Auditing company projects refers to the process of examining and evaluating the planning, implementation, and management of projects within an organization. This type of audit aims to assess the effectiveness and efficiency of project management processes and identify any areas for improvement. The goal of auditing company projects is to help the organization deliver projects successfully, on time, and within budget while meeting the needs of stakeholders.
High-Level Goals of a Project Audit
- Ensure that all appropriate stakeholders are involved in the development of requirements and testing of the system and that frequent and effective communication occurs with all stakeholders. Failure to gather customer requirements and to obtain ongoing customer involvement and buy-in lead to software, systems, and processes being developed or procured that do not align with business needs.
- Ensure that project issues, budgets, milestones, and so on, are recorded, baselined, and tracked. Without these mechanisms, projects are more likely to go over budget and over schedule with unresolved issues.
- Ensure that effective testing encompasses all system requirements. Inadequate testing leads to unstable, low-quality systems that fail to meet customer requirements.
- Ensure that appropriate documentation is developed and maintained. Incomplete or out-of-date technical and user documentation could increase cost and cycle time to maintain the software, increase support and training costs, and limit the system’s usefulness to the customer.
- Ensure that adequate training is provided to end users upon implementation. Inadequate training leads to systems, processes, and software that go unused or that are used improperly.
Seven Major Parts of a Project Audit
- Overall project management Mechanisms that should be used throughout the project, such as issue tracking, project documentation, and change management.
- Project startup, requirements gathering, and initial design Cover the birth of a project: where the need for the project is established, requirements are gathered, and the initial design and feasibility studies are performed.
- Detailed design and system development Cover the “meat” of the project: where the code is written, the product is procured or implemented, the processes are developed, and so on.
- Testing The system, software, or process is tested to ensure that it meets requirements.
- Implementation The system, software, or process is implemented or installed into a production environment.
- Training Covers the activities for training end users on using the system, software, or process that has been developed and implemented.
- Project wrap-up Covers post-implementation activities.
Checklist for Auditing Overall Project Management
- Ensure that sufficient project documentation and software development process documentation (if applicable) have been created. Ensure that the company’s project methodology standards are being followed.
- Review procedures for ensuring that project documentation is kept up-to-date.
- Evaluate security and change-management processes for critical project documentation.
- Evaluate procedures for backing up critical project software and documentation. Ensure that backups are stored offsite and that documented procedures exist for recovery.
- Ensure that an effective process exists for capturing project issues, escalating those issues as appropriate, and tracking them to resolution.
- Ensure that an effective process exists for capturing project change requests, prioritizing them, and dispositioning them.
- Verify that a project schedule has been created and that it contains sufficient detail based on the size of the project. Ensure that a process is in place for monitoring progress and reporting significant delays.
- Ensure that a method is in place for tracking project costs and reporting overruns. Ensure that all project costs, including labor, are considered and tracked.
- Evaluate the project leadership structure to ensure that both the business and IT are represented adequately.
Checklist for Auditing Project Startup
- Ensure that appropriate project approval processes were followed prior to project initiation.
- Ensure that a technical feasibility analysis has been performed along with, if applicable, a feasibility analysis by the company’s legal department.
- Review and evaluate the requirements document. Determine whether and how customer requirements for the project are obtained and documented before development takes place. Ensure that the customers sign off on the requirements and that the requirements encompass standard IT elements.
- Evaluate the process for ensuring that all affected groups who will be helping to support the system, software, or process are involved in the project and will be part of the sign-off process, indicating their readiness to support it.
- Review the process for establishing the priority of requirements.
- Determine whether the system requirements and preliminary design ensure that appropriate internal control and security elements will be designed into the system, process, or software.
- If the project involves the purchase of software, technology, or other external services, review and evaluate the vendor selection process and related contracts.
Checklist for Auditing Detailed Design and System Development
- Ensure that all requirements can be mapped to a design element.
- Verify that the key stakeholders have signed off on the detailed design document or “use case” catalog.
- Review processes for ensuring ongoing customer involvement with the prioritization of tasks on the project.
- Look for evidence of peer reviews in design and development.
- Verify that appropriate internal controls and security have been designed into the system.
Checklist for Auditing Testing
- Verify that design and testing are occurring in a development/test environment and not in a production environment.
- Review and evaluate the testing process. Ensure that the project has an adequate test plan and that it follows this test plan.
- Ensure that all requirements can be mapped to a test case.
- Ensure that users are involved in testing and agree that the system meets requirements. This should include IT personnel who will be supporting the system and IT personnel who were involved in performing initial technical feasibility studies for the project.
- Consider participating in user acceptance testing and validating that system security and internal controls are functioning as intended.
Checklist for Auditing Implementation
- Ensure that an effective process exists for recording, tracking, escalating, and resolving problems that arise after implementation.
- Review and evaluate the project’s conversion plan. Ensure that the project has an adequate conversion plan and follows this plan.
- Review plans for converting the support of the new system or software from the project team to an operational support team.
- Ensure that sufficient documentation has been created for use of the system or process being developed and for maintenance of the system or software. Evaluate processes for keeping the documentation up-to-date. Evaluate change controls and security over that documentation.
Checklist for Auditing Training
- Review plans for ensuring that all affected users are trained in the use of the new system, software, or process.
- Ensure that processes are in place for keeping training materials up-to-date. Evaluate change controls and security over the training materials.
Conclusion:
In summary, the conclusion of an audit of company projects should provide a clear, concise, and actionable assessment of the projects, and provide guidance for improvement where necessary.