Global searching is not enabled.
Skip to main content
Page

Controls and Performance Measures

Completion requirements
View

The following control elements serve to highlight the benefits of project management to a firm's internal control and compliance posture:

Documentation - Of key importance is the proper documentation in accordance with internal and external requirements. The documentation can either be an engrained part of the methodology or project specific. In either case, it can be explicitly identified as tasks in the project plan and as required deliverables.

Mirroring of the Organization's Internal Controls - The project methodology of the firm can reflect the entity's internal control requirements; create various control points in the project management office, as well as within each project.

Coordination of Key Stakeholders - By involving key stakeholders as early on as possible, the costs and expectations surrounding the project are all better managed. Without proper coordination, compliance requirements may be introduced enter too late into the project to be cost-effectively included or be overlooked all together.

Management Oversight and Control - Project plans can include control gates that require the project team to report status through defined metrics and other criteria. This allows management to stay apprised of project status, risks, actual to estimated cost trends, and so on.

Requirements Definition - Not only must the functional requirements be factored into the project, but so must the compliance requirements. In the world of software, the application controls must be considered and implemented on the basis of risk. It is always cheaper and more efficient to design controls into a system at the outset than to wait until the end of the project or after the system goes live to try and factor in compliance needs. Remember, that in this age, business requirements = functional needs + compliance requirements.

Risk Management - As mentioned in the outset, organizations face a multitude of legal and regulatory issues. The responses taken by the organization must be on the basis of risk and this extends into projects as well. Actions taken in governing the projects, controls inserted into design plans and so on must all be done on the basis of risk. Too few controls and compliance will be at risk and too many, or too complex, controls will cause inefficiency, over expenditures and possibly compliance problems.

Communication Plans - Part of project management entails communication of project status to the various stakeholders. Through formal communications, evidence is generated of awareness as to status, decisions made and so on. Furthermore, effective communications can help keep expectations in synch with the project will deliver.

Change Management - As requirements evolve, there must be formal processes in place to review change requests and make appropriate disposition. Unmanaged change can destroy a project.

Work Breakdown Structure - The planning and effort to generate work breakdown structures (WBS) and subsequent communication to the team provides ideal points to ensure that compliance related issues are properly identified and understood.

Task Management - Simply put, by assigning start dates, end dates and so on, the likelihood of tasks being performed increases dramatically. The probability of things being overlooked or forgotten decreases.

Project Reporting - In addition to reports being used to judge the health of the project, reports can be developed and leveraged to judge if internal control requirements are being met. For example, if management designates that expenditure cannot exceed 10% of the allotted amount, the use of variance reports can highlight that a control threshold is being met, at risk or violated.

Management Oversight - A PMO can liaison with management to ensure that projects are running as expected. Internal audit can either be a stakeholder on key projects or be one of the parties that is always included in communication plans.

Training - Not only is training a task area within projects, but it is also a requirement to running projects. People must be able to understand what they do and why. This also means that project management personnel need training on compliance requirements and management/organization expectations.

Testing - Formal test plans can be developed that not only include traditional functional and security aspects but compliance aspects as well.

Post Project Review - There is a tremendous amount that can be learned by studying both successful and failed projects. Don't miss the opportunity after each project to assess "lessons learned". This applies to compliance efforts as well.