Assurance is the set of systematic activities intended to ensure that the objectives and management processes of a project, programme or portfolio are fit for purpose.
The goals of assurance are to:
- review management planning;
- monitor effectiveness of functions and processes;
- give stakeholders confidence that the work is being managed effectively and efficiently.
The term assurance is commonly used in the context of ‘quality assurance’.
Praxis does not separate out quality as a separate function since quality, in all its forms, is built in to the entire framework.
Quality is an inherent characteristic rather than a separate function. Therefore quality planning is covered in the planning function and quality control is covered in the control function.
The fourth aspect of quality, continual improvement, is encompassed within capability maturity.
The targets of assurance can be split into two simple categories: the objectives of the work (outputs, outcomes or benefits) and the processes (project, programme or portfolio) designed to achieve them.
Objectives will usually be the subject of quality control techniques, which will be defined in the appropriate management plans. The role of assurance is to audit the management plans to ensure appropriate standards have been set and check that the results of quality control have been acted upon.
Processes and procedures should also be set out in the management plans. The assurance function should check that the appropriate management plans are in place, the processes and procedures are fit for purpose and competent resources are applying them.
Assurance is the responsibility of the P3 sponsor. Anyone performing assurance must be independent of the management and delivery teams, and report directly to the sponsor. Assurance resources will often come from a dedicated support organisation or project management office (PMO). It is the sponsor’s responsibility to use the results of assurance to address any issues and instil confidence in the management team.
Performing assurance is a key indicator of an organisation’s level of capability maturity. It is accepted as a key function in developing the quality of P3 management but is not without its problems.
Thamhain and Wilemon identified that ‘procedures’ are one of the main sources of conflict in projects. This can be interpreted in different ways but when independent auditors arrive to check that certain procedures are being followed, it can definitely cause concern amongst the management team and potentially lead to conflict.
Therefore, the sponsor should not only accept responsibility for ensuring assurance happens but also that it visibly makes a positive contribution. There are various ways that this can be achieved, for example:
Assurance should be risk-based. This means that it concentrates on the riskier areas of what is being assured. If a project has particularly difficult stakeholder issues or is implementing highly innovative technology, then assurance should focus on those areas and not go through a laborious box-ticking exercise in straightforward areas of management. If a programme is being managed by a less experienced programme manager then that would be a focus of risk-based assurance.
Assurance should assist as well as check. Conflict is more likely to arise if the people doing the assurance simply turn up, check procedures and leave. The assurance role should be one of assisting and advising as well as reviewing. People in this role move from project to project and programme to programme. They are in the perfect position to promote good practices and disseminate lessons learned.
- Assurance should be seen as a sign of the organisation’s commitment to develop the discipline and profession of P3 management rather than just a means of checking up on people.
The intended approach to assurance, the resources required and scheduled reviews are all set out in the assurance management plan. Since it is the sponsor’s responsibility to ensure that assurance is implemented, this plan has to be prepared by the sponsor or delegated to someone not involved in the management of the work being assured.
Projects, programmes and portfolios
For stand-alone projects, it is relatively straightforward to define what constitutes ‘independent’ assurance but in programmes it is more complex.
The programme organisation is often responsible for assuring the component projects. Therefore, people who assure the projects may be members of the programme management team. Clearly, they cannot then have responsibility for assuring the programme and other, independent assurance resources must be used.
To add to this complexity, the programme manager often fulfils the role of sponsor for component projects and, in this position, has responsibility for project assurance, while having to remaining independent from programme assurance.
A more mature organisation may collect all its assurance resources in an organisation such as a PMO that is independent of all projects and programmes – and potentially independent of any portfolios. This is entirely dependent on the nature of the organisation, the scale and complexity of its projects, programmes and portfolios, its capability maturity and also its environment.
Some more complex environments may need multiple assurance teams. For example, in a regulated environment there may be an internal team the focuses on effective and efficient management and an external team that focuses on conformance with regulations.
In these environments each team will have their own procedures and scope designed to meet the needs of one group of stakeholders. It is possible for the total assurance burden to become onerous and even unworkable. In these circumstances, the sponsor must get the different teams to work in a co-ordinated manner, sharing information where possible and ensuring that all aspects are covered. This approach is known as integrated assurance.
Portfolio sponsors are often part of the organisation’s main governing board. At this level assurance provides a vital link to organisational governance. Usually, the organisation’s audit committee has a general duty for ensuring that the board has the assurance that it needs. In a mature organisation, this means that the assurance of projects, programmes and portfolios ultimately flows through the organisation to body responsible for corporate governance.