Assuring success in large business programs Internal audit s role in strategic risk management



Similar documents
Release Management: Effective practices for IT delivery

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week /21/2013. PwC

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.

Program and Budget Committee

Risk management and the transition of projects to business as usual

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Shared Assessments Program Case Study

Driving Excellence in Implementation and Beyond The Underlying Quality Principles

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

Development and Acquisition D&A

How To Integrate Hr

Effective Model Risk Management for Financial Institutions: The Six Critical Components

TEN TIPS FOR A SUCCESSFUL INFOR IMPLEMENTATION

Navigating the transition to CSAE 3416

PPS Initiative Changing the Way We Work*

Development, Acquisition, Implementation, and Maintenance of Application Systems

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3)

Solutions. Master Data Governance Model and the Mechanism

SEVEN WAYS THAT BUSINESS PROCESS MANAGEMENT CAN IMPROVE YOUR ERP IMPLEMENTATION SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND

Effective AML Model Risk Management for Financial Institutions: The Six Critical Components

Assessing the Appropriate Level of Project, Program, and PMO Structure

Keys to a Successful Outsourcing Transition

Project Governance a board responsibility. Corporate Governance Network

EHR IMPLEMENTATION SURVEY: Proactive Consideration and Planning Lead to Successful EHR Implementation

Software License Compliance Review

IT Governance. What is it and how to audit it. 21 April 2009

Business Resiliency Business Continuity Management - January 14, 2014

Template K Implementation Requirements Instructions for RFP Response RFP #

SERVICES. Designing, deploying and supporting world class communications solutions.

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Datacenter Migration Think, Plan, Execute

PUBLIC RELEASE PATENT AND TRADEMARK OFFICE. Inadequate Contractor Transition Risks Increased System Cost and Delays

Project Risk and Pre/Post Implementation Reviews

Utilities Webinar Asset Lifecycle Management and Capital Projects & Infrastructure

Mitigate Risk for Data Center Network Migration

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Project Management/Controls and their impact on Auditing and Accounting Issues. October 31, 2012

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Driving Business Value. A closer look at ERP consolidations and upgrades

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)?

SEVEN WAYS TO AVOID ERP IMPLEMENTATION FAILURE SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND

Entitlements Management System (EMS) Technology Update Project Health Check Review

Compliance & Internal Audit Collaboration

Essentials to Building a Winning Business Case for Tax Technology

Essential Elements for Any Successful Project

Software Development Moves from a Craft to an Engineering Discipline Using the Essence Standard

Agency for State Technology

Exposing the hidden cost of Payroll and HR Administration A total cost of ownership study

OE PROJECT CHARTER TEMPLATE

New supervisory guidance on model Overview, analysis, and next steps

Project Audit & Review Checklist. The following provides a detailed checklist to assist the PPO with reviewing the health of a project:

The 2015 Manufacturing ERP Report

Enterprise Resource Planning Systems in Higher Education

MNLARS Project Audit Checklist

14 TRUTHS: How To Prepare For, Select, Implement And Optimize Your ERP Solution

Risk Management Primer

Global Payroll? A Few Planning Considerations. Human Resources Globalization

RISK ADVISORY SERVICES CONSTRUCTION AUDIT SERVICES

White Paper. The Hidden Benefits of Human Resource Business Process Outsourcing (HR BPO) SOURCING ANALYTICS

The hidden reality of payroll & HR administration costs

Capital Project Services Middle East. Establishing a basis for effective project control

Adopting a Continuous Integration / Continuous Delivery Model to Improve Software Delivery

Enabling HR service delivery

The PNC Financial Services Group, Inc. Business Continuity Program

2015 ERP REPORT. A Panorama Consulting Solutions Research Report

A comprehensive strategy for successful data center consolidation

EXECUTIVE SUMMARY...5

A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I

<name of project> Software Project Management Plan

Internal Audit. Audit of HRIS: A Human Resources Management Enabler

IT GOVERNANCE ISSUES IN THE INSTITUTIONS WE HAVE AUDITED: LESSONS LEARNED

T31: Before, During and After Outsourcing David Fong, BlackRock

Leading Practices in Business Transformation

Project Management Change Management Procedure

Industrial Rapid Implementation Methodology (InRIM)

Project Quality Review Form

Monitoring capital projects and addressing signs of trouble

PROJECT MANAGEMENT FRAMEWORK

Top 10 System Implementation Audit Considerations

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Strategies to Help Vendors Optimize Their Long-term Global Contracts

Vendor Management. Minimizing Value Leakage. Deloitte Consulting LLP. November 19, 2013

Establishing a Mature Identity and Access Management Program for a Financial Services Provider

