Project auditing is a formal type of “project review“, most often designed to evaluate the extent to which project management standards are being followed. Audits are typically performed by a designated audit department, the “Project Management Office“, an empowered Steering Committee or an external auditor. The audit “entity” must have the designated authority to conduct the audit and make related recommendations.
Going beyond practice verification, project audits are also performed as a “check and balance” to evaluate project quality, necessity, value, and to examine the root cause of known project problems and reported failures. In order to meet these varied uses, audit scope may vary based on type, purpose and timing. Verification audits are pre-planned, with the “subject project” selected according to established criteria. On the other hand, quality assurance and problem response audits are initiated in response to the pressing needs of a troubled project, and in that sense, the project “selects itself”.
Project Audit Planning
Every effective audit operation will be defined by four (4) key characteristics – alignment, independence, transparency and institutional support. Reality dictates that audits will never be welcome, and audit staff will always be looked upon with skepticism. Can they be truly independent? Why are they always picking on me? How can I get this project done with all these interruptions? These are the natural thoughts that come with external scrutiny and it’s quite understandable. Negative audit results, particularly as part of a pattern, can damage one’s career, or even bring about dismissal in more extreme cases.
On balance, audits are essential, and legally imperative. But just having audit capability is not enough. Audit staff must be able to cut through the fear, negativity and skepticism to bring about positive results. The only way to achieve this is to empower auditors to do their job, and allow project managers to share in the audit process through training, communication and feedback.
Audit Policies and Activation Procedures
What will it take to make project auditing a standard part of your approach to managing successful projects? To realize expected benefits, every step, element and deliverable of the audit process must be clearly defined and openly communicated, including:
- Auditing Mission Statement: The audit organization mission statement must clearly define the goals, objectives, authority, and boundaries of the audit operation, as well as the type of audits to be conducted.
- Audit Skills Specification: A detailed specification of auditor skills and experience, demonstrating that audit staff have sufficient expertise in project review, project standards, and if required, technical experience with the project subject matter.
- Stakeholder Roles and Responsibilities: A detailed specification of all audit related roles and responsibilities, for both audit staff and project staff (to include project managers, team members, project sponsors, customers and other stakeholders as needed).
- Audit “Trigger” Criteria: A full listing of all criteria by which projects will be selected for an audit. You cannot audit every project – it would be too costly and time consuming, defeating the purpose of the audit process itself. Specific criteria should be established to identify projects for auditing according to risk, complexity, internal value, cost, and the past “record of results” of the performing organization.
- Audit Initiation Procedures: A detailing specification of audit initiation procedures, including the process by which individual project managers are notified of a pending audit and related preparation requirements.
- Audit Execution Procedures: A full listing of audit execution procedures, covering the methods and procedures to be employed during the audit itself. Audit procedures mat vary based upon the type and timing of any given audit but can include, personal interviews with project staff, review of documents, questionnaires, and other related techniques.
- Audit Reporting Procedures: A complete specification of audit reporting procedures, covering the manner and method by which audit results will be reported and reviewed. In order to minimize the threatening nature of the project audit, all parties should be fully aware of how results will be reported and used within the organization.
- Audit Appeal Procedures: A full specification of all procedures to be followed to appeal and/or challenge reported audit results.