TOPIC 5: PROJECTS AUDITS
1. Meaning of Project Audits
2. Purpose of Project Audits
3. Types of Project Audits
4. Types of Project Audit Tools
5. The Project Audit Process
6. Terms of Reference for Project Audits
MEANING OF PROJECT AUDITS
Project auditing refers to the systematic evaluation into the ways project management ideals are applied to the project. It involves thorough review process to establish best practices and serves as pillar to support management decisions needed for the project. There is no „best‟ time to conduct an audit; however, most project audits are conducted at the start of the project, later in the project and after the project is completed, depending on the following:
The nature and size of the project
To ensure that all necessary technical issues are resolved before proceeding with the project. This actually reinforces the need for the early audit.
Providing the parent organization with the required details as to whether the project is conforming to the planned schedule, budget, scope and quality constraints. This refers to the late audit usually conducted during the project.
Follow up with the regulations set together with the client. Most clients demand for such audit and its usually called the post project audit.
Project auditing serves as one of the primary vehicles for the evaluation of projects. It focuses on thorough assessment of the project in order for senior management to establish how well the project is doing in terms of performance. The auditors compared the present status of the project with its planned activities to establish whether the project is delivering its deliverables on schedule, cost, scope and quality.
PURPOSE OF PROJECT AUDITS
An audit is a monitoring system that uses quantitative and qualitative assessments tools to measure performance outcomes. Risk management is built into the audit process in that it enables project managers to identify and evaluate concerns, problems and challenges that may have surfaced during the course of the project. When inefficiencies are identified, root cause analysis can be performed, and corrective or preventive recommendations can be included in audit reports for future reference A project audit checklist serves as a pivotal tool in a project risk management process. It helps senior leadership and project managers appraise internal elements and external factors
affecting the completion of the project. An auditor must comply with Generally Accepted Auditing Standards (GAAS) when using a project audit checklist. Projects are audited to:
An auditor learns about a project’s control environment to become familiar with factors affecting the project’s progress and completion dates. These factors may be internal or external. External elements that may affect a project completion date are laws and regulations. Internal factors may relate to corporate policies and guidelines, top management’s ethical qualities and staff members’ skill set.
Test Internal Controls
A project auditor tests internal controls and procedures to ensure that such controls are adequate and functional. A control is a set of directives that a project manager puts into place to prevent operating losses resulting from technological breakdowns, error, fraud or theft. An adequate control instructs project staff members on how to perform tasks, highlight problems and make decisions. A functional control provides proper solutions to project breakdowns.
The project management function is used to drive enterprise change. A company’s goals and objectives might be pursued through a series of strategic projects designed to facilitate systemic changes. Audits of strategic projects assess whether they have succeeded in meeting specific and measurable goals and objectives. For example, an audit evaluation might reveal that a goal related to sales projections was not met and the deficiency was due to insufficient training of project team members in skills required to perform core project duties. This
information might be used to drive change in employee development initiatives.
Audits are used to evaluate project schedules and timetables established for a project, as well as its tasks and activities. This generally includes a comparison of timetable and schedule estimates against actual performance. Milestone reports may reveal overestimations or
underestimations on specific tasks and activities during the course of the project. External or internal factors might be identified as the cause of the delay. For example, supplier delays are one type of external factor that can impact project schedules.
Project audits might identify excesses or shortfalls in resource allocations associated with a project. For example, project audits may reveal whether project performance deficiencies were tied to insufficient resource allocations. It might also reveal over budgeting in allocating resources in certain areas for a project — assessments that are important when developing future project budgets.
Project management includes the use of third-party suppliers and vendors for certain products or services. While supplier performance is generally audited as an independent assessment, it can also be performed as part of a project management audit. The results
might impact future contracting and procurement decisions.
A project audit might be required to satisfy regulatory requirements. Companies that must comply with such regulations might gain a significant amount of data through the auditing process. Consult with legal counsel to determine your company’s governmental reporting
Benefits of Project Audits
Improved project performance
Evaluates risk and protects assets the earlier they are discovered, the better the opportunity to avoid or mitigate them effectively
Identify and avoid scope creep
Avoid wasted time (& cost) on wild goose chases
Better clarity and focus amongst project team members
Improved relationship with the client
Consolidate learning and carry that forward onto future projects
Provides objective insight
Improves efficiency of operation
Ensures compliance with laws and regulations
TYPES OF PROJECT AUDITS
A compliance audit is an examination of the policies and procedures of an entity or department, to see if it is in compliance with internal or regulatory standards. This audit is most commonly used in regulated industries or educational institutions.
