I, recently came across a video on YouTube which was pretty authentic looking and attractive. When I listened to the content, I was shocked as the speaker did not have his bearings right and was rather causing a lot of misconceptions. That is exactly why everybody should not be teaching, once you present something to a wider audience, it should have been well-researched and the trainer himself/herself must have his/her concepts right. The referred YouTube video was from PMPLounge, otherwise famous and well-respected training website. I do not blame them but their selection of trainer.
According to the speaker, a normal or what he says ‘simply’ an audit is a QC audit. Come on, guys, how many of you think, QC is involved in auditing and that an audit is done through inspection. And to top it all, that such an audit is done when a product is built. This completely a wrong concept and the speaker must get himself re-certified as a PMP, if he holds one.
Then he continues saying that this audit (which he means the Project Quality Audit) is a Monitoring a control process. Again he is mixing up QA with QC, because Quality Control process is in Monitoring and Control but it has nothing to do with audit, whereas Quality Audits are done in Quality Assurance Process which is located in Executing Process Group.
So basically the guy has no clue what he is talking about, and he still insists with a lot of confidence, enough to misguide his audience, that Quality Control is actually responsible for Quality Audits in a project.
After having declared QC as an audit he continues vehemently describing the second audit which he calls as Quality Audit. Here he defines the right purpose of quality audit but then what was it he discussed in the previous slide? If this is what he wanted to discuss here, what did he want to say in the earlier slide. He was actually convinced that Quality Control is an audit. Which is absolutely wrong and misleading.
Next he goes on defining the next type of audit as the Risk Audit, and claims it is not the audit off Risk management process but of the risk responses. He deliberately misses on mentioning which process group it belongs to, which I am sure he would say Monitoring and Controlling Process Group, if he would have said it. Actually, there is nothing in PMBOK Guide, 5th Edition which is called a risk audit. In Monitoring and Controlling, we have Control Risk process, and as I have mentioned earlier control may inspect but cannot audit anything. You actually inspect the risk management process here, and naturally risk responses may be updated accordingly, but that can never be called as an audit. This is a normal control process like any other control like scope, schedule and cost controls. So, the speaker is again wrong in mentioning it as a type of audit as in the first case.
As far as Risk Audit is concerned, it could be done by an external body and that would be an external audit from overall perspective of the project and would be actually the part of the project audit for the benefit of project sponsor, program manager, portfolio manager or even the senior management of the organization. The risk audit as part of project audit has nothing to do with project manager except for the fact he will be the subject of this audit and will not be responsible ever to conduct it. So we generally do not call it a risk audit separately but mention it always inclusive to the project audit.
Audits normally happen in during the execution or implementation and they just look at the processes not the product. It is the matter of the perspective which execution level we are talking about. From project perspective, the project manager audits his work during executing process group and that would greatly be related to the quality of the processes, thus called a quality audit and the process is quality assurance.
From an external perspective, senior management wants some means of project assurance, which would include areas beyond quality but inclusive of quality, and may also include risk procurement and more. These would be achieved through an external audit and would be called a project audit. For senior management, the whole life cycle of project is under scrutiny, therefore for them whole project life cycle from their perspective is treated as implementation. They have a right to audit anything anytime through their external auditors and a plan is made and agreed to with project manager in advance. Usually they have certain milestones and phase-gates indicated for these audits but their could be random audits as well. The main thing to remember here is this is all being done for project assurance and is of interest to senior management, not to project manager, except for that he gets certain instructions, guidelines and decisions by the senior management based on these project audits.
These project audits cannot be as detailed as to audit every activity of the project but are based on certain KPIs which have to be measured based on a sample size of data taken occasionally as per a schedule already agreed or at random by the external auditors. That is because senior management does not want to micro-manage the project but still want assurance that project is going according to the expectations.
Next in the referred video is the Procurement audit, and the speaker claims it to be the audit of procurement process and he claims it is in the closing process. It blows my mind, when I imagine procurements being audited when it is being closed. How can you audit something when it has already been done and is about to be closed. It should be audited when the procurements processes are happening or when the contract is in execution. Naturally, for contractor, it is the execution process, while for project, we are controlling the procurement according to the contract. So at most, if this audit has to happen, it could be part of control procurements and not closing procurements. But, again we know, we cannot audit anything while we are controlling it. So essentially, this happens in the execution of the specific contract and not in Monitoring and Controlling process group of the project.
Control Procurements process as laid out in contract decides with the contractor, where and when such audits will be conducted. It is similar to the project assurance but here the perspective is a specific contract, so we will be doing contract assurance for that specific contract. Although, it will be done under the process Control Procurements, but it will be responsible for auditing all aspects of the contracted work, which may not be the procurement processes audit but contract quality and risk audit. This audit will be external to that specific contract but project procurements will be responsible to hold this audit. So, it is now clear that, if you want to talk about a procurement audit, it will be in perspective of a specific contract and it will happen during execution of the contract, not closing of the project.
Let us now talk about the closing audit of the project. This will eliminate the confusion which the speaker actually had. As I explained earlier about the project audit, we have mentioned these have to be conducted at predefined milestones within the project, usually the phase-gates. That means it is more of a review to check what goes well and what goes wrong, as to decide on a Go/No-Go Decision, The project audits are different from the Quality audits conducted during the project execution. Project audits are external and they are more like reviews or you can call post-audits rather than in-process audits. When a project is being closed, we conduct the last project audit or project review to document lesson learned for use by future projects. The project audits happening within the project at various milestones serve to provide decisions on the conduct of remaining project and closing project reviews are for inclusion in organizational process assets.
In light of all this discussion, we must understand there are internal audits and external audits. Internal audits are in-process audits conducted within the project under the watchful eye of project manager by the Quality Assurance process and is responsible for ongoing process improvement. External audits or reviews are conducted as part of project assurance or maybe contract assurance by the higher management to ensure the subordinate entity is working in accordance with the expectations. Closing audit could be the last project audit to register lessons learned, and can also be called as project closing review. These audits may either be formal as laid down in detail in planning or may even be informal.
To conclude, I would say, we only need to understand the right concepts to start speaking about them. It is not wise to disseminate half-truths or completely wrong information. We must be mindful of the fact that internet exposes us to a wider audience and one misconception can go a long way. Be responsible and fulfill your ethical responsibility, to be honest with your profession, all the time.
THANKS Saving Changes...
Sort By:
Jess De OcampoLean Six Sigma Professional/Project Manager/Consultant/| .Manila, Ncr, Philippines
I have watched the video...You are right Mr. Iqbal. As you have advised,"...we must be mindful of the fact that internet exposes us to a wider audience and one misconception can go a long way..."
Thank you for sharing your valuable insights! Saving Changes...
Mark EckmanSenior Project Manager, PMP| VeoliaEmporia, Va, United States
Suhail,
Thank you for bringing this topic to the table.
You struck a chord with me on the ethical responsibility we all have in our PM community and to our community to ensure proper concepts, methodologies and information is distributed through both formal and less-formal teaching venues.
I am not sure what the answer is to this type of governance issue, but this certainly deserves more discussion and due-diligence within our community. Saving Changes...
John TiesoAuthor, Lecturer in Business Management| The Catholic University of America, Busch School of Business & EconomicsArlington, Va, United States
Well said. There needs to be some way to ensure that appropriate materials are provided on these site (As I am sure they try to do at PMI), but bringing these out inm the forums at least creates a siren effect to be careful with what you view and use. Saving Changes...
