What a CADMID engagement looks like — methodology walkthrough

How this piece is framed

This is not a write-up of a specific past project. UK defence work sits behind layered confidentiality regimes — MoD security caveats, supplier non-disclosure, SSRO commercial sensitivity — and even an anonymised case description can identify a programme to anyone who knows the sector. Rather than thread that needle, we have written this as a methodology walkthrough: what a CADMID engagement looks like in shape, what we typically do at each phase, what the evidence has to survive, and what we explicitly do not do. The detail is drawn from real practice; the framing is deliberately general.

For the underlying lifecycle and assurance framework, see our guide to project controls in defence, which sits inside the wider defence topic hub. This piece is the operational counterpart — what an engagement actually involves week-by-week, not what the framework is.

Engagement shape

A typical CADMID engagement falls into one of four scopes, often in combination. Independent QRA at Concept or Assessment phase — modelling option-level cost and schedule uncertainty under conditions where the requirement is still moving and the technical solution is not yet fixed. EVMS implementation review at Demonstration — testing whether the Performance Measurement Baseline, earning rules and reporting cadence will produce signals an SRO can act on, rather than just signals that pass an audit. IPA Gateway readiness — assembling the controls evidence pack ahead of Gate 0 through Gate 5, with the QRA, schedule integrity check, risk register and EVMS state documented to the depth IPA reviewers expect. Through-life cost modelling at In-Service — sustainment forecasting that links operating cost, capability availability and disposal liability into a single model the platform owner can defend at the annual Equipment Plan review.

Most engagements blend two or three of these. A programme moving from Assessment into Demonstration will typically want the QRA refreshed, the EVMS approach pre-mortemed, and a Gateway readiness check run against the next IPA gate — not as three separate workstreams but as a single coordinated piece of work.

What we do at each CADMID phase

The controls work at each CADMID phase is different in kind, not just in volume. Treating the lifecycle as one long engagement with a sliding scale of effort misses the point — each phase asks different questions of the controls function, and the deliverables look different as a result.

• Concept — Option-level QRA against a still-moving requirement. The schedule is indicative, the cost estimate is parametric, and the dominant uncertainty is technical feasibility rather than execution risk. We work in confidence ranges, not point estimates, and the output is a comparison of options rather than a baseline forecast. The risk register at this stage is dominated by requirement-volatility risks and capability-trade-off risks, and the QRA model treats those explicitly rather than burying them in three-point ranges on activities that do not yet exist.
• Assessment — The requirement is firming up and a preferred solution is emerging. QRA tightens: three-point estimates become defensible at activity and cost-element level, correlation between schedule and cost can be modelled honestly, and the P50/P80 outputs start to mean something for Main Gate funding. We also start to prepare the controls architecture for Demonstration — work breakdown structure, cost breakdown structure, the contract data items that will need EVMS clauses, and the schedule shape that a downstream prime can build against.
• Demonstration — The prime contract is in place and EVMS reporting begins. Our role here is implementation review rather than implementation — testing whether the Performance Measurement Baseline is internally consistent, whether the earning rules are deliverable-based rather than judgement-based, and whether the integrated cost-schedule reporting will produce a CPI/SPI signal that genuinely reflects execution. We benchmark the EVMS against AACE 11R-88 or the MoD’s own EVMS guidance, depending on which is contractually referenced, and we look hard at the gap between the technically compliant report and the programme’s actual delivery reality.
• Manufacture — Reporting cadence is established, and the controls question shifts to forecast quality. We focus on the estimate-to-complete discipline (is the ETC genuinely re-baselined each period, or is it being trended from the original budget?), variance analysis (are the explanations of CV and SV traceable to specific work packages, or are they narrative?), and management reserve / contingency drawdown (is the controlling level for management reserve held at the right tier, and is the drawdown process being followed?). On programmes at this stage, the IPA Gateway is typically Gate 4 — Readiness for Service — and we structure the controls evidence pack around that gate’s specific tests.
• In-Service — The contract has moved from acquisition to support, and the controls discipline is through-life cost management rather than baseline-versus-actual reporting. We build sustainment forecasts that link availability targets, spares consumption, obsolescence risk and mid-life-update timing into a coherent ten-to-twenty-year view. The cost owner is typically the platform Delivery Team, and the model has to survive Equipment Plan scrutiny by the MoD’s Cost Assurance and Analysis Service.
• Disposal — The smallest of the six phases in terms of controls effort, but with its own specific shape. Disposal cost is dominated by regulatory and environmental obligations — nuclear, munitions, hazardous materials — and the controls work is a hybrid of decommissioning cost estimation and long-tail liability modelling. We treat it as a project in its own right rather than as the tail end of In-Service.