Finding the Sweet Spot. Using analytics to combine Fraud and AML

pm4dev, 2007 management for development series The Project Management Processes PROJECT MANAGEMENT FOR DEVELOPMENT ORGANIZATIONS

SEVEN STEPS TO ERP HEAVEN

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Driving performance and value through strategic vendor management

Domain 1 The Process of Auditing Information Systems

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Scale agile throughout the enterprise A PwC point of view

zoomlens January 2012 Why General Counsel should care about Software Asset Management

P3M3 Portfolio Management Self-Assessment

Project Management Plan for

The PMO as a Project Management Integrator, Innovator and Interventionist

Managing risk in construction projects how to achieve a successful outcome*

Enterprise Performance Life Cycle Management. Guideline

When companies purchase an integrated learning

Leveraging advanced controls with E-Business suite implementation and upgrade projects

Transcription:

The resilience, reputation and value of a company can be positively influenced by successful transformation projects. Assuring success in large business programs Internal audit s role in strategic risk management

92% of chief audit executives see internal audit s role as being important or very important in managing large program risks. PwC s 2012 State of the Internal Audit Profession Study Implementing lasting change and transforming business functions helps organizations gain a competitive advantage, playing an important role in their long-term strategy. However, our 2012 State of the Internal Audit Profession Study revealed that chief audit executives and stakeholders also see large program failure as one of the major risks organizations face. Failed projects can have both short- and long-term impacts on your organization and are often the result of project or program practices which are not mature and do not address risks sufficiently. Ineffective project management can lead to suboptimal use of resources, duplication of effort or systems and an inability to deal with risks upfront, which can in turn significantly increase costs. A lack of focus on strategic goals and failure to realize the benefits sought from transformation projects can result in a demoralized workforce that resists change. If the project is high profile, failure can also result in reputation loss. Internal audit can help identify many of these risks early in the project lifecycle, which in turn will provide you with sufficient time to course correct and help you obtain maximum value from your business transformation projects.

Transforming your business The resilience, reputation and value of a company can be positively influenced by successful transformation projects. In an environment where requirements are becoming more complex and regulatory pressures are escalating, achieving positive outcomes in transformation programs and satisfying stakeholders are becoming progressively more important and challenging. With the changing landscape, company executives increasingly need to mitigate the risk of projects not delivering on their objectives and providing the value expected. They need confidence that they re investing in the right programs, some of which can make or break the organization, and assurance that all programs will deliver expected benefits so they can do more with less. Unfortunately the success rate for large projects is low. Large information technology (IT) change projects for example have an average cost overrun of 27% and one out of six projects are black swans they overrun their cost by over 200% and schedule by over 70%. 1 Given the strategic impact that large-scale projects have on business, organizations must capitalize on innovation, measure progress, value, and risks, and confirm that the right projects can be delivered in alignment with organizational strategy. To manage the strategic risk of a failed project, organizations can turn to internal audit from the beginning of the project lifecycle to serve as an early warning beacon and help mitigate the high risk of project failure. Internal audit has traditionally provided assurance for compliance and financial risks. According to the results of our recent 2012 State of the Internal Audit Profession Study, there s now also an expectation for internal audit to rise to a new standard to stay in alignment with stakeholder expectations. Active involvement of internal audit in large projects helps ensure that critical success factors such as risk management and independent reporting to the board are well-defined and on track. With shifting risks and the need to ensure success for large programs, expectations of internal audit have gone up. 1. B. Flyvbjerg and A. Budzier. Why Your IT Projects May Be Riskier Than You Think. Harvard Business Review. 2011. Assuring success in large business programs 1

When should internal audit be involved? A large project goes through distinct stages, from the time it is planned until the time benefits are realized. There s a significant role for internal audit to play throughout the project lifecycle. There are numerous benefits of engaging internal audit early on in the project lifecycle, such as: better organizational readiness early identification, greater understanding and improved resolution of issues increased likelihood of delivering the project on scope, on time and on budget better change management so that new systems are embraced increased project control to maximize efficiency improved ability of the internal audit and risk management functions to provide a thorough assurance solution 2 Assuring success in large business programs

Engaging internal audit early and throughout the lifecycle of the transformation program has several benefits Figure 1. The role of internal audit through the project lifecycle Planning Execution & Control Completion Benefits Review of business case and its internal governance process Clear articulation of expected benefits Validation of expected cost and related due diligence Articulation of key strategic and project risks and how they will be managed Identification of roles, responsibilities and accountabilities Project governance process Participate in steering committee Adequacy and accuracy of project reporting milestones, risks, costs and schedules Review business controls structure, change management, employee engagement and training Assess business impact and strategic changes required Evaluate impact on IT application and general controls Provide independent assurance to board Time Organizational readiness Data migration accuracy/ completeness Contingency planning Post-implementation review Controlled testing of effectiveness Review policy/procedure changes necessary Cost-benefit analysis Provide organizational feedback on lessons learnt Assuring success in large business programs 3

