Locked lesson.

Upgrade

About this lesson

Project compliance with all appropriate standards, regulations, policies, and requirements documents is the responsibility of the project team. However, typically an independent review of compliance, in the form of a project audit, is done to confirm compliance.

Exercise files

Download this lesson’s related exercise files.

Confirm Compliance Exercise.docx
62.8 KB Confirm Compliance Exercise Solution.docx
61.8 KB

Quick reference

Confirm Project Compliance

Project compliance with all appropriate standards, regulations, policies, and requirements documents is the responsibility of the project team.  However, typically an independent review of compliance, in the form of a project audit, is done to confirm compliance.

When to use

Project audits are normally done at the end of a project.  In some cases, the audit is done at the end of each phase.  In some cases, the audit is a contractually required event and the timing is specified in the contract.  In some cases, a formal audit is not performed, but an informal assessment is conducted at technical and management reviews. 

Instructions

The Project Management Office (PMO) normally does the project audit.  The PMO is the expert on the project management methodology so they are in an excellent position to confirm if the methodology has been followed. In addition, the PMO is normally involved in project reviews so they are aware of project goals, constraints, issues, and performance.  The PMO is independent of the project team, at least the PMO auditors should be independent, so there is not an ownership bias. Also, since the PMO is responsible for training and coaching project teams, they can quickly implement any corrective actions due to audit findings.

A project audit is a formal review by an independent review team to determine if the project has appropriately followed the applicable project management standards.  These standards include government and industry standards, customer and user standards, and internal policies and procedures that are applicable to the project.   The audit will result in a list of findings.  In this regard, it is similar to a technical review.  The difference is that the technical review is focused on the performance of the project results and the project audit is focused on compliance with applicable standards.  When there is no formal project audit, compliance to standards is often embedded within technical reviews or management reviews.  When the project is being performed under contract for a customer, the timing and focus of the audit may be specified in the contract.

The results of the audit are a list of finding that are normally categorized into major findings and minor findings. Depending upon the nature of the finding, the responsible group within the organization will need to develop and implement corrective action.

  • Major Findings: a significant non-compliance issue with project management systems
    • System defect – normally requires a system/procedure change to be implemented by the PMO, other departments, or senior management.  In this case, the project team used the existing system, but the system created a non-compliant condition.
    • Project Management Decision – requires corrective action at the team level. In this one or more members of the project team intentionally chose to be non-compliant, this often requires disciplinary action and may result in the termination of the project team member.
    • Project Management Ignorance – Requires corrective action at the level where the ignorance is occurring. In this case, a member of the project team or someone in another department, created non-compliance because they did not understand the implication of their actions or decisions.  It is a failure over the culture and systems of the organization that is normally addressed through training or additional oversight.
  • Minor Findings: an ineffective implementation of the project management system
    • This is normally the result of someone trying to do the right thing, but doing it poorly.  The problem should be corrected on the project.  In addition, coaching or training is normally needed to improve the skills of the individuals involved.
  • Observations: there is no non-compliance, but the audit team noted an aspect of project management performance that requires management attention

