Steps In Performing a Project Risk Audit

Project risk audits are often performed throughout the project to ensure that the project stays on track and is healthy. The goal of the audit is to ensure that each process is doing what it’s supposed to be doing. These audits need to be objective since the project’s wellbeing may be at stake.

The first step in project risk audits is to assign someone to take on the role of project auditor. Ideally, the project manager would be in charge of this. If this person cannot be objective, or if the stakeholders are really relying on this project, you should hire an external auditor or audit company.

Once you have decided who will be the risk auditor, it’s time to do the project risk audit. The first thing that you want to do is figure out who will

click to enlarge

Next, come up with a scoring system to determine how well the processes are working. This can include a range of 1 to 10 or excellent to inadequate. Features to be checked include how well internal controls are working, how well the oversight process is working, how fast tasks are being completed, how budgetary constraints are being met, etc.

There are some standard factors that are critical for a successful project. These can include the following; project organization, project planning, meeting of established milestones, how well the project is controlled, how well risk is being dealt with, resource management, dealing with scope, and testing. Part of the audit will be to check and see if these critical success factors are being met.

Now, it’s time to gather your evidence. Schedule interviews with team members, project managers, and stakeholders separately so that they don’t influence each other. Conduct the interviews as close together as possible so that individuals don’t have time to discuss questions and compare answers with other team members. This could contaminate the evidence.

Try to complete this part of the evidence gathering within the first five days or 20 hours. While many project risk audits can take nearly 20 days to complete, you still want to try to get as little cross-contamination as possible.

Next, you need to thoroughly analyze the evidence and compare that evidence to timelines, goals, objectives, etc. Reviewing where the project should be to where it actually is will help you determine if the project is on track.

Once you have analyzed the data, you must now prepare your findings and come up with recommendations on how to improve the processes. A report should be written thoroughly detailing your findings so that everyone can see the results and understand what needs to be done if the project is found to be off-track.

Once the initial project risk audit has taken place, you may want to conduct follow-up audits. These shouldn’t be as intense as the initial phase, but they should verify that recommendations made are being followed and implemented.

Image Credit: Risk Management (Samuel Mann) http://commons.wikimedia.org/wiki/File:Risk_management.gif