SlideShare a Scribd company logo

Auditing Early Project Stages

A
Addisu15

project

Technology
1 of 9
Download to read offline
21 September 2020 Auditing projects in the early stages Chartered Institute of Internal Auditors This guidance provides a brief introduction to the early stages of managing a project and the role internal auditors can play. It complements our guidance on auditing projects. Project management and methodologies Before we delve into the detail of the early stages of a project, it is helpful to remind ourselves about the nature of projects and the purpose of project management. The Association of Project Management defines a project as 'a transient endeavor undertaken to achieve a desired outcome' (PMBoK Guide). It will have a defined beginning and end and will typically have the fundamental purpose of bringing about a beneficial change. The primary challenge of project managers is to deliver the project objectives on time, within cost and to defined standards of quality. Methodologies, tools and techniques provide the means to achieve this and improve the speed, efficiency and success rate of project delivery. There are a number of methodologies for managing a project including lean, iterative, event chain, critical chain and agile. Irrespective of the methodology chosen, the focus must be upon the project objectives, outputs, timeline and cost, together with the role of participants and stakeholders. Project managers in the UK & Ireland often use PRINCE2, a generic project management method (OGC PRINCE2 book background section), as it sub-divides projects into manageable sections. The diagram shows ‘starting up and initiating a project’ as two distinct stages, which provides the basis for the early involvement of stakeholders, internal audit and other assurance providers. 1 © Chartered Institute of Internal Auditors
Starting up a project This stage is about making a judgment on the viability of a project. In other words, should a project proceed to the next stage based upon a strong understanding of the work that is required to deliver the project’s outcomes and expected benefits? In his report to the Public Accounts Committee in 2013, Getting a grip: how to improve major project execution and control in government, Lord Browne of Madingley identified the control of startup and project initiation as a key factor in the success of any project. It gives the programme board or other nominated body as part of the governance process the opportunity to review and challenge assumptions, ensure the strategic fit of the project and consider risks and delivery options before they commit to the costs. The primary deliverable of this stage is an outline business case and in some cases a project brief. These documents should set out in a clear and concise way why the project is necessary, what it will deliver with an approximate timescale and a budget. The overall purpose is to seek to ensure that the organisation only select projects that will successfully deliver its desired overall strategy and avoid selecting projects that will not. The project startup stage should is also point at which roles and responsibilities and any KPIs or metrics are given definition to enable ongoing control and management of the project. This should include specific roles and responsibilities in relation to assurance delivery, which we consider later under coordination of assurance and the application of the three lines of defence model. 2 © Chartered Institute of Internal Auditors
Initiating a project Assuming the viability tests are positive, the project moves into initiation where the business case is developed into high-level plans based on agreed timescales, budget and deliverables. It is important for the project manager and project office to review lessons learnt from previous projects to adopt successful practice and avoid mistakes. The likelihood of success increases the more time the project manager invests in producing a refined business case. In many cases poor initiation and setup of a project leads to costly problems in later stages and even complete project failure. At the early stage of a project it is often tempting for the organisation to rush or reduce the time spent on the initiation stages by moving into design and implementation. This may be due to aggressive timescales, low budget or simply an over eagerness to deliver an exciting new product. This creates a number of risks that will need to be identified and understood across the project and the stakeholder community. Managing risks We have taken the risks below from our guide to auditing projects and it provides a small sample of the key risks associated with the early stage development of a project. Each project is unique and as such, there will be additional specific risks to consider. Potential risks and responses 1. Lack of resources, skills and proven approach to project management. Potential impact • Poor management of project which may lead to delays in delivery, increased cost, and poor quality. Possible response • Appoint experienced/qualified project managers. • Agree the project management methodology if there is no set standard in place. • Build resource requirements into business case and feasibility study. 2. Ineffective engagement with users and stakeholders. Potential impact • Unrealistic expectation upon the project. Possible response • Engage users and stakeholders in the definition and agreement of detailed requirements. • Engage users and stakeholders in decision making following the completion of feasibility studies. 3 © Chartered Institute of Internal Auditors
3. Lack of clear senior management ownership, support and leadership. Potential impact • A lack of commitment results in slippage in time and cost. • Conflicts within the project. Possible response • Ensure there are clear governance arrangements in place for the project. • Deliverables are clearly specified in the project scope and signed off by senior management at the initiation stage. Forms of assurance The relative importance of the project, the nature of the risks and the involvement of various stakeholders will determine what assurance is required and who provides it. There are three forms of assurance to consider, as follows: 1. Business assurance Is primarily for senior management in an organisation, the sponsor group or those engaged in setting and monitoring strategy and objectives. They want to know that any project is being set-up for success from the outset. That the project will deliver what they want, when they expect it, that costs are valid and controlled and defined benefits delivered. An audit for this group will focus on direction and understanding that the project team has appropriate levels of governance and controls in place. 2. User assurance As the description suggests the people required to accept the output from a project referred to as, the “business as usual group”, also require assurance. They will often be involved in defining requirements, output specifications, performance and agreeing the impact post-completion. Audits for this group will want to ensure the following, that: • a project has given due consideration to what “business as usual” needs; • they have been engaged appropriately; • value management and whole life costing has been considered and, • planning (even in the early stages) has given sufficient time for pre-commissioning, commissioning and handover activities so as to give comfort that the project’s outputs will operate successfully. 3. Technical assurance This is the most specialist form of assurance. Its constituents can come from engineering and developer backgrounds and it is often mistaken to mean they are only interested in standards and specifications. In reality, this group want assurance the design is fit-for-purpose and future-proofed. Often audits in this area will require external support from independent technical experts, and will often work alongside existing technical, value management and stage gate reviews within any organisation’s investment methodology. 4 © Chartered Institute of Internal Auditors
