Projects often present the biggest risks an organisation can have. The cost of fixing a project issue after the event is significantly greater than addressing the cause when it is first identified.Therefore, robust assurance is essential to good project outcomes.
It is relatively common for internal audit functions in organisations to perform some sort of project assurance activities. Traditionally these were focused on post-implementation review some time after a project had been completed. This generally revealed ‘lessons learned’ that would be helpful for future projects or potential improvements for the product, but post-implementation reviews were generally considered unhelpful as it occurred too late to be useful to the project.