Project Auditing

A very special type of evaluation is the formal audit. The project audit is a thorough exami­nation of the management of a project, its methodology and procedures, its records, proper­ties, inventories, budgets, expenditures, progress, and so on. The project audit is not a financial audit, but is far broader in scope and may deal with the whole or any part of the project. For a comparison of the two, refer to Table 8.2. It can also be very flexible, and can focus on any issues of interest to senior management. The project audit is also broader than the tradi­tional management audit that focuses its attention on the organization’s management sys­tems and operation. Next we discuss the audit process itself and its result, the audit report.

1. The Audit Process

The timing of the audit depends on the purpose of the audit, as shown in Table 8.3. Because early problem identification leads to easier solutions, it is often helpful to have an audit early in the project’s life. Such audits are usually focused on technical issues. Later audits tend to focus more on budget and schedule because most of the technical issues are resolved by this time. Thus, these later audits are typically of less value to the project team and of more interest to general management. An obvious case here is the postproject audit, often contractually required by the customer as well as a common ingre­dient in the Final Project Report.

While audits can be performed at any level of depth, three levels are common. The first is the general audit, usually constrained by time and cost and limited to a brief inves­tigation of project essentials. The second is the detailed audit, often initiated if the general audit finds something that needs further investigation. The third is the technical audit, usually performed by a person or team with special technical skills.

Typical steps in a project audit are:

1. Familiarize the audit team with the requirements of the project, including its basis for selection and any special charges by upper management.
2. Audit the project on-site.
3. Write up the audit report in the required format (discussed in the next subsection).
4. Distribute the report.

Collection of the necessary data can be expedited by developing forms and proce­dures ahead of time to gather the required data, such as that inducted by Figure 8.1. To be effective, the audit team must have free access to all information relevant to the project. Most of the information will come from the project team’s records or from vari­ous departments such as accounting, human resources, and purchasing. Other valuable information will come from documents that predate the project such as the Request for Proposal (RFP), minutes of the project selection committee, and minutes of senior management committees that initiated the project.

Special attention needs to be given to the behavioral aspects of the audit. While the audit team must have free access to anyone with knowledge of the project, except the customer, the audit team’s primary source of information should be the project team— but project team members rarely trust auditors. Even if the auditor is a member of the project team, his or her motives will be distrusted and thus the information the auditor requires will be difficult to obtain. Worry about the outcome of the audit produces self­protective activity, which also distracts the project team from activity devoted to the project. Audits are always distracting and uncomfortable to those being audited, much like having a police car in one’s rear view mirror while trying to drive.

Trust-building is a slow and delicate process that can be easily stymied. The audit team needs to understand the politics of the project team, the interpersonal relationships of the team members, and must deal with this confidential knowledge respectfully. Regardless, the audit team will undoubtedly encounter political opposition during its work, either to rebuff the team’s investigation or to co-opt them. As much as possible, the audit team should attempt to remain neutral and not become involved. If information is given to the audit team in confidence, discreet attempts should be made to confirm such information through nonconfidential sources. If it cannot be so confirmed, it should not be used. The audit team must beware of becoming a conduit for unverifiable sources of criticism of the project. As in all matters pertaining to projects, the project team and audit team must be honest.

There are other rules the audit team should follow as well. First, project personnel should always be made aware of the in-progress audit. Care must be taken to avoid mis­understandings between the audit team members and project personnel. Critical com­ments should always be avoided. This is especially true of on-the-spot, offhand opinions and remarks. No judgmental comment should be made in any circumstance that does not represent the consensus opinion of the audit team, and even consensus judgments should be avoided except in official hearings or reports.

2. The Audit Report

If the audit is to be taken seriously, all the information must be credibly presented. The data should be carefully checked, and all calculations verified. Deciding what to include and what to exclude is also important. The audit report should be written with a “constructive” tone or project morale may suffer to the point of endangering the project. Bear in mind, however, that constructive criticism never feels that constructive to the criticizee. An example audit report is shown in Figure 8.2.

The report information should be arranged so as to facilitate the comparison between planned and actual results. Significant deviations should be highlighted and explained in a set of footnotes or comments. This eases the reader’s work and tends to keep questions focused on important issues rather than trivia. Negative comments about individuals or groups associated with the project should be avoided. The report should be written in a clear, professional, unemotional style and its content restricted to information and issues relevant to the project.

At a minimum, the following information should be contained in the report.

1. Introduction:A brief description of the project that includes the project’s direct goals and objectives.
2. Current status:This compares the work actually completed to the project plan along several measures of performance. The actual directcharges made to the pro­ject should be compared to the planned budget. If totalcosts must be reported, including allocated overhead charges, total costs should be presented in addition to the direct charges, not in place of them. The completed portions of the project, especially planned events and milestones, should be clearly noted. The percent completion of unfinished tasks should also be noted if estimates are available. A comparison of work completed with resources expended should be offered—for example, using MSP earned value reports. The need here is for information that can help pinpoint specific problems. Based on this information, projections can be made concerning the timing and amounts of remaining expenditures required for success. Finally, if there are detailed quality specifications for the project, a full review of quality control procedures and the results of quality tests conducted to date must be reported.
3. Future project status:The auditor’s conclusions regarding project progress and recom­mendations for changes in technical approach, schedule, or budget should be made in this section. It is not appropriate, however, to try to rewrite the project proposal. The audit report should consider only work that has already been completed or is well under way; no assumptions should be made about technical problems under investiga­tion at the time of the audit.
4. Critical management issues:Any issues that the auditor feels senior management should monitor should be identified here. The relationship between these issues and the project objectives should be briefly described.
5. Risk analysis and risk management:This section addresses the potential for project fail­ure or monetary loss. The major risks associated with the project and their projected impact on project schedule/cost/performance should be identified. If alternative courses of action exist that may significantly change future risks, they should be noted at this point.
6. Final comments: This section contains caveats, assumptions, limitations, and information applicable to other projects. Any assumptions or limitations that affect the data, accuracy, or validity of the audit report should be noted here. In addition, lessons learned from this audit that may apply to other projects in the organization should also be reported.

Source: Meredith Jack R., Mantel Jr. Samuel J., Shafer Scott M., Sutton Margaret M. (2017), Project Management in Practice, John Wiley & Sons, Inc. 3th Edition.