How auditors engage with each group is critical to the success of the project, not only when undertaking an audit but in ensuring managers understand findings and that agreed action is taken quickly and effectively. Coordination of assurance Many organisations organise their assurance activities based on the three lines of defence model, as described below. 1 line of defence: The project management methodology forms the core control system and process for delivery by the project team. 2 line of defence: Management will establish functions such as the programme management office and project assurance, underpinning a defined risk management process. 3 line of defence: Internal audit provides independent assurance as part of the third line of defence. An organisation that follows this model can coordinate assurance across the three forms of assurance described without duplication and gaps while enabling the project team to remain focused on the delivery of the project. The model recognises that project assurance should be kept separate from the project management team. This provides a dedicated resource to verify and report to the project board that risks are identified and managed, issues are being resolved and progress is on track in terms of benefits within timescales and budget. Depending on the complexity of the project assurance may be the responsibility of a project assurance manager or a project assurance team. It is therefore very important to have clarity upon roles and responsibilities to avoid confusion and misunderstanding. The head of internal audit should define roles and responsibilities in relation to project assurance within the internal audit charter and agree these with senior executives and the audit committee. For an organisation that is very project orientated internal audit’s involvement at various stages of a project and anticipated outputs according to the forms of assurance described may need to be stated, and where necessary reinstated in the terms of reference of individual audit assignments. Not all organisations have project assurance managers so internal audit’s role and responsibilities will need to reflect the current circumstances. For example, where there is no project assurance the expectations upon internal audit may be more demanding and these need to be defined and understood by everyone. Equally, where there is project assurance the relationship between the 2 and 3 lines of defence requires clarification to maximise the assurance resources available. Looking at and expressing an opinion on the reliability of project assurance will achieve this objective but this approach requires a common understanding and agreement. Benefits of involving internal audit in the early stages of a project Where an organisation is not mature in the delivery of projects, it is likely that it will not follow a prescribed process or delivery methodology. If this is the case then internal audit can play an important role in supporting the organisation develop, by providing a consultancy service. This st nd rd nd rd 5 © Chartered Institute of Internal Auditors
could involve working with management in the development of the methodology, facilitating risk assessments and the establishment of project governance. The early stage audit establishes a baseline for the project moving forward, together with a number of benefits, including: • an early opportunity to take any corrective action before costly resources and time are expended; • encouraging better project governance, giving management comfort that the project will deliver the expected benefits; • providing an independent review of the status of the project; • giving management assurance upon the adequacy of risk management and the effectiveness of key activities to mitigate risks; • identifing weaknesses in the organisation, management and execution of the project, and • enabling corrective action to keep the project on track. Any audit conducted during the start-up and initiation stages of a project should provide assurance that the required management policies, processes and procedures have been correctly established and applied. It should also consider how the project is building for success, particularly in terms of stakeholder engagement, understanding of its benefits and associated risks and how it will deliver the expected benefits. Furthermore, the complexity of implementing the change can also increase as the project progresses as shown by ‘cost of change curve’ below. We can see that the cost of a change increases dramatically the later in the project as the ability to change decreases. 6 © Chartered Institute of Internal Auditors
Potential activities where internal audit can support projects in the early stages The description we have provided about starting up a project and the initiation stage, along with various forms of assurance, point to where and how internal audit can make a valuable contribution to project success. This includes: 1. Advising on the establishment of a project selection process - assessing the governance being established for delivery, for compliance with agreed governance and industry leading practices (Consultancy). 2. Providing advice and giving assurance on the project management methodology to be adopted across projects (Technical assurance). 3. Giving assurance on the project selection (Business assurance) : • Reviewing the efficacy of resource plans and strategies to identify and resource in key skills 7 © Chartered Institute of Internal Auditors
areas. • Giving assurance on the quality of the data used to support project proposals. 4. Giving assurance on project start up (Business assurance): • Verifying the viability of project outcomes and benefits, challenging and confirming assumptions. • Project risks have been properly identified, evaluated and with actions for mitigation (Business assurance). • Reviewing the proposed plans for stakeholder management and engagement • Reviewing the adequacy of the business case – the extent to which delivery data, budgets, KPIs, roles and responsibilities are thorough and achievable. 5. Giving assurance on project initiation: • Review the delivery plan to assess the impact of interdependencies (internal and external) on the ability to deliver the schedule. • Ensuring due consideration of user requirements, including output specifications and performance criteria. (user assurance). The extent of internal audit’s involvement in the early stages of a project can include all of these possibilities subject to the role of project assurance managers and the need to avoid duplication by assessing the reliability of project assurance. Successful project management is the responsibility of managers. Internal audit is not a substitute for management and therefore in order to manage the risk of compromise auditors should seek to avoid the following. 1. Becoming a formal part of the decision making process – auditors should not be, or be seen to be, establishing the organisation’s risk appetite in project selection or determining risk responses in defining the project set up arrangements. 2. Particular care should be taken here in terms of representation on, or attendance at, selection boards or project committees. Such attendance is an acceptable practice and a useful way for auditors to gain evidence to support assurance work, or to provide advice, but every effort should be made to ensure that such attendance is recorded as being in an advisory or observer capacity only and not as a formal member. It also emphasises the need to clarify internal audit’s role in attending these meeting, the outputs and the outcomes that will be achieved as a result. Expectation and agreements in this regard should be defined in the internal audit charter. 3. Many project methodologies use a stage gate type approach where movement between project stages is subject to some form of assurance review. Ideally such assurance reviews will be undertaken by a second line assurance function, but in the absence of such a function the assurance review can be provided by internal audit but the decision to proceed must remain with managers. Involvement in this way may be seen as a compromise and therefore any involvement in subsequent project stages should be subject to careful management. 4. Taking ownership or accountability for the project or any part of its arrangements. 5. Agreeing to operate any of the controls on behalf of management. 8 © Chartered Institute of Internal Auditors
Glossary Business case Provides justification for undertaking a project or programme. It evaluates the benefit, cost and risk of alternative options and provides a rationale for the preferred solution. Cost of change curve A graph showing the cost of change against the ability to change. Deliverable A product, set of products or package of work that will be delivered to, and formally accepted by, a stakeholder. Feasibility stage The feasibility stage is where evaluation and analysis of the potential of a proposed project is undertaken. Activities will focus on investigation and research to support the process of decision making. PRINCE2 PRINCE2 (an acronym for PRojects IN Controlled Environments) is a de facto process-based method for effective project management. Used extensively by the UK Government, PRINCE2 is also widely recognised and used in the private sector, both in the UK and internationally. Project brief The output of the concept phase of a project or programme. Stage A sub-division of the development phase of a project created to facilitate approval gates at suitable points in the life cycle. Stage gate review A go/no-go decision point where project activities are reviewed to assure that appropriate requirements are observed. A project cannot proceed onto the next phase without a “go” decision. Stakeholder The organisations or people who have an interest or role in the project, programme or portfolio, or are impacted by it. Stakeholder management The systematic identification, analysis, planning and implementation of actions designed to engage with stakeholders. Value management A technique concerned with defining, maximising and achieving value for money. 9 © Chartered Institute of Internal Auditors

