Hello and welcome to another Parallel Project Training podcast. My name is Ruth Phillips, and I’m here with Paul Naybour. Today, we are going to discuss assurance, linked to the APM PMQ syllabus for exams starting in September 2024. So, Paul, welcome to the podcast.
Hello. How are you doing?
I’m good. I’m interested to talk to you about assurance. It’s an interesting topic and perhaps one that a lot of people feel they’re not too comfortable with. It’s more of a hidden art.
A hidden art, yes. Looking at the APM PMQ syllabus, we have just one learning outcome on assurance: knowing the purpose of assurance within a project, including awareness of scope, priorities, and strategic aims of assurance activities. So maybe let’s go back to basics and first of all, explain what assurance within a project actually is.
I think they explain it in the learning objective: understanding assurance as the ability to provide confidence to the governance board that the project is on track to deliver the objectives.
Right. So it’s about the ability to provide confidence. It’s not providing confidence itself, but ensuring that the information used in the governance process is correct, accurate, valid, and properly done.
Yes. When the governance board makes decisions, they need to know that the information they’re using is a true, fair, and accurate reflection of the project.
Absolutely. That’s where confidence is derived from. If they know the information is true, fair, and accurate, they can make informed decisions based on that accuracy. Assurance supports effective governance by underpinning governance processes.
So how can you convince me, as a board member, that all the information you’re presenting is accurate, true, and fair, and that you’re following best practices in risk management and change control, and that your stakeholder management is working well?
It’s closely linked to quality assurance.
Yes, quality assurance is about the quality of the end product delivered to the customer and the way it’s delivered. Assurance, on the other hand, provides internal confidence within the governing board that the project is managed properly. It’s similar but focuses more on internal processes.
Exactly. So, what is the scope of assurance activities on a project?
If you were doing an assurance review, you’d define the scope of the audit. Are we looking at project controls information, risk management information, or contractors and suppliers? In earned value management, for example, they have an assurance compliance review, defining what is to be assured.
Yes, and the priorities involve what is important to the board. Are they focused on money, risk, or something else? The strategic aims depend on the organisation’s culture. For example, in social care, data protection is crucial, while in a tech company like Microsoft, innovation may take precedence.
Absolutely. The strategic aims influence the assurance activities. This also links to the organisation’s risk appetite. The APM study guide shows a Venn diagram on page 34, illustrating the overlap between governance, assurance, and management. Governance involves decision-making, assurance ensures decision data is accurate, and risk analysis must be robust and rigorous.
So, what are the assurance activities? APM mentions three levels of assurance, or as you call them, three levels of defence.
Yes, the three levels of defence protect against poor quality information in the governance system. The first level is the controls level, which ensures processes and procedures, like change control, are in place and followed. The second level involves internal monitoring and checking by the PMO, ensuring processes are effective. The third level is independent external audits, providing an unbiased review of project control systems.
The first level is day-to-day control, ensuring procedures are followed. The second level, often done by the PMO, involves internal reviews to confirm the processes are working. The third level involves external audits for an independent perspective.
Exactly. Risk-based assurance is also common, focusing on areas with higher risks, such as cost or data protection in specific projects.
How do we plan these assurance activities into the project lifecycle?
Good practice includes routine controls at the first level, part of daily project delivery. The second level involves monthly monitoring and checking, often linked to decision gates. The third level involves annual external audits, planned based on a risk assessment and agreed with the audit committee.
Yes, organisations might have an audit plan, focusing more on high-risk areas like major transformation projects. This ensures assurance activities are systematic and risk-based.
In summary, we’ve covered the purpose of assurance, the scope of assurance activities, priorities, strategic aims, and the integration of assurance, risk, and governance. Planning assurance activities into the project lifecycle is crucial.
This topic can be tricky, so practising exam questions on assurance is recommended.
Brilliant. Thanks so much, Paul.
Thanks. Bye.