This is an analysis of the costs incurred for a specific construction project. Activities may include an analysis of the contracts granted to contractors, prices paid, overhead costs allowed for reimbursement, change orders, and the timeliness of completion. The intent is to ensure that the costs incurred for a project were reasonable.
A financial audit is an analysis of the fairness of the information contained within an entity’s financial statements. It is conducted by a CPA firm, which is independent of the entity under review. This is the most commonly conducted type of audit.
Information Systems Audit
An information systems audit involves a review of the controls over software development, data processing, and access to computer systems. The intent is to spot any issues that could impair the ability of IT systems to provide accurate information to users, as well as to ensure that unauthorized parties do not have access to the data.
An internal audit is usually conducted by an in-house audit team, and is focused on control assessments, process assessments, legal compliance, and the safeguarding of assets. The team’s reports are sent to management and the organization’s audit committee, and may
result in recommended changes being implemented.
An investigative audit is an investigation of a specific area or individual when there is a suspicion of inappropriate or fraudulent activity. The intent is to locate and remedy control breaches, as well as to collect evidence in case charges are to be brought against
An operational audit is a detailed analysis of the goals, planning processes, procedures, and results of the operations of a business. The audit may be conducted internally or by an external entity. The intended result is an evaluation of operations, likely with
recommendations for improvement.
A tax audit is an analysis of the tax returns submitted by an individual or business entity, to see if the tax information and any resulting income tax payment is valid. These audits are usually targeted at returns that result in excessively low tax payments, to see if an
additional assessment can be made. If the taxpayer disagrees with the outcome of a tax audit, there is an appeal process that may overturn the initial finding.
Process Audit – This type of audit verifies that processes are working within established limit.
It defines requirements such as time, accuracy, pressure etc. and also examines the resources and checks the effectiveness of the process
Product Audit – It is examination of a particular product or service such as hardware or software to evaluate whether it confirms to requirements
System Audit- It is conducted on management systems. It is an activity performed to rectify by examinations of objectives evidence that the systems are appropriate and effective and have been developed in accordance to specified requirements. Objective evidence that systems are appropriate and effective have been developed in
accordance to specified specifications
Quality Management System Audit– evaluates an existing management program to determine if conformance to company policies, contract and regulatory requirement Environmental System Audits- examines environmental merit system
Project Auditing —is a formal type of project review most often designed to evaluate the extent to which project management standards are being followed
THE PROJECT AUDIT PROCESS
1. Audit initiation:
This is the first phase that signals the start of the entire audit process and it involves the following activities:
a) Defines the what, where, when and how the auditing process should go. The purpose of the auditing should be clearly delineated for the audit team to know their target.
b) The scope of the audit should be established. Whether the audit is focusing on specific areas of the project or the entire project. Whether the audit is probing into deeper aspects or just superficial areas of the project. Auditing deeper areas of the project requires technical and highly experienced project auditors. The narrower the audit scope, the lesser the challenges faced by the auditors whereas broader audit scope are trickier and more tedious to manage. c) Data collection is an integral component of the whole process and that takes place at this phase of the audit lifecycle.
d) Auditing methods and practices suitable for auditing the project are established in this phase of the process. e) Rules, guidelines and other auditing protocols are fundamental at this stage. Hence, members of the audit team should be fully aware of the ground rules governing the process to ensure compliance and effective audit exercise
2. Baseline definition of the project:
This phase focuses on the establishment of concrete benchmarking parameters used to assess the project.
These parameters can be previous project implemented, standards set by project management bodies like PMBOK, PRINCE2 etc. or agreed standards set by the parent organization and the audit team. The output of the project will be evaluated based on these parameters established at this phase. Infact that is more the reason why the parent organization should be deeply involved at this phase of the audit life cycle
3. Audit database: Once the yardsticks for the assessment of the project are established then, a database should be created to enable the audit team in discharging its duties.
