Assuring who, about what, and how?

There are many types of assurance in the market, offered by many providers, covering many facets of delivery.  Why do we need so much external assurance, have we got our priorities wrong?

What is assurance?
When we formed the Assurance Special Interest Group a few years ago I ran a series of talks entitled, ‘What is Assurance?’, as it was evident that it was one of those things that can be all things to all people.  Most people had there own working model of what it was and how you did it, but we discovered that our maps of the world were somewhat different, based on our own experiences and viewpoints.  Let’s go with the common denominator from the Concise Oxford Dictionary: ‘Declaration that a thing is true’.  Having worked in Assurance with the ‘Big 4’, I know that Assurance activities can become quite mechanical and process driven, and in the worst case become an industry in its own right.  So let’s go back to basics and decompose what it is we are actually trying to do.
What do you need assuring about ?
Our colleagues from Internal Audit, usually part of the Finance function, had a focus on cost, or at least value for money.  (These includes organisations like the National Audit Office).  Those coming from a quality background, including software testing, had a focus on performance.  Those on the third side of the ‘iron triangle’, having a focus on time to complete, mainly came from the PMO or externals carrying out ‘Health checks’.  But workshops on the topic revealed that there were many other factors that stakeholders sometimes require assurance of.  When I worked in the nuclear industry, a lot of assurance activity was about safety.  In local government there is a lot of focus on governance and scrutiny of process.  What is the key driver in your organisation?

Integrating assurance
We ran another series of talks called ‘Assured to death’. Given all the different things that we could want assurance about, and different clients, let alone different methods, PMs can feel that they are just being bounced from one assurance meeting to another.  Surely it would make sense to take our own medicine and integrate activities into a coherent programme?  When we ran a one day event on ‘Integrated Assurance’, however, four speakers each told us about their integrated assurance at Sellafield, yet they were all oblivious to the fact that the others were carrying out assurance!  I am glad to say that progress has been made since then, with an initiative on the topic being led by the NAO and supported by a work-stream in the Assurance SIG.

Types of assurance
Quality assurance provides a good model for assurance in general.  We used to check quality by inspecting the finished goods and looking for defects.  This approach still seems to be prevalent in the software sector.  The quality movement progressed to looking at process, and internal audit could be said to follow this approach.  In the nuclear industry we moved away from over-reliance on procedure and process controls to the concept of using Suitably Qualified and Experienced People (SQEP) and ongoing continuous professional development.  In other words, we tested the competence of the personal rather than looking at the products they produced.  Would this be a better approach for projects?

Who needs assuring?
Now we are coming to the crux of the matter.  With all this going on, you might think that there are a lot of people out there who are not very sure and need a lot of assurance.  Who are these people?  Every project has a lot of stakeholders in addition to the client / SRO.  For some types of project such as PPPs and JVs, this number can be very large.  Have you mapped them out for your project?  And what are you doing about it in terms of stakeholder engagement?

How can I assure you?
People have different expectations of the role of project manager, from ‘gopher’ or technical team lead to an executive running a transient organisation.  It is the role, however, that most influences whether the client feels ‘assured’, or not.  Lets look at a related definition from the Concise Oxford Dictionary: Assure – ‘Ensure the happening of’, and ‘Tell (person) confidently (that it is so)’.  So for a change, next time you want to carry out assurance, maybe start out by working out who is a significant stakeholder, ensuring that the thing that they are concerned about is actually happening, and then telling them confidently that it is so.  (Be sure to match their style and language).  Have you done that lately, or is the PMO just kicking out template reports?

[This blog is reproduced from that published by the APM for the Assurance best practice group]