Page 85 - Courses
P. 85

Auditing Project Management Practices

            Geopolitical risk — More common in international organizations and government agencies, change
            in political climate leads to funding or human resource shortages.

             TOPIC 4: ROLE OF INTERNAL AUDIT IN PROJECT MANAGEMENT

            The Role of Internal Audit in Project Management

            The internal auditor’s role in project management can be threefold:
            We will start with a review of the work involved for an internal auditor in the assessor role.

            Assessor Role
            The most common role for the internal auditor is that of the assessor, which includes reviewing the
            governance and management of the project management office (PMO).

            Assessing Project Risks
            As the engagement cannot cover every risk; internal auditors assess the significance of the project-
            related risks that were identified during an earlier planning phase to determine which risks should
            be evaluated further during the engagement.
               •  When assessing project-related risks, internal auditors should consider risks related to:
                       o  Operational systems and controls.
                       o  Regulatory impact of potential project risks.
                       o  Damage to the organization’s reputation.
                       o  Relationships with customers or vendors.
               •  Other factors to consider when assessing the likelihood of project-related risks include:
                       o  Past project failures, cost overruns, and client dissatisfaction.
                       o  Complexity and number of stakeholders involved in the process.
                       o  Regulatory complexity of impacted processes.
                       o  Availability of critical resources to support the current project
                          backlog.

            Consultant Role

            The internal audit activity can add value by consulting during the requirements and/or control
            design sessions to assist the organization or business unit in identifying weaknesses.
               •  Consulting opportunities include:
                       o  Consulting on internal control processes.
                       o  Facilitating a control self-assessment design session.
                       o  Consulting on the design of control objectives and tests.
                       o  Facilitating an inherent risk assessment after the architecture review is complete.
                       o  Facilitating a business impact assessment after the inherent risk assessment is
                          complete.
                       o  Facilitating a risk assessment before the project goes live.
                       o  Assisting in the user-testing effort during testing, and before user acceptance.


            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   80   81   82   83   84   85   86   87   88   89   90