What good evidence looks like

On a defence programme, the controls function is producing evidence for at least three distinct audiences. The Senior Responsible Owner needs decision-grade information that can be acted on inside the current quarter. The IPA Gateway team needs structured evidence that the programme’s Delivery Confidence Assessment is defensible — traceable from the schedule, QRA, risk register and EVMS through to a single narrative about deliverability. And the National Audit Office, if the programme is ever reviewed, will read those same documents two or three years later with the benefit of hindsight and the absence of pressure to be polite.

We structure deliverables with all three in mind. Every QRA report is written to be intelligible to the SRO on a single page, defensible at IPA in twenty pages, and complete enough that an NAO reviewer can reconstruct the methodology from the appendices alone. The same logic applies to the EVMS implementation report, the schedule integrity check, and the risk register narrative. The discipline is not to write three different documents — it is to write one document whose layers are explicit, so each reader can find what they need without wading through what they don’t.

On Government Major Projects Portfolio programmes, this also means writing in a form that supports the Major Projects Review Process inside the MoD and that lines up with the SSRO’s cost-reporting taxonomy on the contract’s commercial side. Getting the cost breakdown structure right at programme acceptance is much cheaper than retrofitting it when the first SSRO Quarterly Contract Report is due.

What we don’t do

It is worth being explicit about scope limits. We do not write the technical solution — we are project controls practitioners, not systems engineers or platform designers, and we do not draft the requirement, the architecture, or the technical specification. We do not sign technical safety cases — nuclear, munitions, airworthiness or marine safety cases are signed by the appropriately qualified authority, not by an independent controls reviewer. We do not take prime contractor responsibility — we work alongside the prime’s controls function on the client side, or as an independent reviewer; we do not stand in the prime’s reporting line or accept delivery liability for the platform itself.

This matters because the failure mode in independent assurance is scope creep. A controls reviewer who starts giving technical opinions on the engineering solution, or who lets their EVMS commentary drift into a critique of the prime’s delivery strategy, has stopped being independent — and the evidence they produce stops being usable at gateway review. Staying inside the controls remit is what makes the independence credible.

How engagements typically run

A typical engagement runs in three phases. Phase 1 — review, around four weeks. This is the diagnostic phase: walk the schedule, walk the risk register, walk the EVMS architecture if one exists, sit in two reporting cycles, and produce a written assessment of where the controls function is and what the highest-leverage interventions would be. The output is a short report and a workshop with the controls lead and the SRO. We do not start changing things in this phase; we are deciding what to change.

Phase 2 — instrumentation, around eight weeks. This is where the work actually happens. Depending on the engagement, that might mean rebuilding the QRA model, redesigning the EVMS earning rules, restructuring the risk register, producing a Gateway evidence pack, or some combination. The phase is bounded — it has a defined output and a defined end — and the deliverables are documents and models that survive after we leave, not bespoke processes that only work while we are in the room.

Phase 3 — sustainment, ongoing. Some clients run this as a monthly retainer, some as quarterly check-ins, some as called-off support around specific gates and reviews. The shape varies, but the pattern is consistent: a light-touch presence that keeps the controls function on its trajectory rather than letting it slowly revert to the state it was in before the engagement started. This is the phase that determines whether the Phase 2 work persists or evaporates.

Most CADMID engagements that produce real change are Phase 1 + Phase 2 + a defined Phase 3. Engagements that stop at Phase 2 typically lose half of the gain within a year. Engagements that try to skip Phase 1 typically over-engineer the wrong problem.