Project assurance skills and Prince 2 for IT auditors

The challenge of IT Project Assurance

Project assurance can be a challenge; change programmes are notoriously complicated with many dependent parts contributing to an overall goal. Project managers often have a different view of success to their sponsors. Processes, governance, control and approach vary wildly. Controlling projects through effective change management and governance increases delivery cost, and should reduce delivery risk accordingly. But sometimes it just increases cost, and it all goes wrong anyway.

If you’re auditing projects, you may not have run major projects. So it’s important to keep any open mind. Often what appear to be deficiencies may not be, and just as often a minor deficiency can disguise major problems.

So assuming you want to improve your skills in this area and also perhaps provide some extra credibility to management, or demonstrate awareness to an auditee, you might decide to do some training. In the UK, project management training tends to comprise one of:

  1. Training in software development methodologies such as Agile. Essential, but a little beyond our scope here as we are looking at all types of change project.

  2. Informal or internal training in your company’s approach. You may not get this by default, but if your company trains their project managers internally they will often be happy to have you learn with them too.

  3. The Project Management Institute’s PMP, and related professional project management qualifications. The accessibility of these vary as practical experience requirements are more geared to dedicated project and change management professionals. That said, there is now a project risk management qualification available that would be well suited to anyone looking at project assurance and IT project auditing.

  4. Prince 2, a project management methodology (available globally, but more recognised in the UK) that is designed for larger projects, with it’s own qualification that can be done in about a week.

The rest of this article discusses Prince 2, for two reasons. Firstly, I’ve done it myself so I know what I’m talking about. Secondly this article is about enabling qualifications for IT audit careers, and this is one you can do. For other suggestions, skip to the end.

Prince 2

Prince 2 is a project management methodology for running controlled and managed projects and programmes. It was originally established by the UK government, and whilst there’s not a lot of evidence that they are any good at project management – and plenty of evidence to suggest they can be rather bad at IT project management – the methodology itself has been picked up by the private sector as a thorough approach to managing a project in a controlled way, and is now used globally with some success. Relatively few organisations apply it ‘by the book’ – most will adapt it to their own needs and risk profile.

How can I become a Prince 2 Practitioner?

You will need to undertake a course, normally around 5 days long, and two multiple choice exams. The first, Prince 2 Foundation, is fairly striaghtforward, closed book, and most course providers run this on the afternoon of the second day or the morning of the third day of the course.

The second exam, Prince 2 Practitioner, requires you to stay awake and pay attention all week whether you have prior project management experience or not. You’re allowed to take the manual to the second exam, but it won’t help much as there is a time limit. The best exam tip is to make sure you know exactly where everything is the manual, so if you have time at the end you can go through the questions you’re not sure about with the manual to hand.

What does Prince 2 cover?

The syllabus is based on the manual originally produced by the Office of Government Commerce (OGC), and is designed to enable you to manage a project using a defined methodology. As a result, it doesn’t cover other approaches to project management. The other point to note is that whilst it will explain the process, it doesn’t help you assess it’s appropriateness or applicability in your organisation or project.

What does it cost?

The fees are set by course providers – in the UK, expect to pay anything from £1,000 to £5,000, including the manual and exam fee. You can, in theory, take the exam directly. It’s more expensive though, and no-one does. To make sure you get value for money, ask around to find the good trainers and course providers in your area. Whilst it’s not cheap, pass rates are fairly good and arrangements can be made to resit.

How long will it take?

Generally a week. If you’re not familiar with project management, it’s a good idea to spend some time getting familiar with the approach first.

Do I get letters after my name?

You can call yourself a ‘Prince 2 Practitioner’. That’s quite a lot of letters though, so it’s one for the CV rather than the business card.

Do I need to do CPD?

No. The certification is valid for five years, after which you need to sit an update exam. Usually, this is done as part of a short refresher course.

Is it for me?

I certainly learned a lot about why managed projects go wrong, and why they cost so much!

If you audit projects run along fairly traditional lines or in a bureaucratic manner, it’s the most appropriate project management certificate. If you audit public sector projects in the UK, it’s a no-brainer. If, however, you spend your time with software development teams who use words like ‘agile development’ and ‘extreme programming’, you may find it harder to apply in a meaningful way.

If you’re not sure what approach your organisation takes, speak to the project managers and ask them if their methodology is based on or developed from Prince 2. If the answer is yes, Prince 2 Practitioner will raise your credibility and help you understand their approach, how major change programmes are governed and controlled, and what can go wrong.

How do I get started with Prince 2 Practitioner?

Visit the Axelos web site to find out more about Prince 2, or do a web search for training courses near you.

I like efficiency. What could I do instead?

Look at PMP-RMP. And agile, because agile development principles can be applied very successfully to projects in any field, well beyond software development! There’s even a Prince 2 Agile certification now.

Previous
Previous

Lessons from the MGM cyber attack

Next
Next

A personal experience of CISSP boot camp