Do you know what a project audit is? What is the difference between auditing a project and auditing a programme? Would you know where to start with such an audit?
Audits are a special type of review but for some, the term audit implies a ‘backwards view’; an emphasis on ‘compliance’; a policing activity. Perhaps that was the case decades ago but these days, although audits may embrace those perspectives, they are so much more.
The essence of a project (or programme) audit, in fact like in any assurance review, is to check whether it’s being managed in a way that takes into account all of the risks associated with it.
What’s so special about audits? Well, there is typically a heavier emphasis on documented evidence, formalised testing, traceability to risk, review process and compliance than in other types of review.
Audits are carried out by teams and individuals that operate in the second or third line of assurance and are typically of a more independent nature than, say, gate reviews. The ultimate independent audit is one carried out by an organisation’s internal audit function.
Internal audit works within a strict framework of practice which ensures and protects its independence and the true ‘audit’ nature of its work.
Other auditors, such as HSE, security and environmental auditors, typically work within their equally strict frameworks for similar reasons.
APM is not in the business of training, qualifying and controlling professional auditors, but does have an interest in ensuring that auditors apply their audit processes and standards in a manner that properly reflect the unique nature of projects and programmes, i.e. their purpose of delivering change.
As a result of this need for adequate independence, responsibility for auditing projects and programmes often fall upon non-project corporate functions, such as the aforementioned internal audit. Occupants of these functions are typically not people with project management knowledge and experience. For them, the project world can seem rather mysterious because of the specific terminology, ways of working and systems that are quite different to the rest of the organisation. How can we ensure that anyone who is tasked to carry out an independent audit of a project will do so with appropriate insight and application?
The APM Assurance Specific Interest Group (SIG) first addressed this question with publication of A Guide to Project Auditing in 2018, which became industry-standard guidance for anyone tasked with carrying out a project audit.
Following feedback from those who had used the guide, the Assurance SIG embarked upon a refresh of this publication and has now just published A Guide to Auditing Programmes and Projects. Unsurprisingly perhaps, this is not substantially different to the original guide but now explicitly also embraces programmes as well as projects.
The Assurance SIG also took the opportunity to better align the content of the new auditing guide with the second edition of its Measures for Assuring Projects guidance, which was published in 2021. In particular, the 11 ‘Elements’ in the auditing guide are the same as the 11 assessment criteria in the measure guidance. Together, A Guide to Auditing Programmes and Projects and the Measures for Assuring Projects provide a powerful suite of guidance on how to assess the health of projects, whoever is doing it.
Buy your copy of A Guide to Auditing Programmes and Projects. APM members receive a 10% discount.