Common Questions about Project Assurance, Answered.

When we do Assurance work on Programs and Projects we sometimes encounter questions which reflect some misunderstanding of the role of Assurance.

This is a few examples along with our answers.
Q. The assurance team has the right of veto over key decisions such as go-live?
A. No, this is highly unlikely.  An assurance process only provides a report, which should include recommendations.  It is then up to the accountable managers or groups to make decisions as it sees fit.  Most projects do go live with some risk.  It is up to the accountable managers to make well informed decisions on behalf of their organisation.  The Assurance team helps them to be well informed.  If, of course, the project is that much in bad shape that it shouldn’t go live, then the assurance team should make this recommendation.  It doesn’t always mean that this recommendation is followed through on though.
Q. The assurance team can impact on contract milestones and whether suppliers get paid?
A. It is unlikely that this would happen directly, or that this would be a recommendation.  If an assurance team was asked to comment on the achievement of a milestone, and a supplier had a payment linked to that milestone, then this could occur.  But the accountable managers overseeing the project can always choose to ignore aspects of an assurance report, if they wish to.
Q. The assurance team can provide opinions on your performance and potentially your tenure?
A. Most assurance work is not about individual performance, but team or program/project performance.  If you are concerned about this, you can always ask the team what aspects they have been asked to review.
Q. The assurance team decides whether the project gets shut down or funded?
A. The assurance team doesn’t decide these things, but could make recommendations which have a direct impact on these decisions.  If you are concerned that the project may get shut down, or may not get funded there will be a reason for that.  Ultimately the accountable managers will need to consider their options and make a decision.  The assurance report will be an input into their decision making.
Q. The Assurance team is like an auditor and will report non-compliance?
A. It depends on the type of assurance requested as to whether it has a strong compliance focus or not.  Where there are defined standards or processes not being followed, they will likely be reported upon if they are material to the overall findings. 
Q. Is it mandatory to turn up to an assurance interview?
A. That does depend on your organisation, but it is normally accepted practice.  You have been selected for a reason.  If you do choose not to attend, it will depend on the organisation and the Program/Project Sponsor and potentially on your boss as to whether there will be any ramifications.  It can also provide some insight into the team work on the program/project if some team members don’t want to attend an assurance interview.
Q. Is it mandatory to provide requested documents/deliverables?
A. If there is no apparent reason to withhold access then this won’t go down well, as it kind of wastes everyone’s time.  If you feel you have a good reason for withholding access, then you should let the Assurance team know, seek direction from the Sponsor or your boss, and then comply accordingly.  If the Assurance Team can’t get access to some documents for a variety of reason than this would be reported upon and it may change the complexion of risks and issues reported upon.

Article Written By: Mark Nicholls

Managing Director, Information Professionals. 






Founder and Managing Director. He is one of the most trusted IT management advisors in Australia, and has managed, advised or reviewed some of the most complex IT and Change Management projects in Australia.

Project Assurance: When Is The Right Time?

If you are overseeing a Program or Project, is there a right time or a wrong time to perform Assurance?

To answer that question, we have to consider a few things, such as:

