Skip to content

How to audit change being delivered through projects and programmes

Added to your CPD log

View or edit this activity in your CPD log.

Go to My CPD Only APM members have access to CPD features Become a member Already added to CPD log

View or edit this activity in your CPD log.

Go to My CPD
Login to bookmark this
Added to your Saved Content Go to my Saved Content
Gettyimages 1346975137

Do you know what a project audit is? What is the difference between auditing a project and auditing a programme? Would you know where to start with such an audit? 

Audits are a special type of review but for some, the term audit implies a ‘backwards view’; an emphasis on ‘compliance’; a policing activity. Perhaps that was the case decades ago but these days, although audits may embrace those perspectives, they are so much more. 

The essence of a project (or programme) audit, in fact like in any assurance review, is to check whether it’s being managed in a way that takes into account all of the risks associated with it. 

What’s so special about audits? Well, there is typically a heavier emphasis on documented evidence, formalised testing, traceability to risk, review process and compliance than in other types of review. 

Audits are carried out by teams and individuals that operate in the second or third line of assurance and are typically of a more independent nature than, say, gate reviews. The ultimate independent audit is one carried out by an organisation’s internal audit function. 

Internal audit works within a strict framework of practice which ensures and protects its independence and the true ‘audit’ nature of its work. 

Other auditors, such as HSE, security and environmental auditors, typically work within their equally strict frameworks for similar reasons. 

APM is not in the business of training, qualifying and controlling professional auditors, but does have an interest in ensuring that auditors apply their audit processes and standards in a manner that properly reflect the unique nature of projects and programmes, i.e. their purpose of delivering change. 

As a result of this need for adequate independence, responsibility for auditing projects and programmes often fall upon non-project corporate functions, such as the aforementioned internal audit. Occupants of these functions are typically not people with project management knowledge and experience. For them, the project world can seem rather mysterious because of the specific terminology, ways of working and systems that are quite different to the rest of the organisation. How can we ensure that anyone who is tasked to carry out an independent audit of a project will do so with appropriate insight and application? 

The APM Assurance Specific Interest Group (SIG) first addressed this question with publication of A Guide to Project Auditing in 2018, which became industry-standard guidance for anyone tasked with carrying out a project audit. 

Following feedback from those who had used the guide, the Assurance SIG embarked upon a refresh of this publication and has now just published A Guide to Auditing Programmes and Projects. Unsurprisingly perhaps, this is not substantially different to the original guide but now explicitly also embraces programmes as well as projects. 

The Assurance SIG also took the opportunity to better align the content of the new auditing guide with the second edition of its Measures for Assuring Projects guidance, which was published in 2021. In particular, the 11 ‘Elements’ in the auditing guide are the same as the 11 assessment criteria in the measure guidance. Together, A Guide to Auditing Programmes and Projects and the Measures for Assuring Projects provide a powerful suite of guidance on how to assess the health of projects, whoever is doing it. 

Buy your copy of A Guide to Auditing Programmes and Projects. APM members receive a 10% discount.

Roy Millard
Written byRoy Millard

Until November 2017, I was responsible for the planning and delivery of all internal audits of project and programme management within Transport for London. I joined TfL Internal Audit in September 2002, and have over 34 years of experience of engineering projects in PPP, PFI, partnering, joint venture, consortia and conventional contracting environments, as project engineer, risk manager, project manager and internal audit manager. In particular, I had lead roles within Racal on major defence projects such Bowman and IRIS, and as a senior manager within Thales on the Connect project for London Underground.

I now work as an independent consultant (trading as P3 Risk & Assurance) and a Partner in Firewood Ltd providing advice and support on matters of governance, risk and assurance in project organisations.

I have an Honours degree and a post-graduate Diploma in Management Studies; am a Fellow of the APM and a full member of the Institution of Engineering and Technology; chair the APM Nominations Panel; have the APMP qualification and have been PRINCE2 and MSP qualified at Practitioner level; and am the founder and past-Chairman of the Project & Programme Assurance Specific Interest Group.

0 comments

Join the conversation!

Log in to post a comment, or create an account if you don't have one already.