Integrated Assurance – a problem cracked?
In May 2014, we published the ‘Guide to Integrated Assurance'. At the time integrated assurance was a hot topic, with many organisations struggling to cope with ever increasing demands for assurance in and around its projects. “We’re being assured to death!” was a common cry.
It’s all gone quiet recently, though. There are still the perennial questions about assurance, such as what role Internal Audit should have in assuring projects, and when does a ‘review’ become an ‘audit’; and newer questions about how to effectively assure Agile projects [see our ‘Guide to Assurance of Agile delivery’ published last year]; but has the challenge of integrating assurance activities been cracked?
I think not.
What has changed, I think, is that organisations now recognise much better the need to actively manage their assurance environments, but from what I see, they have not made that much progress in doing so. Why? Because its difficult.
At this point, it may be useful to refresh our memories about what ‘integrated assurance’ is.
The BoK 6 definition is:
"The coordination of assurance activities where there are a number of assurance providers."
But there's actually a lot more to it than mere coordination. And even to achieve coordination requires common principles to be complied with.
Rather than fill this blog with details about what integrated assurance is, perhaps you'd like to watch a few videos that I recorded recently with The PM Channel, here.
I think it is time to get people talking about this again. I don’t mean just going over the same ground (avoiding conflicts, minimising distractions and inefficiencies, not getting a full picture, etc.). I mean that we need to be thinking about how we develop our previous thinking on the topic to address why it's so difficult to implement, and how can we extract even greater value from it.
I sense that some organisations have tinkered with their assurance arrangements a bit, partially applied the three-lines-of-defence model, and tried a bit of assurance mapping, and think that that’s about it. But are they really getting that much additional value from their assurance functions than they were? Are their assurance interventions really that much better? Is their Audit Committee now getting a truly integrated and comprehensive view of assurance outputs?
Of course, you can get some value out of any degree of integrating assurance, but to get real value needs a lot of thought and effort, and maybe even cultural and organisational changes. Is there sufficient appetite for that?
How can we help?
I think there needs to be a new imperative. A new dimension that makes people think: “Oh! I never thought integrated assurance could help us like that!”.
One possibility is the concept of ‘progressive assurance’, in which assurance is provided progressively through the life of a project. For progressive assurance to work well, there has to be a degree of assurance integration – and the more integration the better. I am finding a growing interest in progressive assurance.
Perhaps you have some other ideas?
The Assurance SIG is looking to restart its ‘Integrated Assurance’ workstream shortly. If you’d like to be involved in this, please let me know.
Roy Millard
Chair of APM Assurance SIG
Until November 2017, I was responsible for the planning and delivery of all internal audits of project and programme management within Transport for London. I joined TfL Internal Audit in September 2002, and have over 34 years of experience of engineering projects in PPP, PFI, partnering, joint venture, consortia and conventional contracting environments, as project engineer, risk manager, project manager and internal audit manager. In particular, I had lead roles within Racal on major defence projects such Bowman and IRIS, and as a senior manager within Thales on the Connect project for London Underground.
I now work as an independent consultant (trading as P3 Risk & Assurance) and a Partner in Firewood Ltd providing advice and support on matters of governance, risk and assurance in project organisations.
I have an Honours degree and a post-graduate Diploma in Management Studies; am a Fellow of the APM and a full member of the Institution of Engineering and Technology; chair the APM Nominations Panel; have the APMP qualification and have been PRINCE2 and MSP qualified at Practitioner level; and am the founder and past-Chairman of the Project & Programme Assurance Specific Interest Group.
3 comments
Log in to post a comment, or create an account if you don't have one already.
As a member of the Assurance SIG for several years I can commend the work on Assurance that was done and its value across diverse industries and types of projects. I can also recommend the complementary work on Measures for Assurance which is available as a download (see the link below of search on measures for assurance). I led the working groups that created it and recently presented on the subject at a recent Scotland Branch evening meeting. https://www.apm.org.uk/resources/find-a-resource/measures-for-assuring-projects-apm-toolkit/
This is a useful stimulus for a debate, thanks Roy. For larger programmes, it seems inevitabel to me that the value will be added by a progressive assurance - why wait till the end or till a crisis before getting assurance? The key, for me, is what are we assuring and who are we getting the assurance for? If we are clear about that it may be easier to see how the various assurance groups can align. So, for example, it may be assurance about technical adherance, or whether the right elements are in place that are likely to then lead to a succesful outcome. I guess this comes down to horses for courses.
Hello Roy. We met yesterday at the London Group event and I said I'd like to be more involved with the SIG as I think this is an important and interesting area within project management. I will download the various knowledge and guidance texts and if you could help me join a SIG meeting remotely that would help. kind regards Nick