  • What is the purpose and objectives of the assurance?  There can be many reasons to perform assurance.  It could be something you normally do.  It could be a part of the standard governance process for your organisation.  You could be particularly concerned about the risk of the Program or Project.  And depending on the purpose there will be certain areas that will be of more interest.  These can all play a determining factor in the best timing.
  • What is the staging and timing of the Program or Project.  Every Program or Project has a lot of work to do in the normal course of business.  This creates pressure on the team at different points, but also allows the team to solve some risks in the normal course of their work.  There are also key points in most programs or projects at which you want to have risk mitigations or avoidance plans in place.  An obvious example is a go-live or cutover.
This results in four criteria that we use to influence recommended timing for our clients:
  1. Governance Requirements.  If you need to obtain approval from Project Owners, Sponsors or others than that will dictate some timing.  This could be approval to release funding, authorise the engagement of a supplier or some other governance authority.
  2. Resolve in Due Course.  Depending on what the objectives of the assurance, if you review too early, you will largely identify things that are yet to be done but will be done if you would have performed the review later.  A review like this is largely a waste of time for all involved.
  3. Address Recommendations.  Again, depending on the objectives of the assurance, if you review too late, you may come up with some very valuable findings and recommendations, but there is simply insufficient time to address them without causing some other delay or other impacts occuring. If this happens you just end up being very knowledgeable about your risks but more limited in options as to what to do about them.
  4. Peak Load.  To perform an Assurance review, it takes investment of time by key members of the Program or Project team, plus others across the organisation. If this happens at a peak load time, it may impact on the engagement and availability of those stakeholders you want to gain input from.  It could also take them away from completing critical tasks at a crucial time, resulting in the Assurace Program itself creating risk.  Obviously this is not a good outcome.
Making these assessments does take some know how of how Programs and Projects work, and the causality and dependency linkage between the various parts.  It can also require some sensitivity to the specific needs of each organisation.
As described in the first dot point, above.  All of this is predicated on one thing.  And that is defining the purpose and objectives of the assurance.  And knowing how to best define that is well beyond this post.
Do you have any other criteria that you use?  If so let us know in the comment section below.

Article Written By: Mark Nicholls.

Managing Director, Information Professionals. 
Mark is one of Australia’s most trusted IT Change Management advisors. He also has other entrepreneurial business interests that he operates through MaidenVoyages.

 If you liked this blog check out our other material at
Don’t forget to post your thoughts and comments below…

So what’s up Doc! Why aren’t you sleeping?

Written by: Georges Cascales

I was asked not long ago what kept me awake at night as a CIO. This is a great question, but an even more important question is, what helps me have a peaceful sleep.

I can recall all of those times where I tossed and turned, too tired to get up, but unable to go back to sleep. And I can say with certainty, it isn’t much fun.

I refer to those things that can keep me awake through the year as my unwelcome stimulants.  Those things that help me sleep are my relaxants. I will cover my first three unwelcome stimulants below along with the very welcome relaxants I have used with success.  

Availability of systems: A major outage of critical systems would be materially disastrous for the organisations we work for or large transactions of data which failed overnight processing would have grave consequence on the next day business operations. My relaxant is Operational Change Management. It is a critical process to mitigate this concern. If I have confidence in it and how effectively we are doing it then I sleep well. 

Security: Environments are getting more complex and the risk and number of threats is increasing all of the time. One slip may have disastrous effect on systems availability and therefore impact on the business. Well-designed security architecture and up-to-date operational systems can avoid this and hence is my relaxant.  This means being on the front foot and thinking ahead of the threat rather than being responsive to them.  If I know we are doing this then I can be at peace. 

Program Delivery: There is always the need to ensure that large programs are delivering expected benefits. However, delays in programs or programs can have the reverse effect and actually cost the organisation money. Effective and transparent program/project assurance is a critical relaxantfor me.  Knowing qualified others are looking inside the engine room of each Program and Project ensures I get my much needed beauty sleep.     

In my next post I will cover my last four unwelcome stimulants, that include my concerns for Staff Well being, Stakeholder Engagement, Vendor Relationships and Ethical Behavior.  Plus the must have relaxants that are tied to each.

I’m also aware, from experience, that there are perhaps things that I don’t know.

This means I need a general set of relaxants to help me rest easy at the end of most days. I’ll also cover what works for me in ensuring I uncover these unknowns in a following post.


IP Senior Consultant, Georges Cascales 

Georges has held senior positions for over 30 years in the ICT Industry. This has included CIO roles with Endeavour Energy and Queensland Urban Utilities. Georges has a particular understanding of the utility (energy and water) and Health industries. He has particular interest in program and project delivery and methodologies, and providing assurance and peace-of-mind for CIOs and business executives.