Recommended

Presentation by beebejan valiyakath
Presentation by beebejan valiyakathPresentation by beebejan valiyakath
Presentation by beebejan valiyakathPMI_IREP_TP
 
Project Manager Primer
Project Manager PrimerProject Manager Primer
Project Manager PrimerTom Cremins
 
Project Auditing
Project AuditingProject Auditing
Project AuditingBECM, RUET, Bangladesh
 
UNIT-1.pptx
UNIT-1.pptxUNIT-1.pptx
UNIT-1.pptxArunSingh205872
 
Project management
Project managementProject management
Project managementsatya pal
 
Fundamentals of project management july 7, 2012 revised
Fundamentals of project management july 7, 2012 revisedFundamentals of project management july 7, 2012 revised
Fundamentals of project management july 7, 2012 revisedgorby626
 
BSBPMG522 Undertake project work1HousekeepingE.docx
BSBPMG522 Undertake project work1HousekeepingE.docxBSBPMG522 Undertake project work1HousekeepingE.docx
BSBPMG522 Undertake project work1HousekeepingE.docxcurwenmichaela
 
BSBPMG522 Undertake project work1Housekeeping.docx
BSBPMG522 Undertake project work1Housekeeping.docxBSBPMG522 Undertake project work1Housekeeping.docx
BSBPMG522 Undertake project work1Housekeeping.docxjasoninnes20
 

Recommended

Presentation by beebejan valiyakath
Presentation by beebejan valiyakathPresentation by beebejan valiyakath
Presentation by beebejan valiyakathPMI_IREP_TP
 
Project Manager Primer
Project Manager PrimerProject Manager Primer
Project Manager PrimerTom Cremins
 
