See the full picture
Posted by Jess Faulkner on 1st Dec 2016
It may not seem a phrase to set the pulse racing, but ‘project assurance’ is fast becoming a hot topic. It’s certainly not a revolutionary new principle in the world of project management. As Roy Millard, senior audit manager at Transport for London and chair of the APM Audit and Assurance Committee, points out, “Even a smaller organisation may well have project controls and a small risk-management and internal-audit function, although it may not see them as a joined-up picture for assurance over projects.”
Rather, increasing financial pressures and greater complexity and scrutiny have brought the importance of clear oversight of projects – and the role that assurance should play – sharply into focus.
“Many projects have an international spin, and there are more stakeholders wanting to know what is going on, and more risks that are outside the project manager’s control,” continues Millard. Combined with greater complexity, there is less tolerance of failure, and constant pressure on costs.
Sir Amyas Morse, the government’s comptroller and auditor general, believes that the public sector is so overstretched and under-resourced that there is the potential for significant delivery failure. This risk will be exacerbated as civil servants are pulled away to Brexit-related activities.
Speaking at a recent Institute of Government conference, Morse stated that a ‘can do’ attitude from civil servants leads to projects going ahead even when departments don’t have the resources to take them on. As things stand, there is a collection of processes that “do not yet amount to the coherent framework for prioritising and managing public sector activity… Instead, what is needed is a wider, overarching approach based around skills, money and time,” he said. In effect, civil servants need an approach to assurance that will allow them to make better-informed decisions over what can and cannot be done.
With the spotlight on the role of assurance, the APM Assurance Specific Interest Group (SIG) has produced a toolkit to help project professionals. The group recognised that the lack of a framework and differing approaches were a bar to successful assurance planning, and devised the toolkit to help address the problem. Judging by more than 5,000 downloads already, there is clearly a desire for assistance.
Learning lessons at Lloyds
As it evolves, project assurance can play a key role in continuous improvement and learning for the benefit of the business. That’s certainly been the experience at Lloyds Banking Group, as senior programme manager Mark Palmer explains. “Financial services is a dynamic industry and there is a need to be fast to market and responsive to market changes. We are trying to embed a learning culture in our change community as we recognise that, the more we learn and reflect those learning activities in our change approach, the better we will be.”
Assurance fits squarely into those aims, Palmer continues: “Assurance doesn’t drive strategy or the direction of the business, but it makes sure that when the company’s strategy is executed it is done so efficiently and effectively.”
Palmer explains that, while the bank’s policy had for some time stipulated that significant change programmes must have independent delivery assurance oversight, the assurance output was not incorporated into learning as a group.
In 2014, Palmer was transferred to his current role within the group delivery assurance team, which sits within group change management. He was tasked with providing delivery assurance to the group’s major change programmes, and supporting the existing cultural change towards a learning organisation through the implementation of the change performance framework.
Assurance work at all levels, from peer reviews to delivery assurance reviews of significant projects, is now conducted against the same set of standards to embed consistency and standardisation. This has enabled repeatable and measured assessment that highlights areas where improvements could be made. All review outcomes are loaded onto the change performance framework, which allows the delivery assurance team to analyse the findings and help support future learning and improvements to key change initiatives.
“We have done some good work with requirements management and traceability,” says Palmer. “If you find one project that does not have all requirements stipulated and traced through from initial design to a test model, you note it, put it down to that one project and ensure it’s rectified. But when you get it as a recurring theme, that’s where the beauty of the change performance framework comes to light. We highlight where things would benefit from focus and improvement, and more specialist teams have taken that learning and put improvements in place that will support the rest of the group through the end-to-end management of requirements and traceability.”
Reorganising the Environment Agency
Meanwhile, at the Environment Agency, it was a major reorganisation of the entire agency that offered an opportunity to restructure the assurance function.
Under the previous model, much of the assurance of projects was done at a regional level, split between 10 regional offices. The offices worked independently of each other, meaning that they were working to different standards and any kind of comparative work was almost impossible. There was also misunderstanding between what was assurance and what was approval, explains Paul Wilman, improvement and assurance manager. “People were confusing assurance with financial approval, thinking that they had to solve every minute detail, which led to assurance slowing down projects,” he says.
In early 2014, the reorganisation stripped out the regional tier, necessitating a redesign of how project assurance operated, and culminating in the National Project Assurance Service (NPAS).
