PROJECT RISK AUDIT

Throughout the execution phase of a project, it is important to ensure that the project is generally healthy. A periodic project risk audit accomplishes this by assessing the effectiveness of project management processes. A risk audit should be performed by a project management professional who is as objective as possible. If stakeholders judge a project to be extremely important, an external risk auditor should be used.

Process

There are eight steps in the project risk audit process:

1. Identifying interviewees (project team, project manager, stakeholders)

2. Gathering evidence

3. Scheduling interviews

4. Conducting interviews

5. Analyzing evidence

6. Preparing findings

7. Preparing recommendations

8. Preparing report.

An initial risk audit takes from 20 to 70 hours over a 5- to 20-day period. Follow-up risk audits may take less time because they focus on prior audit recommendations and verification of continuing compliance to critical success factor (CSF) evidentiary requirements.

Critical Success Factors

Ten critical success factors are used to audit a project’s compliance with industry best project management processes. Auditors also examine factors about the project’s progress against plan and make a prognosis for successful completion. The ten CSFs are:

1. Organization—The project is appropriately organized.

2. Risk management—Project risks are identified and appropriately managed.

3. Planning—The project is appropriately planned.

4. Milestones—Project milestones are being met on schedule.

5. Monitoring and control—Project status is appropriately monitored and adequately controlled.

6. Scope change control—Project scope is appropriately controlled.

7. Resources—The project is appropriately resourced.

8. Functional testing—Appropriate functional acceptance-testing processes and plans are in place.

9. Capacity and performance testing—Appropriate capacity and performance acceptance testing processes and plans are in place.

10. Training—Appropriate and timely training is available.

Deliverables

Deliverables from the risk audit are used to inform both the project manager and stakeholders of risk findings and recommended corrective actions. The individual deliverables are:

• Risk audit summary

• Risk audit working papers

• Interview log

• Documentation log.