Project Auditing
Project AuditingProject Auditing
Project AuditingBECM, RUET, Bangladesh
 
UNIT-1.pptx
UNIT-1.pptxUNIT-1.pptx
UNIT-1.pptxArunSingh205872
 
Project management
Project managementProject management
Project managementsatya pal
 
Fundamentals of project management july 7, 2012 revised
Fundamentals of project management july 7, 2012 revisedFundamentals of project management july 7, 2012 revised
Fundamentals of project management july 7, 2012 revisedgorby626
 
BSBPMG522 Undertake project work1HousekeepingE.docx
BSBPMG522 Undertake project work1HousekeepingE.docxBSBPMG522 Undertake project work1HousekeepingE.docx
BSBPMG522 Undertake project work1HousekeepingE.docxcurwenmichaela
 
BSBPMG522 Undertake project work1Housekeeping.docx
BSBPMG522 Undertake project work1Housekeeping.docxBSBPMG522 Undertake project work1Housekeeping.docx
BSBPMG522 Undertake project work1Housekeeping.docxjasoninnes20
 
Project management processes Groups
Project management processes GroupsProject management processes Groups
Project management processes GroupsSourabh Kumar
 
Unit2 Project phases.pptx
Unit2 Project phases.pptxUnit2 Project phases.pptx
Unit2 Project phases.pptxAtulBhagwat6
 
Project management
Project managementProject management
Project managementArsh Koul
 
Presentation of project management (907, scm. mir mohammed shorab hossein)
Presentation of project management (907, scm. mir mohammed shorab hossein)Presentation of project management (907, scm. mir mohammed shorab hossein)
Presentation of project management (907, scm. mir mohammed shorab hossein)ferozpatowary
 
Project management
Project managementProject management
Project managementMalik Khalid Mehmood
 
ICB Competence, Project Standards
ICB Competence, Project StandardsICB Competence, Project Standards
ICB Competence, Project StandardsUjjwal Joshi
 
Pmp Exam Prep PDF-1
Pmp Exam Prep PDF-1Pmp Exam Prep PDF-1
Pmp Exam Prep PDF-1Amr Miqdadi
 
CRG DevCo’s advantages of outsourcing Project Management
CRG DevCo’s advantages of outsourcing Project ManagementCRG DevCo’s advantages of outsourcing Project Management
CRG DevCo’s advantages of outsourcing Project ManagementChris Gorga
 
Project Manangement Introduction
Project Manangement IntroductionProject Manangement Introduction
Project Manangement Introductionasim78
 
Project management [module 1]
Project management [module 1]Project management [module 1]
Project management [module 1]OyetadeTobi
 
Presentation of project management (905, scm. rajib ahashan rashel)
Presentation of project management (905, scm. rajib ahashan rashel)Presentation of project management (905, scm. rajib ahashan rashel)
Presentation of project management (905, scm. rajib ahashan rashel)ferozpatowary
 
AI in Project Management.pdf
AI in Project Management.pdfAI in Project Management.pdf
AI in Project Management.pdfJamieDornan2
 
Pmi dec 13
Pmi dec 13Pmi dec 13
Pmi dec 13Vijay Raj
 
Project and project management
Project and project managementProject and project management
Project and project managementwodato
 
Project management unit 5(1)
Project management unit 5(1)Project management unit 5(1)
Project management unit 5(1)Rintu Das
 
PROJECT SCOPE MANAGEMENT GUIDE 2021
PROJECT SCOPE MANAGEMENT GUIDE 2021PROJECT SCOPE MANAGEMENT GUIDE 2021
PROJECT SCOPE MANAGEMENT GUIDE 2021Sprintzeal
 
Project Management Methodology_rFmAt0BhU0dwihA.pdf
Project Management Methodology_rFmAt0BhU0dwihA.pdfProject Management Methodology_rFmAt0BhU0dwihA.pdf
Project Management Methodology_rFmAt0BhU0dwihA.pdfFaisalAziz831398
 
MBA 6951, Managing Complex Projects 1 Course Learning.docx
MBA 6951, Managing Complex Projects 1 Course Learning.docxMBA 6951, Managing Complex Projects 1 Course Learning.docx
MBA 6951, Managing Complex Projects 1 Course Learning.docxAASTHA76
 
Many organizations invest substantial resources in creating their ow.pdf
Many organizations invest substantial resources in creating their ow.pdfMany organizations invest substantial resources in creating their ow.pdf
Many organizations invest substantial resources in creating their ow.pdffederaleyecare
 
Introduction to Project Management
Introduction to Project ManagementIntroduction to Project Management
Introduction to Project Managementmuhammadyasirsaeedqa
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

More Related Content

Similar to Auditing Early Project Stages

Project management processes Groups
Project management processes GroupsProject management processes Groups
Project management processes GroupsSourabh Kumar
 