“Early on, we realised that we were operating a service for the business, providing independent assurance projects, so we set it up under continuous improvement techniques in order to improve efficiency,” says Wilman.
Under the new system, it is mandatory for projects over £100,000 to be assured, either by the National Project Assurance Board for higher-risk projects, or, for the lion’s share, by one of 10 virtual groups. Wilman heads up a central team that oversees, supports and monitors assurance work throughout the agency.
The role of assurance is to provide independent advice. Accountability and responsibility for leading, delivering and driving the project remains with the project.
“We point out where the improvement opportunities are and where we see the residual risks. That advice goes back to the project for [the team] to do as it feels appropriate, and the project’s response is then sent back for a final assurance review,” details Wilman. Both reviews are monitored by the central team.
He continues: “I have a dashboard, so I can see what the quality of the business case is like when it comes into assurance, and when it goes out, so I can see which projects aren’t taking our advice. Once through assurance, projects must get financial approval. The assurance advice goes through to [that team], and they base their sign-off on that. Hopefully, if they see it comes through as red with a lot of residual issues that we didn’t manage to sort through assurance, they will take notice.”
Wilman wants assurance to be seen as a value-adding activity and not a hurdle to jump. “Assurance provides independent advice that hopefully will improve delivery confidence in the project. The latest dashboard showed that we improved the quality of every single business case that came through.”
In addition to improving the quality of the business case, NPAS aims to recycle the learnings from assurance back into the business. Each quarter, the central team analyses every comment that comes through from assurers and classifies it according to a theme – be it finance, environment or risk options.
Information on which areas are receiving the most comments – for example, the flood defence or IT department – is then fed back to the business, highlighting where improvement opportunities lie. Teams of experts will then run an improvement project, which could result in implementing changes such as template tweaks, further guidance or training.
Wilman says: “Although assurance is mandatory, people can now see its benefits. They see that you can do robust assurance efficiently and it doesn’t have to slow the process down. We are working on making assurance more efficient and proportionate, and identifying where we have opportunities to improve the service. We are doing more to integrate our assurance with the Department for Environment, Food & Rural Affairs, which is our sponsoring body, for example.
“People also see that it can improve the delivery competence of the project. It’s like a free bit of consultancy – why wouldn’t you do it?”
The link between risk and assurance
For project assurance to play a greater role in leading good practice, there needs to be a cultural shift and better understanding of the benefits that it can bring.
Millard says: “Culturally, people in assurance tend to only think in their own box, so perhaps just about quality when doing a quality audit. They don’t necessarily think about their role in the bigger assurance picture – to learn lessons and improve corporate knowledge.”
He believes that internal audit committees have a key role to play. “Our role is to oversee all risk and assurance on behalf of the board’s audit committee. Boards and executives often have an arm’s-length relationship, but there is a real opportunity for the director of internal audit to be having conversations with the chair of the audit committee, working together to build on continuous improvement in the organisation.”
Emphasising the link between assurance and risk management would help, he continues: “The one thing boards really understand these days is risk, but they don’t necessarily understand the link between risk and assurance.
“If there is no risk, there is no benefit in assurance activity. Assurance can generate information that gives organisations a better understanding about how their risks are being managed and make suggestions about how risk can be managed better. If that link is continuously stressed at all levels of the organisation, the right sort of language can then be taken into the board in order to provide better understanding of what assurance is all about.”
Millard states that, when the Assurance SIG was set up in 2007, “we didn’t quite appreciate how much guidance was needed about what assurance was, let alone integrated assurance”. The fact that the toolkit has been received so well is a measure of the progress that has been made in this area, and the continuing professionalism of project managers.
Jo Russell is a business writer and editor.
The tools for the job
Recognising the need for a more joined-up approach to project assurance, the APM Assurance Specific Interest Group (SIG) has produced a free-to-download toolkit, called Measures for Assuring Projects.
Designed to be used by project teams for self-assessment, the toolkit consists of a summary sheet for rating project assurance and examples of evidence that support a good assurance measure score.
By using a definitive framework, project professionals will help minimise the risk of duplication or gaps and increase the comparison of assurance outputs.
As Roy Millard, committee member and former chair of the SIG, says: “If your organisation has 100 projects on the go, using the toolkit will give you the ability to take an assurance picture of all those 100 projects and see where some are being run better than others.
“It gives you a way of benchmarking one project to another. That can then feed into learning for other projects and into continuous improvement.”
For more information, visit bit.ly/2dGS0A4