How internal audit can help transformation projects succeed The delivery of a successful business transformation project requires that all stakeholder expectations be met. Internal audit can help key stakeholders, such as the board, audit committees and senior management, stay up-to-date on: effectiveness of the overall program and processes appropriateness of structures and governance performance against budgets and timelines management of key risks associated with the program organizational readiness for implementation The two questions most commonly asked of internal audit by the board and executives when faced with a large, complex initiative are: Are we doing the right things? Are we doing them in the right way? Internal audit involvement should naturally be tailored to address these questions and to meet the unique risks of the program. Internal audit is often requested to get involved with major programs and projects 4 Assuring success in large business programs

Are we doing the right things? Initial baseline risk assessment of the project: Through this step, internal audit can understand the key elements of the project, including approach, methodology, activities, timelines, resources and requirements. This step helps determine the specific processes and controls that are in place, and identifies the key risks so that internal audit can tailor the detailed checkpoint reviews to cover the risks. Performing ongoing health checks : Ongoing reviews by internal audit help ensure that the key risks related to the project scope, timelines, cost and deliverables are identified and appropriately managed. The timing and scope should be adjusted to address project risks, status, milestones and audit committee or board requirements, based on internal audit s assessment. Assuring success in large business programs 5

Are we doing them in the right way? Risks can quickly become major issues during the course of large business projects. It s imperative for internal audit to be involved at the individual workstream level to help identify and monitor key risks. The following aspects of project management are critical success factors where internal audit can perform assurance or provide value-adding advice: Business case validation Large-scale programs are typically driven by detailed analyses, culminating in a business case that s validated by management and approved by the board. Even before the actual program begins, key questions, assumptions, analyses and other components of the business case may be misaligned with the corporate strategy, organizational structure and capability, technical complexity and competency or a number of other factors. Industry emerging trends, forthcoming regulatory developments and evolving technology can also compromise elements of the business case. Reference and validation back to the business case through the project lifecycle is a leading practice. Unfortunately, many projects start with a great business case but then don t objectively measure, assess and report on it. Rather, the project team becomes solely focused on project management scope, cost and timelines and the project drifts away from the expected benefits listed in the business case. Subsequently, organizational expectations are not fully met and benefits not fully realized. Internal audit can help: evaluate the linkage between project metrics and strategy when the business case is prepared evaluate individual components (e.g. financial models) and challenge assumptions within the business case as it is presented support the program team in the benefits tracking and realization processes during project execution Program implementation: A people, process and technology perspective Large business transformation programs need to focus on successful process alignment, technology deployment and people engagement. There are some critical components that form part of the decision to go live and help the program stay on track. Internal audit can help with both the decision to go live and measuring the success of the program applying a lens of people, process and technology: From a process perspective A systematic and organized set of processes brings order and efficiency to a project. Having the proper procedures, controls and authorizations in place improves system usability and the quality of reporting and data. Internal audit can help: verify that standard operating procedures are in place validate completion of testing and data conversion processes advise and help identify relevant process-level risks support the design of business process controls to mitigate process-level risks and provide certification analysis evaluate go-live processes such as the creation of a transition team, parallel runs, crossover steps, contingency plans (including roll-back), end-user computing and output demands, risk management and issue escalation and resolution evaluate transition plans and identify any operational and organizational issues that are critical to launch assess whether any duplications exist in systems or efforts ensure interdependent risks are being managed There s often a trade-off between controls and process effectiveness. It s important for internal audit to keep in mind that each potential process control should be examined on its own merit to determine if the benefits outweigh the risks. 6 Assuring success in large business programs

Case study 1: Large payroll implementation The organization: A public sector organization The project: A multi-year implementation of a new payroll system to help integrate more than 10 different systems onto a new platform. The role of internal audit: Management and board wanted assurance that the project was well planned and key conversion risks were being adequately addressed. The in-house internal audit function was asked to provide assurance throughout the life of the project. Key responsibilities included a review of: transition of IT and business process controls from the legacy systems to the new system data transformation and migration change readiness of the organization readiness of the organization to go live segregation of duties and IT roles structured within the new system contingency planning and framework if things did not go as planned post-implementation walkthrough and testing to ensure processes are operating as planned Key benefits of engaging internal audit: The internal audit team provided ongoing assurance on program risks to those responsible for oversight and governance. Specifically, to launch the new system: Internal audit was able to raise a red flag when the organization was not ready to go live with the project and helped the project management team realize that they needed more time to ensure a smooth launch. Greater awareness was raised by the internal audit team on the need for better change readiness across the organization, in areas such as training and communicating the changes that would affect people. This was considered as adding significant value to the overall project success. Assuring success in large business programs 7