Unit2 Project phases.pptx
Unit2 Project phases.pptxUnit2 Project phases.pptx
Unit2 Project phases.pptxAtulBhagwat6
 
Project management
Project managementProject management
Project managementArsh Koul
 
Presentation of project management (907, scm. mir mohammed shorab hossein)
Presentation of project management (907, scm. mir mohammed shorab hossein)Presentation of project management (907, scm. mir mohammed shorab hossein)
Presentation of project management (907, scm. mir mohammed shorab hossein)ferozpatowary
 
ICB Competence, Project Standards
ICB Competence, Project StandardsICB Competence, Project Standards
ICB Competence, Project StandardsUjjwal Joshi
 
Pmp Exam Prep PDF-1
Pmp Exam Prep PDF-1Pmp Exam Prep PDF-1
Pmp Exam Prep PDF-1Amr Miqdadi
 
CRG DevCo’s advantages of outsourcing Project Management
CRG DevCo’s advantages of outsourcing Project ManagementCRG DevCo’s advantages of outsourcing Project Management
CRG DevCo’s advantages of outsourcing Project ManagementChris Gorga
 
Project Manangement Introduction
Project Manangement IntroductionProject Manangement Introduction
Project Manangement Introductionasim78
 
Project management [module 1]
Project management [module 1]Project management [module 1]
Project management [module 1]OyetadeTobi
 
Presentation of project management (905, scm. rajib ahashan rashel)
Presentation of project management (905, scm. rajib ahashan rashel)Presentation of project management (905, scm. rajib ahashan rashel)
Presentation of project management (905, scm. rajib ahashan rashel)ferozpatowary
 
AI in Project Management.pdf
AI in Project Management.pdfAI in Project Management.pdf
AI in Project Management.pdfJamieDornan2
 
Project and project management
Project and project managementProject and project management
Project and project managementwodato
 
Project management unit 5(1)
Project management unit 5(1)Project management unit 5(1)
Project management unit 5(1)Rintu Das
 
PROJECT SCOPE MANAGEMENT GUIDE 2021
PROJECT SCOPE MANAGEMENT GUIDE 2021PROJECT SCOPE MANAGEMENT GUIDE 2021
PROJECT SCOPE MANAGEMENT GUIDE 2021Sprintzeal
 
Project Management Methodology_rFmAt0BhU0dwihA.pdf
Project Management Methodology_rFmAt0BhU0dwihA.pdfProject Management Methodology_rFmAt0BhU0dwihA.pdf
Project Management Methodology_rFmAt0BhU0dwihA.pdfFaisalAziz831398
 
MBA 6951, Managing Complex Projects 1 Course Learning.docx
MBA 6951, Managing Complex Projects 1 Course Learning.docxMBA 6951, Managing Complex Projects 1 Course Learning.docx
MBA 6951, Managing Complex Projects 1 Course Learning.docxAASTHA76
 
Many organizations invest substantial resources in creating their ow.pdf
Many organizations invest substantial resources in creating their ow.pdfMany organizations invest substantial resources in creating their ow.pdf
Many organizations invest substantial resources in creating their ow.pdffederaleyecare
 
Introduction to Project Management
Introduction to Project ManagementIntroduction to Project Management
Introduction to Project Managementmuhammadyasirsaeedqa
 

Similar to Auditing Early Project Stages (20)

Project management processes Groups
Project management processes GroupsProject management processes Groups
Project management processes Groups
 
Unit2 Project phases.pptx
Unit2 Project phases.pptxUnit2 Project phases.pptx
Unit2 Project phases.pptx
 
Project management
Project managementProject management
Project management
 
Presentation of project management (907, scm. mir mohammed shorab hossein)
Presentation of project management (907, scm. mir mohammed shorab hossein)Presentation of project management (907, scm. mir mohammed shorab hossein)
Presentation of project management (907, scm. mir mohammed shorab hossein)
 
Project management
Project managementProject management
Project management
 
ICB Competence, Project Standards
ICB Competence, Project StandardsICB Competence, Project Standards
ICB Competence, Project Standards
 
Pmp Exam Prep PDF-1
Pmp Exam Prep PDF-1Pmp Exam Prep PDF-1
Pmp Exam Prep PDF-1
 
CRG DevCo’s advantages of outsourcing Project Management
CRG DevCo’s advantages of outsourcing Project ManagementCRG DevCo’s advantages of outsourcing Project Management
CRG DevCo’s advantages of outsourcing Project Management
 
Project Manangement Introduction
Project Manangement IntroductionProject Manangement Introduction
Project Manangement Introduction
 
Project management [module 1]
Project management [module 1]Project management [module 1]
Project management [module 1]
 
Presentation of project management (905, scm. rajib ahashan rashel)
Presentation of project management (905, scm. rajib ahashan rashel)Presentation of project management (905, scm. rajib ahashan rashel)
Presentation of project management (905, scm. rajib ahashan rashel)
 
