I am sure that Project Assurance and Project Audit are not favorite topics for many Project Managers. But they are important. And they do cause an amount of confusion.
Not least, people ask:
So, I’ll give you the answers you need.
The structure of this article will be very simple. There are only four main sections:
You’ll need to know what they are about and how we define each of: project assurance and project audit. And you’ll also want to know, pretty quickly, why they are important.
So, I will start with an outline of what they are about and why they are important, then we’ll move on to definitions.
Project Assurance and Audit are all about giving confidence in the Project and the work the team is doing. As a result, they contribute to two vital areas of Project Management:
It is the role of assurance to give comfort on these, and of audit to look into them in detail.
There are many reasons to support the value of assurance and audit in Project management. And, remember, we must be able to demonstrate value, because there are costs to them, in:
So, here is my starter list of the principal benefits of Project Assurance and Project Audit. They:
I’ll offer some formal definitions of Project Assurance and Project Audit in the next section. Here, we can use loose, easy-to-understand definitions to give you a clear understanding of:
Assurance is how we provide stakeholders with a basis for confidence in your project or program. It confirms that you are doing the right thing, in an appropriate way, and making effective use of the time and resources the organization has granted you.
An audit is one way to provide assurance. It is a formal review that seeks to evaluate a project based on specific criteria.
There are many ways, like:
However, without a doubt, a formal Project Audit is the most robust and objective mechanism for providing Project Assurance. And, as a result, the two terms are often used interchangeably.
Crucially, Project Assurance is a continuous, ongoing process, throughout the life of the project or program. A Project Audit is a discrete event. It may happen once in a project life cycle. Or, there may be more than one in a long project or if findings merit a follow-up.
Another key difference is that Assurance often happens from within the project. A Project Audit, on the other hand, must be carried out by a person or team that is independent of the area they are auditing.
Let’s start with the wider term, assurance, and then focus in on the narrower, audit.
My dictionaries tell me that, in this context, assurance means:
‘a statement that inspires confidence and certainty, and overcomes doubt’
It comes from an origin meaning to secure or make sure.
The APM Body of Knowledge 7th edition defines assurance as:
‘The process of providing confidence to stakeholders that projects, programmes and portfolios will achieve their objectives for beneficial change.’APM Body of Knowledge 7th edition
Association for Project Management, 2019
So, this definition sees Project Assurance as a process, that needs to consider a number of things, like:
However, we sometimes use the term ‘Project Assurance’ to refer to the team that conducts the process. It may be a central group within a project’s organization that conducts reviews of projects. Often, this team will sit within some form of PMO: Project, Program, or Portfolio Management Office.
In PRINCE2, Project Assurance is the responsibility of the Project Board. And they must conduct assurance against three things:
My dictionaries tell me that, in this context, audit means:
‘inspection, review, and verification’
It comes from an origin mean a hearing – as in conducting a hearing to enquire into something. So, it rather resembles some form of judicial process. Yeeks!
But, as with Project Assurance, Project Audit has many interpretations. Inevitably, some see Project Audit as a finance function, focused on the financial performance, cost management, and financial reporting within a project or program.
More generally, Project Audit is about conformance to a full range project or program management processes, guidelines, and standards.
The Association for Project Management has the best materials I am aware of, to help us understand Project Assurance. Not only is there a helpful section in the 7th Edition of the AMPM Body of Knowledge [LINK] (section 1.3.2), which I shall draw upon. But they also produce some excellent detailed documents:
The Model the APM uses is a three-tier model, that sets out three ‘lines of defense’. This appears in A Guide to Integrated Assurance, by Roy Millard:
Aside form the obvious need for the right level of independence, there are a number of other criteria for effective project assurance:
Your Project, Program, or Portfolio Management Office may take a lead role in supporting or even carrying out Project Assurance. Their role can range from:
There are three phases to a formal Project Audit: before, during , and after the main assessment and data gathering activities. There are no ‘standards’ for how to carry out a Project Audit. So, I offer a simple, generic process with 8 steps in three phases.
This is a simple checklist of the main things that occur to me:
Where you have a project audit function, they will do all of the 8 steps in my three phase model above. But they will also set out procedures for:
My top tip is simple. Do not think of audit and assurance as adversarial processes. Rather, consider the assurance or audit teams as collaborators whose role is to help you do your job better. Work with them, and welcome any findings that they make. Any failings or causes for concern they find are opportunities to improve your project. And, if they had not found them, those causes for concern would still have been there – you just wouldn’t know about them.
Good question. What about them?
No, it’s theirs.
Managing your relationship with them (and supporting your team) will be more of a challenge. It will require a greater level of patience and diplomacy. And it may not be fun.
But, the attitude that their findings can help you is still the right one.
And, to anyone charged with conducting and assurance review or audit of any kind, I say this:
‘Blame is for God and small children’
The quote comes from the movie, Papillon, and is spoken by the character Louise Dega, played by Dustin Hoffman.
Blame is for God and small children – I don’t think you are either. And, if you want to act like one, then grow up and behave. Your job is to support your organization (or client) and its projects: not to apportion blame.
As always, I am keen to hear your views and experiences, and ever-ready to answer your questions. Please use the comments below.
Dr Mike Clayton is one of the most successful and in-demand project management trainers in the UK. He is author of 14 best-selling books, including four about project management. He is also a prolific blogger and contributor to ProjectManager.com and Project, the journal of the Association for Project Management. Between 1990 and 2002, Mike was a successful project manager, leading large project teams and delivering complex projects. In 2016, Mike launched OnlinePMCourses.
What is Value? …or Project Value? | Video
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.