The information gathered in the initial stage of the audit exercise should be stored in this database for the evaluation of:
a) The management of the project
b) The current and future status of the project
c) The project schedule, budget and quality in terms of its performance and meeting client’s requirements
d) This database can serve as an important repository that the parent organization can use to manage similar and future projects.
4. Initial analysis of the project:
When parameters are set and valuable data collected then, decisions can be made from an informed position.
Auditors are not the ones making decisions but rather present the facts for senior management to make decisions regarding the project.
This preliminary assessment done by the auditors should be presented to the project manager and team for their inputs before making it available to senior management.
Project manager and team should accommodate this initial analysis and see it as a supportive move to make the project better than seeing it as a dubious ploy to humiliate them. Such a spirit is good for the success of the project.
5) Preparation of the audit report:
This involves collating the facts about the project and putting it in a format called audit report.
This format should be approved by the parent organization before being used by the project audit team. The report should contain recommendations made by the team and possible remedies if there be concerning the project. However, the decisions that should be made using this report must come from senior management and it is their responsibility to publish the audit report.
6) Termination of the audit:
This involves bringing to a close the entire audit process. However, it can only be terminated when the report has been properly reviewed, recommendations addressed and released by management. The report is reviewed to enhance the methods used throughout the audit
process. This phase closes with the dismissal of the entire audit team.
The auditing process in brief
1. Audit planning and preparation
2. Audit execution i.e. fieldwork data gathering cores the time period from arrival of the audit location
3. Auditing report. the purpose of auditing repot is to communicate the results of the investigations providing correct and clear data
4. Audit follow up and closure.
5. Correcting nonconformities- Corrective action. This is the action taken to eliminate the cause of an existing non conformity detect as others indescribable situation in order to prevent occurrence
Principles of Project Audit
1) Should be independent and supported in this by original board
2) Should be accountable within a governance and reporting system
3) Planned and coordinated as part of the organization
4) Should be risk based against an independent risk evaluation
5) Able to allow the impact of identified weakness to be identified and addressed by follow up and escalation
TYPES OF PROJECT AUDIT TOOLS
i. Vouching -Audits verifies accounting transactions with documentary evidence
ii. Confirmation-Technique used by creditor to validate the correctness of the transaction
iii. Reconciliation-Technique used by auditor to know the reason or difference in businesses
iv. Testing-Technique used in selecting representative transaction of the whole accounting data to draw a conclusion about all items
v. Physical examination -Requires verification and confirmation of the physical existence of tangible assets as they appear in business balance sheet e.g cash in hand , land and building , plant and machinery e.t.c
vi. Analysis -Technique used by an auditor to segregate important facts and to further studies
vii. Scanning-Books of accounts , an experienced auditor may identify those entries which would require his attention
viii. Inquiry-Method used to collect in depth any information about any transaction.
ix. Observation -Through observation an auditor gets an idea about reliability of the process and the procedures of an organization.
Different methods of obtaining audit evidence
i. Inspection -The examining records and documents or inspection of tangible assets.
ii. Observation-Looking at a process or procedure being performed by others.
iii. Inquiry and confirmation-Seeking appropriate information from knowledgeable person inside or outside the entity
iv. Computation -The checking of arithmetical accuracy of source documents and discounting records or performing independent calculations
v. Analytical review- The studying of significant ratios and trends and investigating unusual fluctuation and item
TERMS OF REFERENCE (TORs) FOR PROJECT AUDITING
Terms of Reference is a document that explains the objectives, scope of work, activities, tasks to be performed, respective responsibilities of the Employer and the Consultant, and expected results and deliverables of the Assignment/job.
Terms of Reference for Auditing
i. Auditing mission statement – the audit original audit statement most clearly defines the goals , objectives as well as types of audits to be conducted
ii. Audit skills specification – a detailed specification of an auditors skills and experience , technical experience
iii. Stake holders roles and responsibilities – a detailed specification of all audit related roles and responsibilities for both audit staff and project staff
iv. Audit Criteria – a full listing of all criteria by which projects will be selected. For an audit you can’t audit every project. it would be too costly and time consuming
v. Audit initiation procedures a detailed specification of audit initiation procedures including the process by which individual project managers are notified of a pending audit and related pre persuasion requirements.
vi. Audit execution procedures – a detailing full listing of audit execution procedures covering the methods and procedures to be employed during the audit itself.
vii. Audit reporting procedures -covering the manner and method which audit results will be reported and reviewed In order to minimize the nature of the project audit.