AI in Project Management.pdf
AI in Project Management.pdfAI in Project Management.pdf
AI in Project Management.pdf
 
Pmi dec 13
Pmi dec 13Pmi dec 13
Pmi dec 13
 
Project and project management
Project and project managementProject and project management
Project and project management
 
Project management unit 5(1)
Project management unit 5(1)Project management unit 5(1)
Project management unit 5(1)
 
PROJECT SCOPE MANAGEMENT GUIDE 2021
PROJECT SCOPE MANAGEMENT GUIDE 2021PROJECT SCOPE MANAGEMENT GUIDE 2021
PROJECT SCOPE MANAGEMENT GUIDE 2021
 
Project Management Methodology_rFmAt0BhU0dwihA.pdf
Project Management Methodology_rFmAt0BhU0dwihA.pdfProject Management Methodology_rFmAt0BhU0dwihA.pdf
Project Management Methodology_rFmAt0BhU0dwihA.pdf
 
MBA 6951, Managing Complex Projects 1 Course Learning.docx
MBA 6951, Managing Complex Projects 1 Course Learning.docxMBA 6951, Managing Complex Projects 1 Course Learning.docx
MBA 6951, Managing Complex Projects 1 Course Learning.docx
 
Many organizations invest substantial resources in creating their ow.pdf
Many organizations invest substantial resources in creating their ow.pdfMany organizations invest substantial resources in creating their ow.pdf
Many organizations invest substantial resources in creating their ow.pdf
 
Introduction to Project Management
Introduction to Project ManagementIntroduction to Project Management
Introduction to Project Management
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

