Assuring who about what, how?
There are many types of assurance in the market, offered by many providers, covering many facets of delivery. Why do we need so much external assurance, have we got our priorities wrong?
What is assurance?
When we formed the Assurance Special Interest Group a few years ago I ran a series of talks entitled, What is Assurance?, as it was evident that it was one of those things that can be all things to all people. Most people had there own working model of what it was and how you did it, but we discovered that our maps of the world were somewhat different, based on our own experiences and viewpoints. Lets go with the common denominator from the Concise Oxford Dictionary: Declaration that a thing is true. Having worked in Assurance with the Big 4, I know that Assurance activities can become quite mechanical and process driven, and in the worst case become an industry in its own right. So lets go back to basics and decompose what it is we are actually trying to do.
What do you need assuring about ?
Our colleagues from Internal Audit, usually part of the Finance function, had a focus on cost, or at least value for money. (These includes organisations like the National Audit Office). Those coming from a quality background, including software testing, had a focus on performance. Those on the third side of the iron triangle, having a focus on time to complete, mainly came from the PMO or externals carrying out Health checks. But workshops on the topic revealed that there were many other factors that stakeholders sometimes require assurance of. When I worked in the nuclear industry, a lot of assurance activity was about safety. In local government there is a lot of focus on governance and scrutiny of process. What is the key driver in your organisation?
Integrating assurance
We ran another series of talks called Assured to death. Given all the different things that we could want assurance about, and different clients, let alone different methods, PMs can feel that they are just being bounced from one assurance meeting to another. Surely it would make sense to take our own medicine and integrate activities into a coherent programme? When we ran a one day event on Integrated Assurance, however, four speakers each told us about their integrated assurance at Sellafield, yet they were all oblivious to the fact that the others were carrying out assurance! I am glad to say that progress has been made since then, with an initiative on the topic being led by the NAO and supported by a work-stream in the Assurance SIG.
Types of assurance
Quality assurance provides a good model for assurance in general. We used to check quality by inspecting the finished goods and looking for defects. This approach still seems to be prevalent in the software sector. The quality movement progressed to looking at process, and internal audit could be said to follow this approach. In the nuclear industry we moved away from over-reliance on procedure and process controls to the concept of using Suitably Qualified and Experienced People (SQEP) and ongoing continuous professional development. In other words, we tested the competence of the personal rather than looking at the products they produced. Would this be a better approach for projects?
Who needs assuring?
Now we are coming to the crux of the matter. With all this going on, you might think that there are a lot of people out there who are not very sure and need a lot of assurance. Who are these people? Every project has a lot of stakeholders in addition to the client / SRO. For some types of project such as PPPs and JVs, this number can be very large. Have you mapped them out for your project? And what are you doing about it in terms of stakeholder engagement?
How can I assure you?
People have different expectations of the role of project manager, from gopher or technical team lead to an executive running a transient organisation. It is the role, however, that most influences whether the client feels assured, or not. Lets look at a related definition from the Concise Oxford Dictionary: Assure Ensure the happening of, and Tell (person) confidently (that it is so). So for a change, next time you want to carry out assurance, maybe start out by working out who is a significant stakeholder, ensuring that the thing that they are concerned about is actually happening, and then telling them confidently that it is so. (Be sure to match their style and language). Have you done that lately, or is the PMO just kicking out template reports?
2 comments
Log in to post a comment, or create an account if you don't have one already.
Peter - your sentance near the end resonated so well for me: "start out by working out who is a significant stakeholder, ensuring that the thing that they are concerned about is actually happening, and then telling them confidently that it is so". Spookily, we had this discussion with a client only last week who was concerned that if a key member of the programme delivery team left, then what could we do to help them feel comfortable that the programme would continue to deliver the planned benefits. The question which springs to mind is: who is capable of doing the assuring and how will they go about it? These questions must be answered if the client is to "rest assured".
A focus on assurance by senior management is driven by one factor, a lack of pragmatic trust. When sought is it a clear indication of poor governance (ie, the executives do not know what is happening and feel they have no ability to proactively influence events to the benefit of the organisation, its people and the wider community).The top down view requires the organisations executive to invest in the appropriate skills development, people and system to properly support their selected projects and importantly, for the executives to take full responsibility of the delivery of value to the organisations stakeholders. The cop-out is to employ someone to see if things are OK and write a re-assuring report that can be used to protect senior management from their failures. However, the Australian Federal court judgement in the Centro case has found relying on reports is not an adequate defence, see: http://www.theaustralian.com.au/business/opinion/all-directors-should-study-the-centro-judgment/story-e6frg9lx-1226083061384Pragmatic trust means the executive know that they have the right people supported by appropriate systems to create value and that they can be relied on to perform effectively. As with quality, good governance is designed into an organisation, not inspected in at the end. You cannot remove checking entirely but its role is to validate the systems, not replace the need for well designed systems.Project managers can do much to help themselves though; the art of advising upwards effectively is more subtle than the rather simple example of simply speaking confidently (although this is important). The art of effectively advising your managers so they understand how to help you help them make their business successful is the focus of a new book from Gower. Advising Upwards: A Framework for Understanding and Engaging Senior Management Stakeholders can be previewed at http://www.gowerpublishing.com/isbn/9780566092497