I. Background -describes the project in the context. States the general note stakeholders in doing project. Background provides an overview of history behind the project
II. Objectives -these are the desired accomplishments that can be reasonably desired upon the project completion with consumption of available resources and within an
III. Scope\ issues – project involves a number of issues and problematic areas that need to be addressed in order for the project to be implemented smoothly
General issue evaluation criteria for projects
a. Efficiency – how well the given activity transforms available resources t desired outputs.
b. Reference – analyze if a given activity is being performed to desired benefits.
c. Impact – extent to which the projects benefits received by the target audience.
d. Sustainability – criterion identifies whether the project positive outcomes will continue after funding ends.
e. Methodology – how to carry out the project I a cost effective way
f. Expertise – the expertise needed for doing a project defines a set of professional
requirements for the individual and terms involved in project implementation.
g. Reporting – reporting provides valid information about a project performance over
a certain period.
h. Work plan – is a kind of strategy that aims to help solve problems through a project and boost employee drive and focus.
Core constituents of projects mostly analyzed during an audit
a) Time management : activities duration
b) Resource management :: allocation of resources ,criteria on distribution analysis on consumption, measures to control resource abuse
c) Personal management -allocation of staff and establishment of recruiting policies ,division of responsibilities regarding team does and training methods
d) Information management > policies regarding preparing and collecting information , methods used in filling information updating , retrieving information
Grading system to rank each audited project management constitution
a) Critically deficient > suggests a serious inability to match project guidelines
b) Weak > unable to entirely comply with projects objectives
c) Satisfactory > basic project management principles are followed
d) Good > compatibility with the project goals and effectiveness of most tools
e) Very good > process defines ideal project performance and adheres to planning / monitoring expectations
The Components of an Audit Status Report
This is a significant document that provides management and other stakeholders of the project with the required knowledge about the progress made so far on the project. Such information can help bring back the project on track in cases of deviation. It also evaluates the project with respect to schedule and budget. Therefore, this report should consist of the following components in order to provide the necessary project details:
An introductory aspect: This focuses on the general overview of the project including the goal and objectives of the project. It should be simple and clear for all to understand. This aspect should be well written to provide readers with the purpose for which the project was
The present status of the project:
Four important parameters are considered here; these are cost, schedule, progress and quality. Every project has a budget and hence, making project cost a significant constraint in project management. Actual costs should be compared to what was budgeted at the start of the project to see if the project is doing fine in terms of cost. All project cost should be clearly stated in this report. The time required to complete project activities should be recorded and compared to planned schedule in order to establish percentage completion of the project. Tasks that were unable to finish at the stated time should also be captured; as this can help reinforce learning for future projects. The progress made can be established by relating the amount of work completed as against the project resources used. In addition, the quality of the project should be recorded in this report. Quality measures the degree to which the project meets its initial specifications. In actual fact, the success of the project hinges on its ability to meet client’s requirements. Thus, making such information vital for management action.
Status of future project: This points to the auditor’s take on what should be done in the project. The previous approach used that led to several uncompleted tasks should be modified or changed in order to achieve success within schedule and budget. The auditor has the right to recommend changes to the project approach especially when the project is lagging behind
in critical areas.
Management issues: All project issues that require the attention of senior management especially those primary to the success of the project. In addition, decisions affecting the schedule, cost and performance of the project should be made by management.
Risk management: Assessment of risks associated with the project and how such should be mitigated in order to save the project.
Project assumptions and limitations: Stating the conditions under which this report is deemed true. It is the duty of the auditor to prove the accuracy of this document by affirming the circumstances or assumptions made in this report. It is worth noting that, the interpretation of this report lies exclusively with senior management and not the auditor. The auditor presents the facts for onward submission to management for proper decisions.