Does this sentence indicate that you’ve become crazy or masochist?
Are you trying like many project managers to avoid audits like the plague?
Do you consider that an audit is at best a waste of time and at worse a weapon in the hands of psychopaths in search of victims, in this particular instance, you and your project?
I shared some of these « a priori » but it is not a fate. Audits are both useful and necessary. They can be very productive, generate benefits and create real advantages for your project as well as yourself.
MPM Partenaire de DantotsuPM
1. I suggest starting with the beginning: Who sponsored the audit? Why? Who are the auditors? What is the precise object of the audit?
I discovered by experience that answering the latest, i.e. the precise scope of the audit, often allowed me to find the answers to the previous questions. Indeed, when the object of the audit is shared and understood, it often sheds light on several target domains of investigation and detailed review.
The audit can focus on the project management practices, the control of the expenditures, the quality of the deliverables, security aspects, progress tracking and management, project plan details or varied combinations of these and other topics not listed here. A little bit of thinking and discussion with the auditors should make the deep reasons surface and help to identify the requester.
Additionally, the type of auditors you get, internal or external, generalists or specialized consulting firms, expert auditors of the PM processes or technicians, tells a lot about the purpose and the importance granted to the audit.
For example, during a project for the integration and deployment of Enterprise Resource Planning software (ERP), we were internally audited. Once established that the focus was essentially to make sure that we controlled adequately the expenditures and were efficient at managing the risks, it was easy for the team to supply the evidences of what we were doing in these domains. We showed our processes to control the costs, our methods to follow-up on personnel assignments, the log of open questions and our risks register. The chief financial officer, who had asked for the audit, was reassured by the conclusions and few recommendations of the auditors on which of course we took prompt actions.
Besides, the auditors helped us to go farther in our management of the risks by facilitating the set-up of a brainstorming session on risks with the entire executive committee of the project (which we had requested without success in the past).
Partenaire de DantotsuPM
2. The next hint is to understand the process the auditors are planning to follow.
It is indeed important to understand their approach to better prepare the team for this event which they are likely to perceive as invasive, stressful and negative.
Generally, the first steps in any audit consists in conversations with keys members of the team as well as the executive committee of project. This can be preceded and/or followed by demands for diverse project documents for analysis. The following phase is composed of additional sessions and analysis to dive more deeply into specific domains and details, in particular looking at « how » processes or tasks are conducted.
A counter example of a not so useful audit taken from my personal experience took place on an IT project where we had met tough problems during software deployment. As a junior project manager, I had neither the experience nor the charisma to « manage » the auditor (an external one in this instance). He arrived and ran his show with no explanations of his purpose and the process he wanted to follow (if he had one) to anyone. Furthermore, from the beginning, he sent numerous negative messages about the project’s results. The team, disorientated by this lack of an understandable structure and no visibility on what was happening, quickly became worried and a little bit defensive. The team members supplied all project documents requested, but in an unstructured way, without any articulation of the many components. The storyboard was missing to position these raw materials in their context.
The audit took a lot of time and was very stressful for all. In the end, the audit did not succeed to help the project get over this difficult period. In that specific instance, an audit, which could bring value, only managed to kill a project which certainly had some weaknesses but these could have been corrected. I still (15 years later) keep a very bitter taste of this certainly useful experience but by far too painful for the team and the company.
Partenaire de DantotsuPM
3. Third suggestion: find your place in the thinking and reporting processes.
You should take into account the fact as the auditors will certainly provide interim reports at regular checkpoints with the management and the requesters. During these sessions, they will share the progress, to expose their discoveries and « astonishments ». Often, this is useful for them to validate/test the waters on their initial ideas (to observe the potential sponsors’ reactions) and, later, they will present their recommendations (intermediate and final).
A few years ago, I was asked to lead the internal audit for the deployment of a set of IT applications. Since I had been several times on the other side of the audit, I tried to pay specific attention to explain the objectives, the milestones and the approach of the audit (the first and second hints mentioned in this article). We discussed with the project sponsor and the project manager the proposed perimeter and who would do what. We shared our observations as we went along with the team to avoid bad surprises (the third suggestion above). We gave them the opportunity to comment on our observations: which they did and we considered these (not necessarily accepted them). We shared our recommendations with the project team before doing it with the management which they greatly appreciated. We also helped to define and set up action plans to address the identified points of weakness. We have also, after the audit, provided a follow-up on the execution of these action plans. I am sure that it was much more beneficial to the company than a simple audit report.
Regardless of the scenario, the key point for the project manager is to support actively the auditors during their investigations. Supply them with all the required information in total transparency and ask members of our project team to do the same. Make time for them in your overloaded agenda. Be open, positive and value-add partners. This way, you can hope to gain the privilege to be involved in the preparation of documents and reporting sessions towards management. It can be limited to validating the correctness of the facts and details and this alone is already very useful. It could be to understand what they are going to shed a light on and also discuss some of their intermediate recommendations to start to prepare action plans.
4. Fourthly: be clear on your expectations.
In my PM role, if the auditors ask me for my expectations of the audit, I make 2 major points:
a) Fairness towards the members of the team.
b) Quality of the recommendations to improve the project
5. Last stage: the end of the audit
The following stage is the completion of the audit and the production of the recommendations. Inevitably, there are some items you will agree with and can easily understand. Others will be more difficult to accept.
Image courtesy of PinkBlue / FreeDigitalPhotos.net
In any case, it is absolutely critical to remain positive and open. Switching to defensive mode would not help at all. Furthermore, keep in mind that the recommendations of the consultants and auditors are one thing, the selection of which recommendations on which to act upon is another matter (that is more important to you and your project). This selection/decision will be performed by the management or the project executive committee. As soon as you understand which corrective and improvement actions are retained, share these with the project team in a positive manner. It is quite often that the full report of the auditors will not be disclosed. Only the key (retained) points will be shared, those engaging the team on productive actions.
In conclusion: Ask for help before somebody above you decides that you need to be helped.
If your project is not yet the object of an audit, consider which domains could be improved by an external advice and seek an audit on these. Ask for help before somebody above you decides that you need to be helped. On many projects, you will see that the auditors will greatly help you improve some aspects like controlling the scope, increasing the rigor in change management or better engaging your sponsors and key stakeholders in risk management. The auditors look at your project with an external eye and are thus far more objective than you can ever be. Furthermore, they carry a legitimacy which can help you to communicate tough messages to your project executive committee, in particular when some things to be rectified are in their areas of responsibility. It could be a lack of involvement of some parts of the organization in the project or their own contribution and attitude to control of the scope and the risks.