Auditing Early Project Stages

  • 1. 21 September 2020 Auditing projects in the early stages Chartered Institute of Internal Auditors This guidance provides a brief introduction to the early stages of managing a project and the role internal auditors can play. It complements our guidance on auditing projects. Project management and methodologies Before we delve into the detail of the early stages of a project, it is helpful to remind ourselves about the nature of projects and the purpose of project management. The Association of Project Management defines a project as 'a transient endeavor undertaken to achieve a desired outcome' (PMBoK Guide). It will have a defined beginning and end and will typically have the fundamental purpose of bringing about a beneficial change. The primary challenge of project managers is to deliver the project objectives on time, within cost and to defined standards of quality. Methodologies, tools and techniques provide the means to achieve this and improve the speed, efficiency and success rate of project delivery. There are a number of methodologies for managing a project including lean, iterative, event chain, critical chain and agile. Irrespective of the methodology chosen, the focus must be upon the project objectives, outputs, timeline and cost, together with the role of participants and stakeholders. Project managers in the UK & Ireland often use PRINCE2, a generic project management method (OGC PRINCE2 book background section), as it sub-divides projects into manageable sections. The diagram shows ‘starting up and initiating a project’ as two distinct stages, which provides the basis for the early involvement of stakeholders, internal audit and other assurance providers. 1 © Chartered Institute of Internal Auditors
  • 2. Starting up a project This stage is about making a judgment on the viability of a project. In other words, should a project proceed to the next stage based upon a strong understanding of the work that is required to deliver the project’s outcomes and expected benefits? In his report to the Public Accounts Committee in 2013, Getting a grip: how to improve major project execution and control in government, Lord Browne of Madingley identified the control of startup and project initiation as a key factor in the success of any project. It gives the programme board or other nominated body as part of the governance process the opportunity to review and challenge assumptions, ensure the strategic fit of the project and consider risks and delivery options before they commit to the costs. The primary deliverable of this stage is an outline business case and in some cases a project brief. These documents should set out in a clear and concise way why the project is necessary, what it will deliver with an approximate timescale and a budget. The overall purpose is to seek to ensure that the organisation only select projects that will successfully deliver its desired overall strategy and avoid selecting projects that will not. The project startup stage should is also point at which roles and responsibilities and any KPIs or metrics are given definition to enable ongoing control and management of the project. This should include specific roles and responsibilities in relation to assurance delivery, which we consider later under coordination of assurance and the application of the three lines of defence model. 2 © Chartered Institute of Internal Auditors
  • 3. Initiating a project Assuming the viability tests are positive, the project moves into initiation where the business case is developed into high-level plans based on agreed timescales, budget and deliverables. It is important for the project manager and project office to review lessons learnt from previous projects to adopt successful practice and avoid mistakes. The likelihood of success increases the more time the project manager invests in producing a refined business case. In many cases poor initiation and setup of a project leads to costly problems in later stages and even complete project failure. At the early stage of a project it is often tempting for the organisation to rush or reduce the time spent on the initiation stages by moving into design and implementation. This may be due to aggressive timescales, low budget or simply an over eagerness to deliver an exciting new product. This creates a number of risks that will need to be identified and understood across the project and the stakeholder community. Managing risks We have taken the risks below from our guide to auditing projects and it provides a small sample of the key risks associated with the early stage development of a project. Each project is unique and as such, there will be additional specific risks to consider. Potential risks and responses 1. Lack of resources, skills and proven approach to project management. Potential impact • Poor management of project which may lead to delays in delivery, increased cost, and poor quality. Possible response • Appoint experienced/qualified project managers. • Agree the project management methodology if there is no set standard in place. • Build resource requirements into business case and feasibility study. 2. Ineffective engagement with users and stakeholders. Potential impact • Unrealistic expectation upon the project. Possible response • Engage users and stakeholders in the definition and agreement of detailed requirements. • Engage users and stakeholders in decision making following the completion of feasibility studies. 3 © Chartered Institute of Internal Auditors
  • 4. 3. Lack of clear senior management ownership, support and leadership. Potential impact • A lack of commitment results in slippage in time and cost. • Conflicts within the project. Possible response • Ensure there are clear governance arrangements in place for the project. • Deliverables are clearly specified in the project scope and signed off by senior management at the initiation stage. Forms of assurance The relative importance of the project, the nature of the risks and the involvement of various stakeholders will determine what assurance is required and who provides it. There are three forms of assurance to consider, as follows: 1. Business assurance Is primarily for senior management in an organisation, the sponsor group or those engaged in setting and monitoring strategy and objectives. They want to know that any project is being set-up for success from the outset. That the project will deliver what they want, when they expect it, that costs are valid and controlled and defined benefits delivered. An audit for this group will focus on direction and understanding that the project team has appropriate levels of governance and controls in place. 2. User assurance As the description suggests the people required to accept the output from a project referred to as, the “business as usual group”, also require assurance. They will often be involved in defining requirements, output specifications, performance and agreeing the impact post-completion. Audits for this group will want to ensure the following, that: • a project has given due consideration to what “business as usual” needs; • they have been engaged appropriately; • value management and whole life costing has been considered and, • planning (even in the early stages) has given sufficient time for pre-commissioning, commissioning and handover activities so as to give comfort that the project’s outputs will operate successfully. 3. Technical assurance This is the most specialist form of assurance. Its constituents can come from engineering and developer backgrounds and it is often mistaken to mean they are only interested in standards and specifications. In reality, this group want assurance the design is fit-for-purpose and future-proofed. Often audits in this area will require external support from independent technical experts, and will often work alongside existing technical, value management and stage gate reviews within any organisation’s investment methodology. 4 © Chartered Institute of Internal Auditors