Hints & tips

  • If your organization does not have a PMO, then the project team should seek out someone in the organization to do an independent check for compliance.  This does not need to be a formal review unless required by contract.
  • Organizations with strong project management culture and systems in place may not need an independent audit because the systems will automatically ensure that compliance is occurring.  The systems prevent any non-compliance or immediately identify it to senior management.
  • Findings on an audit are not an indication of project success or failure.  The compliance audit does not consider whether the goal was achieved, rather it is looking at the process that was followed.    
Login to download
  • 00:04 Hi, I'm Ray Sheen.
  • 00:05 Many organizations use project audits to confirm compliance.
  • 00:09 Let's take a look at this best practice.
  • 00:11 >> In the previous discussions about compliance,
  • 00:14 I focused on the work of the project team.
  • 00:17 We'll switch gears for
  • 00:18 a few minutes and look at having an independent check of compliance.
  • 00:22 In my experience, the PMO is normally the organization that does independent
  • 00:25 compliance checks and audits.
  • 00:27 The PMO is the group in the organization that develops and
  • 00:30 maintains a project management methodology in use.
  • 00:34 Also, they normally are involved in all the major project reviews, so they are in
  • 00:38 a position to both know what should be done and to observe what is being done.
  • 00:43 In some cases they provide formal audits, but more commonly they provide informal
  • 00:48 feedback to the project team, this independent review is often needed.
  • 00:53 It's interesting that different projects take on their own project culture.
  • 00:57 Some project teams are very transparent and hold each other accountable.
  • 01:01 However, that takes trust, and developing trust takes time.
  • 01:04 It's more common to see teams that are turf conscious, with that comes some
  • 01:09 resistance to transparency and that can lead to compliance issues.
  • 01:13 Again, the PMO has the ability and authority to transcend this and
  • 01:17 check on compliance requirements.
  • 01:19 An additional value from the PMO and the compliance arena is that they often
  • 01:23 provide the project management training within the organization.
  • 01:27 Through this training they can provide coaching and guidance for
  • 01:30 teams that are struggling with compliance.
  • 01:33 Well I've mentioned the idea of project audits,
  • 01:35 let's look a bit deeper into this subject.
  • 01:38 An audit is a review by an independent auditor or
  • 01:41 audit team to determine if a set of activities were done in accordance with
  • 01:45 a standard regulation or policy.
  • 01:48 So for project audits it's a review of the project work to determine if it was done
  • 01:52 in accordance with the standards, regulations, and
  • 01:55 policies that apply to that project.
  • 01:57 In practice it's similar to a technical review on the project but
  • 02:01 with an emphasis on compliance with standards, not on technical performance.
  • 02:05 So all the appropriate documents and
  • 02:07 activities are reviewed to ensure they were done correctly,
  • 02:11 regardless of the result that occurred when the work was completed.
  • 02:14 Within the project management context many of the aspects of project planning and
  • 02:19 reporting can be audited remotely or automated since it's
  • 02:22 comparing the data in the project artifacts against the standard.
  • 02:26 For some projects, especially those funded by government money or those done
  • 02:30 under contract with a major customer, the audit is a contractual requirement.
  • 02:34 When the audit is finished the auditing agency issues an audit report with any
  • 02:39 findings.
  • 02:40 Findings are discrepancies or issues that were uncovered in the audit.
  • 02:44 Normally the findings are classified as major or minor findings.
  • 02:49 As a general rule, a major finding is when a system or
  • 02:52 process is unable to perform the required action,
  • 02:55 when there is a willful disregard for the standards and regulations.
  • 03:00 Or when the project violates a project boundary without the appropriate review
  • 03:04 and approval.
  • 03:05 Minor violations are typically a case where a processor system is not
  • 03:09 working well or where project team members incorrectly apply that system.
  • 03:15 So what happens when an audit has a finding or a non-compliance?
  • 03:19 If it is a major finding about the project management system or
  • 03:23 methodology, the PMO and senior management need to address that.
  • 03:26 This is not a finding against the project team, it's against the business.
  • 03:31 So don't blame the teams if they follow the methodology and
  • 03:34 the methodology led the project team to a major finding.
  • 03:37 Yes the specific issue needs to be corrected on the project, but
  • 03:40 the resolution is a systemic issue, not a project one.
  • 03:45 Then there is the major finding that is based upon a decision or
  • 03:48 action by the project team, including the project leader.
  • 03:51 This is a failure of judgment or possibly even a willful violation of standards,
  • 03:55 regulations, and policies.
  • 03:58 In this case, the individuals involved need to be dealt with.
  • 04:01 If it is an integrity issue, I recommend terminating them from the company.
  • 04:05 If it's bad judgment issue, their authority on the project should be
  • 04:09 reduced and they should receive coaching or training in this problem area.
  • 04:13 In some cases the major finding is a project decision or
  • 04:16 action that was made in ignorance or just a misunderstanding.
  • 04:20 This could be a poor decision by the PMO, senior management, or the project team,
  • 04:24 and of course the issue on the project must be corrected.
  • 04:28 But the next step is likely to be training, coaching, or some other way
  • 04:32 of using the audit finding to develop business acumen within the organization,
  • 04:36 it often includes setting up a system level check for the issue.
  • 04:41 Minor findings are typically caused by mistakes made by someone on the project,
  • 04:45 these are addressed through training or coaching.
  • 04:48 In many cases the error is quickly fixed by the individual who made the mistake,
  • 04:52 and through the corrective action the training and coaching is provided.
  • 04:57 >> Project audits are becoming more commonplace.
  • 05:00 The audit report builds confidence in the project results and
  • 05:04 clarifies gaps and what needs to be improved.

Lesson notes are only available for subscribers.

PMI, PMP, CAPM and PMBOK are registered marks of the Project Management Institute, Inc.

Gift this course