From a technology perspective Technology forms the foundation for the processes being implemented, but it s important to keep in mind that many portions of business processes are not enabled through technology alone. Organizations purchase and create systems and tools to automate and support the processes of transformation programs, but a great deal of money is often spent on systems that are subsequently not used. Additionally, sometimes the entire range of capabilities of technology systems is not used effectively. Internal audit can help: ensure that functional needs, including forms and reports, are in place audit hardware and software environment (operating system, network, user workstations, printers) check interface projects measure application, operating system and network security evaluate transition plans for technical processes and data evaluate IT system integration and data migration in terms of both quality and security validate and track benefits and cost savings From a people perspective Engaged and experienced staff often leads to project success. People in the organization execute transformation programs, and their engagement and performance is critical to the success of such programs. Additionally, project staff need to have the right skills, experience and certifications, without which the project can be at significant risk. Internal audit can help: check whether end-user training and guides, including transition readiness, are in place provide an analysis on postimplementation sustainability measure resource utilization control and assess culture within the organization analyze whether skills and capability of the team are well suited to the project The role of internal audit is changing with the evolving risks of the business. The time is right for internal audit to step up to the next level and help the business ensure success for its critical projects. From going live to measuring program progress, internal audit can help large projects succeed every step of the way. 8 Assuring success in large business programs

Case study 2: Transforming organizational capability The organization: A large Canadian telecommunications service provider The project: Launch a large new product line that would help the organization strategically transform its service offerings. The role of internal audit: Manage the board s expectations and mitigate risks from strategic planning to launch related to: scheduling costs expertise and capabilities the decision to go live The end benefits of engaging internal audit: Since this was a very high profile and important project for the organization, internal audit used the hub and spoke model for bringing in subject matter experts for this review. They maintained core risk management expertise internally but augmented its capabilities with external product risk expertise. Some significant risks related to the project were allayed by the expanded internal audit team: The schedule for the product launch was too aggressive, and changing the schedule based on internal audit advice helped reach a more realistic timeline. Despite initial resistance from the project team, the value of the risk advice was realized and timelines were changed, which helped the project launch more effectively and gain wider acceptance. Vendor risks were not being managed adequately, and there was a heavy reliance on third-party vendors who may not have been able to deliver as planned. These risks were identified and addressed. Assuring success in large business programs 9

For further information on the support internal audit can provide for business transformation projects, please contact: National Internal Audit Leader Matthew Wetmore 403 509 7483 306 668 5930 matthew.b.wetmore@ca.pwc.com Vancouver Mike Harris 604 806 7711 mike.harris@ca.pwc.com Sunil Rajan 604 806 7644 sunil.rajan@ca.pwc.com Calgary Alistair Bryden 403 509 7354 alistair.e.bryden@ca.pwc.com Alexander Hilsbos 403 509 6372 alexander.hilsbos@ca.pwc.com Jill Johnston 403 781 1844 jill.m.johnston@ca.pwc.com Justin Abel 403 509 7522 justin.abel@ca.pwc.com Edmonton Arun Gupta 780 441 6717 gupta.arun@ca.pwc.com Khaled Keshk 780 441 6873 khaled.keshk@ca.pwc.com Saskatoon Paul Vail 306 668 5912 paul.x.vail@ca.pwc.com Winnipeg Robert Reimer 204 926 2442 robert.j.reimer@ca.pwc.com Toronto Bruce Webster 416 815 5250 bruce.j.webster@ca.pwc.com Rani Turna 416 869 2911 rani.turna@ca.pwc.com Peter Koch 416 814 5899 peter.koch@ca.pwc.com Robin Taylor 416 869 8683 robin.taylor@ca.pwc.com Issa Habash 416 365 8840 issa.g.habash@ca.pwc.com Liane Kim 416 815 5268 liane.kim@ca.pwc.com Janet Rieksts-Alderman 416 687 8598 janet.a.rieksts-alderman@ca.pwc.com Omar Tucci 416 815 5280 omar.tucci@ca.pwc.com South West Ontario Christopher O Connor 519 570 5709 christopher.w.oconnor@ca.pwc.com Montreal/Maritimes Josée St-Onge 514 205 5159 josee.st-onge@ca.pwc Kelly Ohayon 514 205 5146 kelly.ohayon@ca.pwc.com Ottawa Anthony Dias 613 755 5945 anthony.j.dias@ca.pwc.com www.pwc.com/ca/internalaudit 2013 PricewaterhouseCoopers LLP, an Ontario limited liability partnership. All rights reserved. PwC refers to the Canadian member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. 2489-07 0313

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information