Auditing our Project Engagements

AuditProject Audit sounds like a bad word, doesn’t it? Many of us think of audit so negatively because it’s always been tied to something financial and scary…for instance “IRS audit.” That certainly doesn’t make anyone comfortable. Indeed, the dictionary defines the word audit as: “an official inspection of an individual's or organization's accounts, typically by an independent body.” Wikipedia sounds a little better – it defines an audit as “an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, quality management, water management, and energy conservation.”

Conducting a project audit

The key to conducting a productive audit is to look at it as a learning process, not a blame process. The audit must be conducted in a spirit of learning what has gone right and what has gone wrong – much like lessons learned sessions on a project. It should not be focused on blame and punishment. If people are afraid they will be “strung up” for problems, then they will hide those problems if at all possible. Such a benign atmosphere, however, is hard to achieve. The underlying problem in many organizations, however, is that they have been operating in a blame and punishment structure for long enough that people are reluctant to reveal any less-than-perfect aspects of project performance. Indeed, cover-up may run amuck – which serves no good purpose, makes audits difficult if not impossible to carry out, and may actually border on the illegal.

When organizations continue ineffective practices because they intend to help individuals avoid embarrassment or are themselves trying to avoid looking bad to the customer what they really end up doing is preventing any organizational learning. The bottom line is, an auditor with a blame-and-punishment mentality is certain to create more problems than solutions and there will be no productive outcome to the audit…only wasted time.

Three types of audits

Most audits fall into one of four categories of audits:

  • Comprehensive

  • Partial

  • Informal

  • Cursory
The primary purpose of a comprehensive audit is to ascertain the economy, efficiency and effectiveness of an organization's operations and use of resources. Comprehensive audits are also called "value for money" audits and are designed to be wide ranging and thorough, integrating financial auditing, corporate compliance, operational audit procedures and management reviews. Full-blown audits like this are more common on public sector projects to show compliance to government regulations and to confirm any absence of fraud or corruption.

A partial audit usually focuses on a particular area of the project where the owner or stakeholders think is essential to conduct audit to show performance and/or compliance. The purpose of the informal audit is to quickly identify potential problem areas without conducting the formal review associated with a comprehensive, formal audit.

Output – the audit report

For reporting purposes, let’s mainly consider the reporting aspects of the comprehensive audit since it is the most formal and most complete. All other audits could have a subset of the expected or potential output from a formal comprehensive audit.

Generally, here is what could be – or likely should be – included in a formal, comprehensive project audit report….

  • Current project status. This is best shown by performing an earned value analysis. However, when earned value analysis is not used, status should still be reported as accurately as possible.

  • Future status. This is a forecast of what is expected to happen in the project. Are significant deviations expected in schedule, cost, performance, or scope? If so, the nature of such changes should be specified.

  • Status of critical tasks. The status of critical tasks, particularly those on the critical path, should be reported. Tasks that have high levels of technical risk should be given special attention, as should those being performed by outside vendors or subcontractors, over which the project manager may have limited control.

  • Risk assessment. Have any risks been identified that highlight potential for monetary loss, project failure, or other liabilities?

  • Information relevant to other projects. What has been learned from this audit that can or should be applied to other projects, whether in progress or about to start?

  • Limitations of the audit. What factors might limit the validity of the audit? Are any assumptions suspect? Are any data missing or suspected of contamination? Was anyone uncooperative in providing information for the audit?
Summary

A project audit can be a healthy tool when used correctly. Even though an audit can make people uncomfortable, they provide valuable information. When executed as an information gathering tool, and not an attack, your resources and future projects will benefit.

Add comment