Embed Size (px)
DESCRIPTION
Presentation by Roy Millard at the APM PMO SIG conference, Assurance and its relationship with the PMO on 5th March 2014
Citation preview
Integrated Assurance andthe role of the PMO
Presentation by
Roy Millard,Senior Audit Manager, Transport for London, and
Chairman of APM Specific Interest Group on Assurance
for
Assurance and its relationship with the PMO conference,
5th March 2014
A little bit of background...
18 Oct 06 2
AuditCommittee
AssuranceSpecific Interest Group
18 Oct 06 3
“I need assurance because....
...I need to know that everything is under control”.
...I need to know whether what I am being told is correct”.
...I need to be confident that I am going to get what I want”.
...I need to know whether the project is going to finish on time and within budget”.
...I need to know if things are going horribly wrong and whether I should can the project!”.
But what exactly is assurance?
• assurance n. Emphatic declaration, guarantee; self-confidence, assertiveness; insurance esp. of life; certainty. (Source: The Pocket Oxford Dictionary.)
• assurancenoun1. the act of assuring 2. the state of being assured; sureness; confidence; certainty 3. something said or done to inspire confidence, as a promise, positive
statement, etc.; guarantee(Source: www.yourdictionary.com)
• P3 assurance The process of providing confidence to stakeholders that projects, programmes and portfolios will achieve their scope, time, cost and quality objectives, and realise their benefits.
(Source: APM)
18 Oct 06 4
18 Oct 06 5
Internal Audit
External Audit
Quality Assurance
Health & Safety
OGC GatewayTM
Independent
Engineer reviews
PMO/PMCoE
Control Self
Assurance
NAO
Policies
Standards
Processes
Systems
Project Audits
Contract Audits
Peer Reviews
18 Oct 06 618 Oct 06 6
Internal Audit
External Audit
Quality Assurance
Health & Safety
OGC GatewayTM
Independent
Engineer reviews
PMO/PMCoE
Control Self
Assurance
NAO
Policies
Standards
Processes
Systems
Project Audits
Contract Audits
Peer Reviews
Audit Committee
s
Sponsors
MDs & Directors
Project Boards / SROs
Programme Boards
Governing Bodies
Shareholders
Investors Public & media
Aargh!
18 Oct 06 7
Project assurance scope
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
18 Oct 06 8
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
Project assurance scopePMO
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
18 Oct 06 9
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
Project assurance scope
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
PMO Internal Audit
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
18 Oct 06 10
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
Project assurance scope
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
PMO
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
Internal Audit PMO & Internal Audit
Approval &Initiation
Requirements CaptureScope
Definition
ClosureManagement
Organisation & Governance
Planning
Procurement and
Letting of contracts
Progress monitoring and control
Risk management
QualityManagement
Configuration management
Change Control
E&IManagement
Stakeholder management
Benefits management
Filing and records
management
DDACompliance
Financial Control
Fraud riskSecurity/counter
terrorism risk
HS&EManagement
DPA/FOIEngineering
Risk
IIPAG
Integrated Assurance Framework (or Strategy)
• Content:– Purpose and Overview
– Background
– Scope of the Framework
– Principles and Standards
– Protocols and Behaviours
– Roles and Responsibilities
– Derivation
– Assurance Plan Structure
– Framework and Plan Approval and maintenance
– References
– Appendix – Statutory and Regulatory Requirements
18 Oct 06 11
• Content:– Purpose and Overview
– Background
– Scope of the Framework
– Principles and Standards
– Protocols and Behaviours
– Roles and Responsibilities
– Derivation
– Assurance Plan Structure
– Framework and Plan Approval and maintenance
– References
– Appendix – Statutory and Regulatory Requirements
Integrated Assurance Framework (or Strategy)
• Principles and Standards– Proportionality
– Risk based planning
– Independence
– Competence
– Engagement planning
– Documentation of evidence
– Reporting
– Action
– Follow up
– Spreading good practice
– Quality control
18 Oct 06 12
18 Oct 06 13
10 criteria:
•Client & scope
•Risks & opportunities
•Planning and scheduling
•Organisational capability and culture
•Supply Chain
•Solution
•Finance
•Social responsibility and sustainability
•Performance
•Governance
ORGANISATION’S RISKS
First Line ofDefence
Outcome:Control of risks
ORGANISATION’S RISKS
CONTROLS
Application of a Management System, comprising policies,
procedures, processes, standards, etc.
AS
SU
RA
NC
E
Management
Second Line ofDefence
Outcome:Confirmation of control of risks (Verification)
First Line ofDefence
Outcome:Control of risks
ORGANISATION’S RISKS
CONTROLS
Application of a Management System, comprising policies,
procedures, processes, standards, etc.
COMPLIANCE
Management assurance, comprising monitoring, checks and
audits by Risk Management, Quality
Assurance, PMOs, etc.
AS
SU
RA
NC
E
AS
SU
RA
NC
E
Management Management
Second Line ofDefence
Outcome:Confirmation of control of risks (Verification)
First Line ofDefence
Outcome:Control of risks
Third Line ofDefence
Outcome:Strategic overview of system of control
ORGANISATION’S RISKS
CONTROLS
Application of a Management System, comprising policies,
procedures, processes, standards, etc.
COMPLIANCE
Management assurance, comprising monitoring, checks and
audits by Risk Management, Quality
Assurance, PMOs, etc.
INDEPENDENT REVIEW
Assurance through independent reviews by Internal Audit, External
Audit (e.g. NAO), independent peers, or
external scrutiny.
AS
SU
RA
NC
E
AS
SU
RA
NC
E
AS
SU
RA
NC
E
Management Management
Board & external stakeholders
18 Oct 06 14
Three Lines of Defence Model for Assurance
18 Oct 06 15
Assurance maps
Assurance SIG
18 Oct 06 16
• There are four work streams currently under way:
– Integrated assurance• Developing an approach to collaborative working between
assurance providers
– Project Auditing• Sharing approaches and experiences in project auditing, and
developing best practice guidance
– Measures for Assuring Projects• Investigating and developing guidance on measures that can
be used to gain assurance
– Assurance of Agile projects• Development of guidance to applying assurance principles in
fast-moving Agile environments
