This was a presentation given by Roy Millard of TfL to the APM South East branch membership. This event, which was the South East branch's AGM 2014 event, was held at Mercure Tunbridge Wells.
This event looked at the role of the PMO, the people involved and took a more focussed look at assurance processes with specific examples from TfL.
Following on from Eileen Roden's presentation Roy Millard, Senior Audit Manager at TfL and Chair of the APM Assurance Specific Interest Group (SIG) introduced the latest thinking about integrated assurance, referring to the SIG’s emergent thinking and how it can be used.
Using examples from his work at TfL, Roy demonstrated how this can and is being put into practice.
1. 1
Integrated Assurance and
the role of the PMO
Presentation by
Roy Millard,
Senior Audit Manager, Transport for London, and
Chairman of APM Specific Interest Group on Assurance
for
SE Branch Event – ‘The role of PMO in assurance’ and AGM,
5th June 2014
A little bit of background...
18 Oct 06 2
Audit
Committee
Assurance
Specific Interest Group
2. 2
18 Oct 06 3
“I need
assurance
because.... ...I need to know that everything is
under control”.
...I need to know whether what I am being
told is correct”.
...I need to be confident that I am going to get
what I want”.
...I need to know whether the project is going to
finish on time and within budget”.
...I need to know if things are going horribly wrong
and whether I should can the project!”.
But what exactly is assurance?
• assurance n. Emphatic declaration, guarantee; self-confidence,
assertiveness; insurance esp. of life; certainty. (Source: The Pocket
Oxford Dictionary.)
• assurance
noun
1.the act of assuring
2.the state of being assured; sureness; confidence; certainty
3.something said or done to inspire confidence, as a promise,
positive statement, etc.; guarantee
(Source: www.yourdictionary.com)
• P3 assurance The process of providing confidence to
stakeholders that projects, programmes and portfolios will
achieve their scope, time, cost and quality objectives, and
realise their benefits.
(Source: APM)
18 Oct 06 4
3. 3
18 Oct 06 5
Internal Audit
External
Audit
Quality
Assurance
Health &
Safety
OGC
GatewayTM
Independent
Engineer
reviews
PMO/PMCoE
Control Self
Assurance
NAO
Policies
Standards
Processes
Systems
Project
Audits
Contract
Audits
Peer Reviews
18 Oct 06 618 Oct 06 6
Internal Audit
External
Audit
Quality
Assurance
Health &
Safety
OGC
GatewayTM
Independent
Engineer
reviews
PMO/PMCoE
Control Self
Assurance
NAO
Policies
Standards
Processes
Systems
Project
Audits
Contract
Audits
Peer Reviews
Audit
Committees
Sponsors
MDs &
Directors
Project Boards / SROs
Programme Boards
Governing Bodies
Shareholders
Investors Public &
media
Aargh!
4. 4
18 Oct 06 7
Project assurance scope
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
18 Oct 06 8
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
Project assurance scopePMO
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
5. 5
18 Oct 06 9
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
Project assurance scope
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
PMO Internal Audit
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
18 Oct 06 10
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
Project assurance scope
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
PMO
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
Internal Audit PMO & Internal Audit
Approval &
Initiation
Requirements
Capture
Scope Definition
Closure
Management
Organisation &
Governance
Planning
Procurement
and
Letting of
contracts
Progress
monitoring and
control
Risk
management
Quality
Management
Configuration
management
Change Control
E&I
Management
Stakeholder
management
Benefits
management
Filing and
records
management
DDA
Compliance
Financial Control Fraud risk
Security/counter
terrorism risk
HS&E
Management
DPA/FOI
Engineering
Risk
IIPAG
6. 6
Integrated Assurance Framework (or Strategy)
• Content:
– Purpose and Overview
– Background
– Scope of the Framework
– Principles and Standards
– Protocols and Behaviours
– Roles and Responsibilities
– Derivation
– Assurance Plan Structure
– Framework and Plan Approval and maintenance
– References
– Appendix – Statutory and Regulatory Requirements
18 Oct 06 11
• Content:
– Purpose and Overview
– Background
– Scope of the Framework
– Principles and Standards
– Protocols and Behaviours
– Roles and Responsibilities
– Derivation
– Assurance Plan Structure
– Framework and Plan Approval and maintenance
– References
– Appendix – Statutory and Regulatory Requirements
Integrated Assurance Framework (or Strategy)
• Principles and Standards
– Proportionality
– Risk based planning
– Independence
– Competence
– Engagement planning
– Documentation of evidence
– Reporting
– Action
– Follow up
– Spreading good practice
– Quality control
18 Oct 06 12
7. 7
18 Oct 06 13
10 criteria:
• Client & scope
• Risks & opportunities
• Planning and scheduling
• Organisational capability and culture
• Supply Chain
• Solution
• Finance
• Social responsibility and sustainability
• Performance
• Governance
ORGANISATION’S
RISKS
First Line of
Defence
Outcome:
Control of risks
ORGANISATION’S
RISKS
CONTROLS
Application of a
Management System,
comprising policies,
procedures, processes,
standards, etc.
ASSURANCE
Management
Second Line of
Defence
Outcome:
Confirmation of control
of risks (Verification)
First Line of
Defence
Outcome:
Control of risks
ORGANISATION’S
RISKS
CONTROLS
Application of a
Management System,
comprising policies,
procedures, processes,
standards, etc.
COMPLIANCE
Management
assurance, comprising
monitoring, checks and
audits by Risk
Management, Quality
Assurance, PMOs, etc.
ASSURANCE
ASSURANCE
Management Management
Second Line of
Defence
Outcome:
Confirmation of control
of risks (Verification)
First Line of
Defence
Outcome:
Control of risks
Third Line of
Defence
Outcome:
Strategic overview of
system of control
ORGANISATION’S
RISKS
CONTROLS
Application of a
Management System,
comprising policies,
procedures, processes,
standards, etc.
COMPLIANCE
Management
assurance, comprising
monitoring, checks and
audits by Risk
Management, Quality
Assurance, PMOs, etc.
INDEPENDENT
REVIEW
Assurance through
independent reviews by
Internal Audit, External
Audit (e.g. NAO),
independent peers, or
external scrutiny.
ASSURANCE
ASSURANCE
ASSURANCE
Management Management
Board & external
stakeholders
18 Oct 06 14
Three Lines of Defence Model for Assurance
8. 8
18 Oct 06 15
Assurance maps
Assurance SIG
18 Oct 06 16
• There are five work streams currently under way or in the
process of being born:
– Integrated assurance
• Developing an approach to collaborative working between
assurance providers
– Project Auditing
• Sharing approaches and experiences in project auditing, and
developing best practice guidance
– Measures for Assuring Projects
• Investigating and developing guidance on measures that can be
used to gain assurance
– Assurance of Agile projects
• Development of guidance to applying assurance principles in
fast-moving Agile environments
– Assurance of organisational change
• Plus, we have two others at the idea stage:
– The Business Case for assurance
– Maturity modeling for assurance
9. 9
18 Oct 06 17http://www.apm.org.uk/news/new-apm-book-release-guide-integrated-assurance-video#.U427QKz1DRk
Questions
18 Oct 06 18