What Do These Audits Tell You?
Project risk audits are often performed throughout the project to ensure that the project stays on track and remains healthy. The goal of the audit is to ensure that each process is doing what it’s supposed to be doing. These audits need to be objective since the project’s well-being may be at stake.
Deciding the Risk Auditor
The first step in project risk audits is to assign someone to take on the role of project auditor. Ideally, the project manager would be in charge of this. If that person cannot be objective, or if the stakeholders are really relying on this project, you have the option to hire an external auditor or audit company.
Interviewing Team Members
Once you have decided who will be the risk auditor, it’s time to begin. First, make a list of the people who will
be interviewed during the audit. Usually, that list will include the project manager, stakeholders, and project team. If others are involved in the process, however, you may have to interview them as well such as any outside resources you’ve employed.
Critical Success Factors
Next, come up with a scoring system to determine how well the processes are working. This can include a range of 1 to 10 or excellent to inadequate. Features to be checked include how well internal controls are working, how well the oversight process is working, how fast tasks are being completed, how budgetary constraints are being met, and utilization of human and material resources.
There are some standard factors that are critical for a successful project. These can include the following: project organization, project planning, meeting of established milestones, how well the project is controlled, how well risk is being dealt with, resource management, dealing with scope, and testing. Part of the audit will be to check and see if these critical success factors are being met.
Now, it’s time to gather your evidence. Schedule interviews with team members, project managers, and stakeholders separately so that they don’t influence each other. Conduct the interviews as close together as possible so that individuals don’t have time to discuss questions and compare answers with other team members. This could contaminate the evidence.
Try to complete this part of the evidence gathering within the first five days or 20 hours. While many project risk audits can take nearly 20 days to complete, you still want to try to get as little cross-contamination as possible.
Analyzing Evidence and Creating a Report
Next, you need to thoroughly analyze the evidence and compare that evidence to timelines, goals, and objectives. Reviewing where the project should be to where it actually is will help you determine if the project is on track.
Once you have analyzed the data, you must now prepare your findings and come up with recommendations to improve the processes. A report should be written thoroughly detailing your findings so that everyone can see the results and understand what needs to be done if the project is found to be off-track.
Once the initial project risk audit has taken place, you may want to conduct follow-up audits. These shouldn’t be as intense as the initial phase, but they should verify that recommendations made are being followed and implemented.
Image Credit: Risk Management (Samuel Mann) https://commons.wikimedia.org/wiki/File:Risk_management.gif