Project Kickoff Checklist

Pull the executed SOW from the engagement folder and confirm both signatures, the effective date, and any change-order language. If the SOW sits under a Master Services Agreement, verify the MSA is current — expired MSAs are a common reason finance refuses to open the engagement code.

Screen the staffed team and the engagement scope against active and recent client relationships, named board seats, and personal investments. The screen must clear before any consultant is granted client-system access — late COI checks are a top reason engagements unwind painfully. For audit-adjacent advisory, run the independence check against the AICPA / PCAOB criteria as well.

Document the specific conflict, the consultants affected, and the proposed mitigation (re-staffing, ethical wall, declination). The engagement partner signs the COI memo before mobilization continues; do not start the staffing plan until the memo is on file.

Determine whether the engagement inherits regulated-industry obligations from the client. Common triggers: HIPAA (any PHI access), GDPR (EU data subjects), GLBA (financial services), FedRAMP / CMMC (federal contractor), SEC/FINRA (broker-dealer or RIA client). Capture which addendum is required so the right contracts vehicle gets executed before access is granted.

Confirm the regulatory addendum is signed by both parties and filed in the engagement archive before any consultant touches client data. HIPAA engagements need a BAA; EU-data engagements need a DPA with the right standard contractual clauses; cleared work needs the DD-254 or equivalent. No addendum, no access — even if the client says it's fine.

Open the engagement in the time-tracking system (Harvest, BigTime, Replicon) and set the project codes per workstream. Activate codes the day the SOW is signed, not at kickoff — discovery and mobilization hours are billable on T&M and need to land on the right code from day one.

Confirm named consultants for each workstream, their committed allocation, and the partner / manager / consultant / analyst leverage. Reconcile against the rate-card pricing in the SOW — staffing skew (too senior or too junior versus the priced blend) is the single biggest driver of fixed-fee margin slip.

Each consultant on the engagement is on a firm-issued, encrypted device with MFA enrolled in Okta or Entra ID before client-system access is granted. Subcontractors get guest accounts with scoped access — never full firm SSO. A signed NDA does not protect the firm if data ends up on a personal laptop.

Walk the engagement team through the SOW, the client's stated objectives, the politics around the sponsor, and the must-not-do list. Cover the client-data handling protocol explicitly: where data may live (firm laptop, client VDI), how it travels (firm email, encrypted transfer — never personal Gmail or Dropbox), and retention at engagement end.

Identify the executive sponsor, day-to-day client contact, steering committee members, and any change champions or known blockers. Map decision rights (RACI) for each major deliverable so escalation paths are explicit before the first status call.

Seed the Risks / Assumptions / Issues / Dependencies log with what's already known: data-access dependencies, key SME availability, parallel client initiatives that could conflict, scope ambiguities. The RAID log is the artifact you'll point to when scope creep starts; populate it before kickoff so day-one risks are on the record.

Name a senior reviewer (typically a manager or principal not on the day-to-day team) to gate every client-facing deliverable. The QA reviewer's calendar must accommodate the deliverable schedule — late reviewer assignment is how junior-staffed work ends up shipping unreviewed.

Read out what's in scope, what's explicitly excluded, and how change orders work (who signs, what the rate is, what the lead time is). Surfacing the change-order process at kickoff — not the first time scope creep happens — sets the precedent that out-of-scope asks get a written change order, not a quiet 'sure, we'll fit it in.'

Confirm each milestone date, the deliverable that gates it, and the acceptance criteria the client will apply. Vague acceptance criteria ("client is satisfied") are how engagements end with re-work disputes — push for specific, testable criteria for every billable milestone.

Set the standing weekly status (day, time, attendees, format) and the steering committee cadence (typically every 2–4 weeks). Confirm the status report template — RAG status, milestones, RAID log delta, decisions needed — so the first weekly isn't spent debating format.

Name who decides what on the client side: the day-to-day contact, the executive sponsor, and the steering committee. Confirm response-time expectations for each tier so the engagement manager knows when to escalate past the day-to-day contact without breaking trust.

Kickoff usually surfaces stakeholders not in the original sales conversations — a CFO partner, a security review board, a regional VP whose sign-off the day-to-day contact didn't mention. Add them to the stakeholder map and adjust the RACI before leaving the room.

Send the kickoff deck plus a written recap (decisions made, action items with owners and dates, open questions) within 24 hours. Same-day-following is the practical standard; longer lags signal poor engagement hygiene to the client sponsor.

Place the executed SOW, MSA, COI memo, regulatory addendum, and kickoff readout in the engagement folder structure. This becomes the audit trail for billing disputes, scope arguments, and any later closeout reference — populate it now while everything is at hand.

Put the weekly client status, the internal team check-in, the steering committee, and the mid-engagement quality review on calendars now. The mid-engagement QA — a structured pause to review the deliverable trajectory before it's too late to course-correct — is the one most often skipped and most often regretted.

The engagement partner reviews the kickoff artifacts and assigns an opening RAG status. Yellow or red at the kickoff line is not a failure — it's a signal that mobilization needs partner attention before the first deliverable cycle.