Page 83 - Courses
P. 83

Auditing Project Management Practices

            Time — The project Gantt chart is finalized, and the project stays on track to be completed by the
            estimated delivery date.
            Budget — The project budget is approved, and the project is managed to stay within budget.



             TOPIC 3: PROJECT MANAGEMENT CONTROLS AND RISKS

            Project Controls

            Project controls are generally classified as either:

            Preventative — Designed to avoid resource constraints and cost or time overruns.

            Or

            Detective — Designed to discover project discrepancies regarding plan and budget.

            The selection, development, implementation, and monitoring of preventive and detective control
            activities are crucial elements of managing project risk. Both management and internal audit should
            contribute to the success of the controls.

            Key Project Management Controls

            Key project management controls that the internal auditor should request include:
            •  Change control document — Used when the team or sponsor has identified additional work not
               originally built into the project. This document includes steering committee approval.
            •  Communication plan — Lists project stakeholders, and defines communications goals and
               outreach expectations.
            •  Contact report documents — Includes all project-related communications in chronological order
               (e.g., phone, email, text, and person-to-person).
            •  Investment authorization — Includes any costs not identified in the original budgeting process.
            •  IT Change ticket — Defines the scope of the project and key deliverables necessary for project
               completion, including user sign-off, evidence of backup/restore process testing, updated
               documentation and training, resilience program updates, back-out plans, etc.
            •  Project planning documents — Includes project initiation documents (PID), project charter,
               business case, return on investment (ROI) details, project plan, and statement of work (SOW).
            •  Project risk and issues log — Defines any risks or issues discovered during the planning, design,
               build/configure, and testing phases of the project. This document should include assignment
               and current remediation status.
            •  Project status report — Provides transparency to all stakeholders regarding the project’s current
               state and status of remediation efforts, and also includes meeting minutes.
            •  Quality assurance checklist — Defines critical activities to be taken into consideration as the
               project is in progress.



            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   78   79   80   81   82   83   84   85   86   87   88