pre-populating scores from a desired target state reverses the logic of an assessment, encourages confirmation bias, and weakens the credibility of the baseline used for continuous improvement.

Using an AIPG-CMM instrument is an assurance activity: it establishes an evidence-based baseline of current governance maturity across projects/programmes that use AI. Good practice is to apply a consistent rubric, gather and review objective evidence (such as AI Assistance Plans, decision logs, and risk registers), and validate findings with the right decision-makers (supporting transparency and human-centric accountability through HITL review). Starting from a “target maturity” and only adjusting if challenged turns the assessment into advocacy rather than measurement, which reduces auditability and makes the improvement roadmap unreliable.

Key takeaway: current-state scoring must be anchored in observed practice and evidence, not aspirations.

AIPG-CMM is for evidence-based current-state capture, so starting from the desired maturity biases results and undermines assurance.

Continue with full practice

Use the AIPGF Foundation Practice Test page for the full PM Mastery route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free AIPGF Foundation Full-Length Practice Exam
• AIPGF Foundation: Foundations of AI Project Governance (AIPGF)
• AIPGF Foundation: AI in Projects and Organizations (Context)
• AIPGF Foundation: Framework Structure and Controls
• AIPGF Foundation: Roles, Responsibilities, and Accountabilities
• AIPGF Foundation: Principles for Responsible and Trustworthy AI
• AIPGF Foundation: Values, Behaviours, and Culture
• AIPGF Foundation: Lifecycle Governance (Initiate to Operate)

Free review resource

Read the AIPGF Foundation guide on PMExams.com, then return to PM Mastery for timed practice.