Integrated Assurance – a problem cracked?
In May 2014, we published the ‘Guide to Integrated Assurance'. At the time integrated assurance was a hot topic, with many organisations struggling to cope with ever increasing demands for assurance in and around its projects. “We’re being assured to death!” was a common cry.
It’s all gone quiet recently, though. There are still the perennial questions about assurance, such as what role Internal Audit should have in assuring projects, and when does a ‘review’ become an ‘audit’; and newer questions about how to effectively assure Agile projects [see our ‘Guide to Assurance of Agile delivery’ published last year]; but has the challenge of integrating assurance activities been cracked?
I think not.
What has changed, I think, is that organisations now recognise much better the need to actively manage their assurance environments, but from what I see, they have not made that much progress in doing so. Why? Because its difficult.
At this point, it may be useful to refresh our memories about what ‘integrated assurance’ is.
The BoK 6 definition is:
"The coordination of assurance activities where there are a number of assurance providers."
But there's actually a lot more to it than mere coordination. And even to achieve coordination requires common principles to be complied with.
Rather than fill this blog with details about what integrated assurance is, perhaps you'd like to watch a few videos that I recorded recently with The PM Channel, here.
I think it is time to get people talking about this again. I don’t mean just going over the same ground (avoiding conflicts, minimising distractions and inefficiencies, not getting a full picture, etc.). I mean that we need to be thinking about how we develop our previous thinking on the topic to address why it's so difficult to implement, and how can we extract even greater value from it.
I sense that some organisations have tinkered with their assurance arrangements a bit, partially applied the three-lines-of-defence model, and tried a bit of assurance mapping, and think that that’s about it. But are they really getting that much additional value from their assurance functions than they were? Are their assurance interventions really that much better? Is their Audit Committee now getting a truly integrated and comprehensive view of assurance outputs?
Of course, you can get some value out of any degree of integrating assurance, but to get real value needs a lot of thought and effort, and maybe even cultural and organisational changes. Is there sufficient appetite for that?
How can we help?
I think there needs to be a new imperative. A new dimension that makes people think: “Oh! I never thought integrated assurance could help us like that!”.
One possibility is the concept of ‘progressive assurance’, in which assurance is provided progressively through the life of a project. For progressive assurance to work well, there has to be a degree of assurance integration – and the more integration the better. I am finding a growing interest in progressive assurance.
Perhaps you have some other ideas?
The Assurance SIG is looking to restart its ‘Integrated Assurance’ workstream shortly. If you’d like to be involved in this, please let me know.
Roy Millard
Chair of APM Assurance SIG
3 comments
Log in to post a comment, or create an account if you don't have one already.
As a member of the Assurance SIG for several years I can commend the work on Assurance that was done and its value across diverse industries and types of projects. I can also recommend the complementary work on Measures for Assurance which is available as a download (see the link below of search on measures for assurance). I led the working groups that created it and recently presented on the subject at a recent Scotland Branch evening meeting. https://www.apm.org.uk/resources/find-a-resource/measures-for-assuring-projects-apm-toolkit/
This is a useful stimulus for a debate, thanks Roy. For larger programmes, it seems inevitabel to me that the value will be added by a progressive assurance - why wait till the end or till a crisis before getting assurance? The key, for me, is what are we assuring and who are we getting the assurance for? If we are clear about that it may be easier to see how the various assurance groups can align. So, for example, it may be assurance about technical adherance, or whether the right elements are in place that are likely to then lead to a succesful outcome. I guess this comes down to horses for courses.
Hello Roy. We met yesterday at the London Group event and I said I'd like to be more involved with the SIG as I think this is an important and interesting area within project management. I will download the various knowledge and guidance texts and if you could help me join a SIG meeting remotely that would help. kind regards Nick