Eye-Opening Audits

From the Voices on Project Management Blog
by , , , , , , , , , , , , , , , , , , , , , ,
Voices on Project Management offers insights, tips, advice and personal stories from project managers in different regions and industries. The goal is to get you thinking, and spark a discussion. So, if you read something that you agree with--or even disagree with--leave a comment.

About this Blog


View Posts By:

Cameron McGaughy
Marian Haus
Lynda Bourne
Lung-Hung Chou
Bernadine Douglas
Kevin Korterud
Conrado Morlan
Peter Tarhanidis
Mario Trentim
Jen Skrabak
David Wakeman
Roberto Toledo
Vivek Prakash
Cyndee Miller
Shobhna Raghupathy
Wanda Curlee
Rex Holmlin
Christian Bisson
Taralyn Frasqueri-Molina
Jess Tayel
Ramiro Rodrigues
Linda Agyapong
Joanna Newman

Recent Posts

Mix & Match

Agile Evolves

3 Tips to Enhance Your Leadership IQ

3 Tips for Becoming a Better Listener—and a Better Project Manager

Maximizing the Value of Agile

I've been preparing for the Capability Maturity Model Integration (CMMI) level 3 audit along with my team for the last year and a half.

Though we were quite comfortable that we would clear the audit, we were still apprehensive when the time finally came. You can never predict the mood of the examiner. He or she may ask some unexpected questions and you'll fail.

The project team was excited before the audit and the process kicked off with a short opening ceremony. But the next five days were eye-opening.

It was like the auditor was showing us a mirror--where we stand, where we need to improve. It forced us to look at our understanding of the fundamental concepts on the software processes and the metrics we utilize.

For instance, he discussed the interdependencies across metrics. When it comes to software defect density, the value is determined by dividing total defects by actual effort. To keep defect density low, the auditor discussed that we would have to put in more time and effort. But that would increase the effort variance of the defect density formula. And it gave us something to consider.

Audits by independent people or groups help us find our weaknessess, areas of improvement and strengths. I also do audits for our internal projects and highly recommend having an audit process every month or at least every quarter.

Have you ever been audited by anybody? Please share your experience.
Posted by sanjay saini on: December 09, 2009 06:16 PM | Permalink

Comments (6)

Please login or join to subscribe to this item
Lawrence, New Jersey
Frankly I have never found my self in a direct "audit situation". However, I do consider it similar to situation where you have an absentee boss that checks on you when you least expected. Typical I feel the experience has a lot to do with the professionalism of the people involve-be it you, your team, or even the auditor(s). Meaning the way the whole process goes and the overall result.

Amit Oberoi

Audits are really helpful in determining the project health but unfortunately most project managers back track the auditable documents just to satisfy the process and not to measure the health.

The delivery pressures, shortening project durations and reduced number of resources especially in FP projects are key obstacles for real audits. Being an auditor myself I have my own apprehensions toward real audits. Probably project managers should be encouraged to furnish real data and not just cooked up data for audits.


Amit Oberoi

Maureen Gan
Dear Sanjay

It was interesting insights that you shared from the recent CMMI assessment. Recently, I was in the role to follow-up on internal audits arising from the need to meet compliance and information security requirements.

As these were rather IT and technical in nature, on several occasions, the auditors were able to share on the risks of the issues and to propose recommendations.
Through the follow-up cycle, the auditees actually learned from the experience and it gave them time to correct the actions to mitigate those risks.

In the future, for applications and infrastructure teams, these audit inputs provide a platform for them to enhance their applications development projects and infrastructure IT projects.

Balancing with the costs, benefits and risks, there were several occasions where the parties involved need to put in place some factors :

i) communicate better to bring across the issues and ideas
ii) communicate more to understand the various solutions and recommendations
iii) working with vendors to gather their best solutions and to implement
iv) justify to management on the urgency and need for funding.

In this journey, the teams have gained from the experience.

Maureen Gan

Atul Pandey
Hello Sanjay,

I sincerely acknowledge the role that audits play if undertaken & accepted in a healthy spirit.

I had been raising few concerns with respect to ISMS, CRM, Resource Matrix & Quality in my organization but they were neglected so long on one pretext or another by concerned authorities.

Then one fine day came the auditors & I wholeheartedly took over the onus as a SPOC to aid them.

There reports were refined & detailed all that I'd been updating past almost an year but there analysis was what moved the top brass & I've completed the upgradation over past 4 months in tune with that report once I got the go-ahead after tremors that their report created.

I myself undertake such audits at smaller level for both Projects & Operations encouraging people to accept it as a tool of progressive transitions.


Michael Farrell
It seems like you weren't really as prepared for the audit as you might have been, particularly in terms of your expectations of the audit and auditor. Thankfully you were very fortunate to have a very collaborative auditor with a very holistic approach.

I'm interested if you had arranged for an external/peer review before the real audit? I ask because I recently completed an external "refresh report" as part of a risk/security review for an IT application project that included sensitive data as part of the preparation for an audit. It really facilitated the audit itself and helped focus on the key areas for improvement/action for both us in the project and the auditor.

We could also benchmark the external findings/suggestions against internal guidelines leading to a more customized outcome arrived at together thus increasing the overall ownership. Essentially the focus could therefore be on customizing the available findings for our needs rather than starting at first base.

Therefore the availability of the external report/perspective (and our draft responses to it based on internal guidelines/standards), was really appreciated by the auditor and showed both welcome proactivity and ownership. This increased overall the confidence we'd act on any findings and were serious about the issues and the audit process in general.

Perhaps PMI could add to best practice here in these situations as audits become more prevalent, by publishing key CMMI "pre-audit checks, guidelines, things to consider" per level so that the "next five days" can be reduced and made more efficient for everyone.

Good luck on your follow-up actions and review!
Best regards,
M. Farrell

Renard Rosas
Sanjay: An audit can be a positive or negative experience; depending on the approach used, the objective of the audit and the culture of the organization. A properly conducted and appropriately received audit contributes to continuous improvement. As you noted, the learnings that result from a through audit will produce positive forward movement in the organization. It's important to properly set the tone for an audit at the very beginning to ensure knowledge sharing and open discussion.

Please Login/Register to leave a comment.


"To stimulate creativity, one must develop the childlike inclination for play and the childlike desire for recognition."

- Albert Einstein