Digital transformation programs are typically very complex, costly, and risky to the business – both in execution and delivery. For publicly traded companies, these programs are often listed as major risk items in the annual reports or 10Ks and they tend to experience a high frequency of both external and internal audits. Some organizations refer to these as internal verification and validation (IV&V). These audits have an advertised intent to protect the business. Often, however, they result in derailing programs or providing a convenient way for the system integrator (SI) or software provider to generate additional revenue.
Fortunately, there are ways to turn this audit process to your organization’s advantage, to secure your implementation, and to lower your costs.
Audits on digital transformation programs tend to fall into two categories:
- Design audits are focused on protecting the business following the implementation.
- Execution audits tend to be aligned with the delivery practices of the program.
The following are some of the types of audits that fall into each category.
- Process Integrity – These audits are focused on the design of the new business processes to confirm that proper controls have been accounted for related to financial and operational integrity.
- Security Audits – Software add-ons now provide detailed analysis of user role definition design issues.
- IT Infrastructure Integrity – These involve stress testing the overall infrastructure of hardware, data bases, networks, etc.
- Business Value / Benefits Assurance – These programs tend to take a significant amount of time to complete. CEOs and Boards often request value reviews to confirm investments will yield solid returns.
- Implementation Integrity – This is a check to confirm that the business has taken all the appropriate actions to assure a smooth go-live. Checks on training, data integrity, testing and overall organizational readiness are often included.
- Software License Audits – These confirm that the client’s usage of software is in compliance with agreements (typically executed following the go-live to maximize the software provider’s leverage).
- Quality Management – Often this check is provided by your SI. It is completed to confirm that all deliverables are in the shape that was intended.
- Project Management – These programs are incredibly complex with a lot of moving parts. These audits focus on the use of best practices in the area of planning, scheduling, and scope control.
- Program Financials – The costs of these programs will often have a material impact on the company’s financials during the execution. External auditors will want to review the program accounting practices to confirm proper treatment of capitalized and expensed items.
- Contract Compliance Audits – These audits are reviews conducted both internally and by providers to confirm that all components of a contract are being met as documented and agreed.
- Risk Management Audits – From my experience, 50% of the Program Manager’s responsibilities surround risk management in both program execution and business performance following implementation. These audits concentrate on best practices in identification, mitigation, and contingency planning practices.
Is it any wonder that with all of these audits taking place that many program managers consider them to be a disruption? The secret is to recognize that these audits are inevitable and to leverage them to your advantage.
Seven surefire ways to turn these audits to your advantage:
- Transparency with Stakeholders– Most senior management recognize that auditors stay in business when they find oversights that project teams are likely to miss. Be honest with the stakeholders and let them know your concerns up-front and keep them updated on findings throughout the audit. They will appreciate your candidness and feel confident that any serious issues identified will be remediated in an appropriate fashion.
- Proactively Schedule Audits– You typically have some flexibility in scheduling audits — use this to your advantage. In scheduling audits, consider work load schedules, time needed to remediate issues, opportunities to incorporate best practices, and the ability to leverage the findings to create political pressure where necessary. As a precondition to signing a statement of work with an SI, confirm that the work-plan accounts for time to support these audits. Before launching the program, work with your auditors to create an advanced agenda that lays out the proposed schedule, key interviews required, and the scope of the audit. This will limit any surprises.
- Align Your Deliverables with Audit Requirements– Work with your SI to proactively review standard audit questions and clearly define deliverables that support audit responses. This will clearly put you on sound footing regarding scope change requests related to an audit.
- Prepare Your Team – Audits provide both an excellent opportunity to incorporate best practices into your program but can also risk creating more work than necessary. The team you expose to the auditors will likely be the determining factor as to which way this scale balances. Select a senior seasoned staff member that will know how to handle an audit and prepare them for the questions they can expect. With junior staff you run the risk of their responses prompting additional questions and generating additional billable hours for the auditors. With the staff assigned, identify training objectives and best practices for the team to zero in on and work with the auditors to focus in on these areas.
- Vet the Auditors – Make it clear to the auditors that you expect a senior auditing team that can rapidly assess your situation and provide sound advice, allowing you to improve your operations and policies. When working with junior auditors you run the risk of having to spend a lot of time training them. The ability to draw best practice information from them will be limited.
- Enable an Efficient Execution of the Audit – If you have done the work to align the program deliverables and timed the audits with the completion of these deliverables (or at least the first draft) you are well on your way to creating an efficient process. You should also assign someone in the Project Management Office (PMO) to consistently validate that the deliverables are where they are intended to be. This person should also be responsible for assembling the information request packs for the auditors. There is no need to burn the valuable time of your project team if a clerical function can perform the assembly duties. In addition, provide an isolated area for the auditors to work in. You want them to be efficient with limited disruptions while reducing the possibilities that they will be exposed to junior associates on your team.
- Open the Exit Interview – If you have been open and transparent with the stakeholders, then inviting them to the exit interview is an excellent way to continue to build trust. It also provides an opportunity to utilize the auditors’ findings to leverage change activities in the business that have been difficult to move. Let the stakeholders do their part in working to close specific audit points that are dependent on their team’s actions. Every C-Level executive understands the critical nature of closing audit points. They do not want to find them open the next time an audit is conducted.
Thinking through these points early on in your program planning will, at a minimum, limit the disruptions your team will face. It will also reduce the possibility of an SI scope change request. Incorporated correctly, audits can be used to train staff on best practices and create an opportunity to increase leverage for change.