To answer that question, we have to consider a few things, such as:
- What is the purpose and objectives of the assurance? There can be many reasons to perform assurance. It could be something you normally do. It could be a part of the standard governance process for your organisation. You could be particularly concerned about the risk of the Program or Project. And depending on the purpose there will be certain areas that will be of more interest. These can all play a determining factor in the best timing.
- What is the staging and timing of the Program or Project. Every Program or Project has a lot of work to do in the normal course of business. This creates pressure on the team at different points, but also allows the team to solve some risks in the normal course of their work. There are also key points in most programs or projects at which you want to have risk mitigations or avoidance plans in place. An obvious example is a go-live or cutover.
- Governance Requirements. If you need to obtain approval from Project Owners, Sponsors or others than that will dictate some timing. This could be approval to release funding, authorise the engagement of a supplier or some other governance authority.
- Resolve in Due Course. Depending on what the objectives of the assurance, if you review too early, you will largely identify things that are yet to be done but will be done if you would have performed the review later. A review like this is largely a waste of time for all involved.
- Address Recommendations. Again, depending on the objectives of the assurance, if you review too late, you may come up with some very valuable findings and recommendations, but there is simply insufficient time to address them without causing some other delay or other impacts occuring. If this happens you just end up being very knowledgeable about your risks but more limited in options as to what to do about them.
- Peak Load. To perform an Assurance review, it takes investment of time by key members of the Program or Project team, plus others across the organisation. If this happens at a peak load time, it may impact on the engagement and availability of those stakeholders you want to gain input from. It could also take them away from completing critical tasks at a crucial time, resulting in the Assurace Program itself creating risk. Obviously this is not a good outcome.
Article Written By: Mark Nicholls.
Managing Director, Information Professionals.
Mark is one of Australia’s most trusted IT Change Management advisors. He also has other entrepreneurial business interests that he operates through MaidenVoyages.