Is project assurance a valuable tool in ensuring project delivery or an expensive unnecessary overhead that duplicates what internal audit already do?
In my view, if you are having that debate, you’ve missed the point. In fact, you’ve asked the wrong question.
Project assurance and internal audit (have very different objectives (or at least they should have). Internal audit’s primary role is to ensure the effectiveness of the internal control environment. Project assurance is there to ensure appropriate quality of delivery and to foster the adoption of good practices across t
he delivery organisation. It can also undertake troubleshooting and recovery activities where problems are identified.
udit and project assurance are typically staffed by very different types of people. Whilst some of those involved in the internal audit of projects may have some background in project delivery, those in project assurance roles MUST have extensive experience in project delivery. It requires a different mindset and those qualified to undertake project assurance are unlikely to find internal audit challenging enough in the right ways to appeal to them.
One example of the case made for project assurance was in a major international bank. In the late 1990’s an internal review of all major change programmes within the bank revealed that all programmes that had some form of independent assurance process embedded in the programme’s management approach had a status of green i.e. the programmes were on track with no significant risks or issues outstanding that might de-rail the project. All other programmes (i.e. those without any independent assurance process) were either amber, some issues to be addressed, or red, requiring urgent management attention.
From this you could conclude that good project managers recognise the value provided by independent reviews and take up the advice from them. Alternatively, it could be said that less experienced or failing project managers either ignore the need for independent review and advice or don’t recognise they need it. Whichever is true, there is a prima facie case that independent reviews reduce the risk of failure.
I set up the assurance function within the investment banking arm of another UK bank. I sat down with Internal Audit at the outset and explained our role and approach. Internal audit assessed our early reviews and agreed that the work we did improved the control environment around project delivery and ensured it’s effectiveness. They were therefore happy to rely on our work and reduced the need for internal audit assessment of projects where we were engaged. We worked in partnership to ensure control and assure delivery.
So how should assurance be set up?
The aims of an assurance review are twofold:
- to ensure that the objectives of the programme/project under review are realistic and aligned to the overall business’ objectives and strategy, and
- to ensure that the other facets of the programme/project are aligned to meet those objectives.
The core theme throughout is the delivery of benefits. All projects and programmes seek to deliver benefits, either directly or indirectly by supporting other projects that do. The assurance process seeks to ensure those benefits are both realised and maximised.
The mechanics of an assurance review
Any review must consider a number of key aspects of the project:
Before undertaking a review the reviewer must have a clear understanding of the objectives of the project or programme, how they fit with the strategic objectives of the business and there must be agreement that they are sound and reasonable. The review then focuses on the capability to execute and the execution of the project
Are all the necessary processes in place? Are they appropriate to the project/programme and are they fit for purpose? Are they being followed? Do they support delivery of the plan?
Is the plan realistic? Is it more detailed in the short term, less detailed further out? Is it maintained and progress tracked against it? Is there a clear critical path.
Are adequate resources of the right type available in a timely manner? Are they dedicated or part time? What is the span of control over the resources?
Have all the stakeholders been identified? Has their attitude to the project/programme been assessed? Is there a stakeholder engagement process in place and is it being followed?
Who Should Undertake Assurance Reviews?
First and foremost the reviewer must be an experienced project or programme manager (as appropriate). Secondly, they must be independent of the management of the project or programme they are reviewing. They could be part of a specialist review or QA function possibly within the corporate PMO or a peer running another project or programme.
The Real Benefits
The real benefits come from an assurance process that is embedded as part of a change culture. Reviews can then assess projects and programmes against a set of agreed standards, collating statistics to be used to drive improvements, sharing best practices and learning from others experiences.
No project or programme is without its problems. It is how those problems are managed that determines the degree or success or failure. A well defined and implemented assurance process helps to improve problem management, promotes learning and sharing of experience, and thereby increases the level of success.