  • 5. How auditors engage with each group is critical to the success of the project, not only when undertaking an audit but in ensuring managers understand findings and that agreed action is taken quickly and effectively. Coordination of assurance Many organisations organise their assurance activities based on the three lines of defence model, as described below. 1 line of defence: The project management methodology forms the core control system and process for delivery by the project team. 2 line of defence: Management will establish functions such as the programme management office and project assurance, underpinning a defined risk management process. 3 line of defence: Internal audit provides independent assurance as part of the third line of defence. An organisation that follows this model can coordinate assurance across the three forms of assurance described without duplication and gaps while enabling the project team to remain focused on the delivery of the project. The model recognises that project assurance should be kept separate from the project management team. This provides a dedicated resource to verify and report to the project board that risks are identified and managed, issues are being resolved and progress is on track in terms of benefits within timescales and budget. Depending on the complexity of the project assurance may be the responsibility of a project assurance manager or a project assurance team. It is therefore very important to have clarity upon roles and responsibilities to avoid confusion and misunderstanding. The head of internal audit should define roles and responsibilities in relation to project assurance within the internal audit charter and agree these with senior executives and the audit committee. For an organisation that is very project orientated internal audit’s involvement at various stages of a project and anticipated outputs according to the forms of assurance described may need to be stated, and where necessary reinstated in the terms of reference of individual audit assignments. Not all organisations have project assurance managers so internal audit’s role and responsibilities will need to reflect the current circumstances. For example, where there is no project assurance the expectations upon internal audit may be more demanding and these need to be defined and understood by everyone. Equally, where there is project assurance the relationship between the 2 and 3 lines of defence requires clarification to maximise the assurance resources available. Looking at and expressing an opinion on the reliability of project assurance will achieve this objective but this approach requires a common understanding and agreement. Benefits of involving internal audit in the early stages of a project Where an organisation is not mature in the delivery of projects, it is likely that it will not follow a prescribed process or delivery methodology. If this is the case then internal audit can play an important role in supporting the organisation develop, by providing a consultancy service. This st nd rd nd rd 5 © Chartered Institute of Internal Auditors
  • 6. could involve working with management in the development of the methodology, facilitating risk assessments and the establishment of project governance. The early stage audit establishes a baseline for the project moving forward, together with a number of benefits, including: • an early opportunity to take any corrective action before costly resources and time are expended; • encouraging better project governance, giving management comfort that the project will deliver the expected benefits; • providing an independent review of the status of the project; • giving management assurance upon the adequacy of risk management and the effectiveness of key activities to mitigate risks; • identifing weaknesses in the organisation, management and execution of the project, and • enabling corrective action to keep the project on track. Any audit conducted during the start-up and initiation stages of a project should provide assurance that the required management policies, processes and procedures have been correctly established and applied. It should also consider how the project is building for success, particularly in terms of stakeholder engagement, understanding of its benefits and associated risks and how it will deliver the expected benefits. Furthermore, the complexity of implementing the change can also increase as the project progresses as shown by ‘cost of change curve’ below. We can see that the cost of a change increases dramatically the later in the project as the ability to change decreases. 6 © Chartered Institute of Internal Auditors
  • 7. Potential activities where internal audit can support projects in the early stages The description we have provided about starting up a project and the initiation stage, along with various forms of assurance, point to where and how internal audit can make a valuable contribution to project success. This includes: 1. Advising on the establishment of a project selection process - assessing the governance being established for delivery, for compliance with agreed governance and industry leading practices (Consultancy). 2. Providing advice and giving assurance on the project management methodology to be adopted across projects (Technical assurance). 3. Giving assurance on the project selection (Business assurance) : • Reviewing the efficacy of resource plans and strategies to identify and resource in key skills 7 © Chartered Institute of Internal Auditors
  • 8. areas. • Giving assurance on the quality of the data used to support project proposals. 4. Giving assurance on project start up (Business assurance): • Verifying the viability of project outcomes and benefits, challenging and confirming assumptions. • Project risks have been properly identified, evaluated and with actions for mitigation (Business assurance). • Reviewing the proposed plans for stakeholder management and engagement • Reviewing the adequacy of the business case – the extent to which delivery data, budgets, KPIs, roles and responsibilities are thorough and achievable. 5. Giving assurance on project initiation: • Review the delivery plan to assess the impact of interdependencies (internal and external) on the ability to deliver the schedule. • Ensuring due consideration of user requirements, including output specifications and performance criteria. (user assurance). The extent of internal audit’s involvement in the early stages of a project can include all of these possibilities subject to the role of project assurance managers and the need to avoid duplication by assessing the reliability of project assurance. Successful project management is the responsibility of managers. Internal audit is not a substitute for management and therefore in order to manage the risk of compromise auditors should seek to avoid the following. 1. Becoming a formal part of the decision making process – auditors should not be, or be seen to be, establishing the organisation’s risk appetite in project selection or determining risk responses in defining the project set up arrangements. 2. Particular care should be taken here in terms of representation on, or attendance at, selection boards or project committees. Such attendance is an acceptable practice and a useful way for auditors to gain evidence to support assurance work, or to provide advice, but every effort should be made to ensure that such attendance is recorded as being in an advisory or observer capacity only and not as a formal member. It also emphasises the need to clarify internal audit’s role in attending these meeting, the outputs and the outcomes that will be achieved as a result. Expectation and agreements in this regard should be defined in the internal audit charter. 3. Many project methodologies use a stage gate type approach where movement between project stages is subject to some form of assurance review. Ideally such assurance reviews will be undertaken by a second line assurance function, but in the absence of such a function the assurance review can be provided by internal audit but the decision to proceed must remain with managers. Involvement in this way may be seen as a compromise and therefore any involvement in subsequent project stages should be subject to careful management. 4. Taking ownership or accountability for the project or any part of its arrangements. 5. Agreeing to operate any of the controls on behalf of management. 8 © Chartered Institute of Internal Auditors
  • 9. Glossary Business case Provides justification for undertaking a project or programme. It evaluates the benefit, cost and risk of alternative options and provides a rationale for the preferred solution. Cost of change curve A graph showing the cost of change against the ability to change. Deliverable A product, set of products or package of work that will be delivered to, and formally accepted by, a stakeholder. Feasibility stage The feasibility stage is where evaluation and analysis of the potential of a proposed project is undertaken. Activities will focus on investigation and research to support the process of decision making. PRINCE2 PRINCE2 (an acronym for PRojects IN Controlled Environments) is a de facto process-based method for effective project management. Used extensively by the UK Government, PRINCE2 is also widely recognised and used in the private sector, both in the UK and internationally. Project brief The output of the concept phase of a project or programme. Stage A sub-division of the development phase of a project created to facilitate approval gates at suitable points in the life cycle. Stage gate review A go/no-go decision point where project activities are reviewed to assure that appropriate requirements are observed. A project cannot proceed onto the next phase without a “go” decision. Stakeholder The organisations or people who have an interest or role in the project, programme or portfolio, or are impacted by it. Stakeholder management The systematic identification, analysis, planning and implementation of actions designed to engage with stakeholders. Value management A technique concerned with defining, maximising and achieving value for money. 9 © Chartered Institute of Internal Auditors