Assurance
– the basics, and latest thinking
Presentation by
Roy Millard,
Senior Audit Manager, Transport for London, and
Chairman of APM Specific Interest Group on Assurance
Questions:
• What is [and isn’t] assurance?
• What is good [and bad] assurance?
• How to overcome the barriers
• How to decide what to assure, and what not
• How to avoid over-assurance
• Work of the Assurance SIG
18 Oct 06 2
What is assurance?
18 Oct 06 3
assurance n. Emphatic declaration, guarantee; self-confidence,
assertiveness; insurance esp. of life; certainty. (Source: The Pocket Oxford
Dictionary.)
assurance
noun
1.the act of assuring
2.the state of being assured; sureness; confidence; certainty
3.something said or done to inspire confidence, as a promise,
positive statement, etc.; guarantee
(Source: www.yourdictionary.com)
• P3 assurance The process of providing confidence to stakeholders
that projects, programmes and portfolios will achieve their scope, time,
cost and quality objectives, and realise their benefits.
(Source: APM)
"Glamour is assurance. It is a kind of knowing that you are
all right in every way, mentally and physically and in
appearance, and that, whatever the occasion or the
situation, you are equal to it.”
- Marlene Dietrich (actress, 1901-1992) “One unerring mark of the love of truth is not entertaining
any proposition with greater assurance than the proofs it is
built upon will warrant.”
- John Locke (philosopher, 1632-1704)
“In God we trust. All others, bring data.”
- W E Deming (academic,1900-1993) “Assurance is two-thirds of success.” - Gaelic proverb
18 Oct 06 4
“I need
assurance
because.... ...I need to know that everything is
under control”.
...I need to know whether what I am being
told is correct”.
...I need to be confident that I am going to get
what I want”.
...I need to know whether the project is going to
finish on time and within budget”.
...I need to know if things are going horribly wrong
and whether I should can the project!”.
Where does assurance come from?
Internal Audit
External
Audit
Quality
Assurance
Health &
Safety
OGC
GatewayTM
Independent
Assurance
Reviews PMO/PMCoE
Control Self
Assurance
NAO
Standards
Systems
Project
Audits
Contract
Audits
Peer Reviews
And who receives this assurance?
Internal Audit
External
Audit
Quality
Assurance
Health &
Safety
OGC
GatewayTM
Independent
Assurance
Reviews PMO/PMCoE
Control Self
Assurance
NAO
Standards
Systems
Project
Audits
Contract
Audits
Peer Reviews
Audit
Committees
Sponsors
MDs &
Directors
Project Boards / SROs
Programme Boards
Governing Bodies
Shareholders
Public &
media
Characteristics of good assurance
• Principles and Standards (ref: APM Guide to Integrated Assurance)
Proportionality
Risk based planning
Independence
Competence
Engagement planning
Documentation of evidence
Reporting
Action
Follow up
Spreading good practice
Quality control
18 Oct 06 7
Assurance information is only useful if it
helps you to make sensible decisions!
18 Oct 06 8
How do you avoid this?
Winning hearts and minds
• Setting an overall organisational context – Who wants assurance and why?
– How will it be used?
– How does it relate to other activities?
• Overcoming resistance – We’re too busy at the moment
– We can’t afford the time/cost/disruption/etc.
– What’s the point/value?
• Doing it as efficiently & effectively as possible – Integrated approach
18 Oct 06 9
ORGANISATION’S
RISKS
First Line of
Defence
Outcome:
Control of risks
ORGANISATION’S
RISKS
CONTROLS
Application of a
Management System,
comprising policies,
procedures, processes,
standards, etc.
AS
SU
RA
NC
E
Management
Second Line of
Defence
Outcome:
Confirmation of control
of risks (Verification)
First Line of
Defence
Outcome:
Control of risks
ORGANISATION’S
RISKS
CONTROLS
Application of a
Management System,
comprising policies,
procedures, processes,
standards, etc.
COMPLIANCE
Management
assurance, comprising
monitoring, checks and
audits by Risk
Management, Quality
Assurance, PMOs, etc.
AS
SU
RA
NC
E
AS
SU
RA
NC
E
Management Management
Second Line of
Defence
Outcome:
Confirmation of control
of risks (Verification)
First Line of
Defence
Outcome:
Control of risks
Third Line of
Defence
Outcome:
Strategic overview of
system of control
ORGANISATION’S
RISKS
CONTROLS
Application of a
Management System,
comprising policies,
procedures, processes,
standards, etc.
COMPLIANCE
Management
assurance, comprising
monitoring, checks and
audits by Risk
Management, Quality
Assurance, PMOs, etc.
INDEPENDENT
REVIEW
Assurance through
independent reviews by
Internal Audit, External
Audit (e.g. NAO),
independent peers, or
external scrutiny.
AS
SU
RA
NC
E
AS
SU
RA
NC
E
AS
SU
RA
NC
E
Management Management
Board & external
stakeholders
18 Oct 06 10
3 lines of defence model for assurance
Assurance Map
Sources of assurance
Source
1
Source
2
Source
3
Source
4
Source
5
Source
6
Source
7
Source
8
Risk 1
Risk 2
Risk 3
Risk 4
Risk 5
Risk 6
Assurance map
Assurance Map
Sources of assurance
Source
1
Source
2
Source
3
Source
4
Source
5
Source
6
Source
7
Source
8
Risk 1 ● ■ ● ■ ● ■ ● ■
Risk 2 ● ■ ● ■
Risk 3 ● ■ ● ■ ● ■
Risk 4 ● ■ ● ■
Risk 5 ● ■ ● ■ ● ■
Risk 6 ● ■ ● ■ ● ■
Assurance map
Assurance Map
Sources of assurance
Source
1
Source
2
Source
3
Source
4
Source
5
Source
6
Source
7
Source
8
Risk 1 ● ■ ● ■ ● ■ ● ■
Risk 2 ● ■ ● ■
Risk 3 ● ■ ● ■ ● ■
Risk 4 ● ■ ● ■
Risk 5 ● ■ ● ■ ● ■
Risk 6 ● ■ ● ■ ● ■
Assurance map
Assurance SIG
18 Oct 06 14
• There are four work streams currently under way or in the
process of being born:
– Integrated assurance • Developing approached to collaborative working between
assurance providers (Guide published in 2014)
– Project Auditing • Sharing approaches and experiences in project auditing, and
developing best practice guidance
– Measures for Assuring Projects • Investigating and developing guidance on measures that can be
used to gain assurance
– Assurance of Agile projects • Development of guidance to applying assurance principles in
fast-moving Agile environments
• Plus, we have three others at the idea stage: – Assurance of organisational change
– The Business Case for assurance
– Maturity modeling for assurance
18 Oct 06 15 http://www.apm.org.uk/news/new-apm-book-release-guide-integrated-assurance-video#.U427QKz1DRk
Questions
• [email protected] – TfL-related
• [email protected] – general assurance SIG
• [email protected] – specific assurance SIG
• http://www.apm.org.uk/group/apm-assurance-
specific-interest-group
18 Oct 06 16
Questions & further information
Remember: assurance is glamorous!
1 December 2010 17
"Glamour is assurance. It is a kind of
knowing that you are all right in every
way, mentally and physically and in
appearance, and that, whatever the
occasion or the situation, you are
equal to it.”
- Marlene Dietrich (actress, 1901-
1992)
Top Related