Auditing Major Projects



Why you should attend

  • How many projects do you know which have been delivered on time, to budget and fully met the needs of all the parties involved?
  • Not many I am sure will be your answer.
  • Experience has shown that risks are rarely fully identified prior to a project being approved.
  • Not only does this result in unexpected risks arising after the project has commenced, but also the true impact of key risks will often be misunderstood.
  • Having an Internal Audit involvement throughout the project life cycle, from the proposal stage to the post implementation review, is a proven way to maximise the opportunity to deliver the project to time, to budget and fully meet the needs of all interested parties.

After completing this course you will be able to

  • PROMOTE the benefits of an audit involvement in all key projects
  • APPLY the concepts and practical application of a risk based approach to project audit
  • AUDIT major projects with confidence
  • HELP identify project warning signs and influence positive action
  • IMPLEMENT proven techniques to ensure that more projects meet their agreed objectives
  • UNDERSTAND how to identify, mitigate and control project risks effectively
  • ENSURE that key controls are not omitted when a project is under pressure

Who should attend

Who should attend

  • Heads of Audit, Audit managers and senior auditors
  • Auditors responsible for undertaking project audits assignments
  • Other professionals who need to understand the risks impacting complex projects
  • Managers and Directors of business functions – to aid their knowledge of a risk based audit approach to projects.

Course Details

Course Level

  • This is an intermediate level course and delegates should ideally have at least 3 years’ experience in Internal Audit to attend
  • No advance preparation is required
  • Delivery method – On-line-live (with exercises and role-plays to simulate audit scenarios and situations that new auditors will encounter)

CPE credits

Business Risk Management Ltd is a certified training provider and participants will earn 9 CPE credits ( in the Auditing field of study)


Day 1     Understanding Project Risk

Why projects fail

  • Is risk an uncertainty or a surprise?
  • Something that can go wrong or failure to get things right?
  • Risk cultures and the impact on project delivery
  • Why projects often fail.
  • OGC paper – common causes of project failure
  • The need for a formal approach to risk management
  • Risk appetite and the implications for projects
  • Selling the benefits to top management
  • High profile project failures and the lessons to learn
  • Exercise 1   Why projects fail

The major project risks

  • Business benefit poorly defined
  • Scope of the project poorly defined
  • Project sponsor not committed to the project
  • Difficult to engage business functions or partners
  • Lack of project management experience
  • Unclear or inconsistent PM processes
  • Business requirements unclear or changing all the time
  • Technical requirements complex or new
  • Complex system interfaces
  • Unrealistic timescales
  • Man hours required very extensive over short time windows
  • Long estimated project duration
  • Type of project new to the business
  • High dependency on outside parties (consultants, subcontractors)
  • Businesses processes require major change
  • Unfamiliar project technology
  • Heavy customisation of packaged solutions
  • The 10m golden rules of project management
  • Exercise 2   The key project risks check-list

Project Risk Identification and Evaluation

  • Approaches and techniques
  • How to establish a risk workshop process
  • The need for effective facilitation
  • Facilitation skills
  • Establishing workshops
  • The use of diagnostic questions and thought-provokers
  • The pros and cons of using data capture technology
  • Other methods of risk identification
  • Monte Carlo Simulations
  • Bayesian networks
  • Scenario planning
  • RAMP methodology
  • How to identify, sift and group the risks
  • Measuring the consequences and the likelihood of occurrence of each risk
  • The use of risk matrices to prioritise the risks.
  • Exercise 3:  Risk and reward

The business perspective

  • Different types of project and their implications
  • Selection of Professional Services providers
  • Financial planning consultants
  • Engineering firms
  • Design/Construct providers
  • Construction managers
  • Facilities management
  • The growing popularity of turnkey approaches
  • Choice of contractor
  • Principal contract terms
  • Other legal and regulatory requirements
  • Financing the project
  • Choice of methodology
  • Selecting the project manager
  • Procurement process
  • Exercise 4 The business benefits

Auditing major projects

  • IIA new paper – Introduction to project auditing
  • Assessing the project life cycle
  • The need to assess the risk maturity of the project
  • Commitment to risk management
  • Reviewing project risk registers
  • The questions to ask
  • Assessing the project risk appetite
  • Reviewing the effectiveness of the risk management process adopted
  • Determining which  risks should be concentrated on in the audit
  • Management evaluation of mitigation controls
  • Identification of risk exposures
  • Dealing with the exposures (the 4 Ts – terminate, tolerate, treat or transfer)
  • Reviewing risk ownership and identifying gaps
  • Exercise 5:  The audit involvement in the project lifecycle

Day 2 Auditing major projects

Strategic Project Audit Planning

  • Determining which projects to audit, to which frequency and to what depth
  • Determining the level of assurance required
  • Determining the level of assurance that can be provided
  • Exercise 6:  Determining project audit priorities

Project auditing in practice

  • Determining the scope of a RBA assignment
  • Whether objectives are being delivered efficiently and effectively
  • Whether risks have been identified, evaluated and are being managed
  • Whether controls mitigate the risks effectively
  • Where risk exposures exist action is being taken to improve controls
  • Whether appropriate management oversight is in place
  • Exercise 7:  Scoping a RBA assignment of a major project

Selecting a Contractor

  • The tendering process
  • Success criteria
  • Use of approved organisations
  • Categories of Risk in procurement
  • Partnering and Risk
  • Contract negotiation
  • Contract award
  • Exercise 8:  Risks in Contractor selection

The project in progress

  • Design methodology
  • Site environment
  • Measurement and valuation methods
  • Evaluating the Quantity Surveyor process
  • Variations and claims
  • Performance management
  • Payments
  • Liquidated damages
  • Performance guarantees
  • Sub-contractors
  • Contract finalisation
  • Exercise 9:  Auditing the project during the ‘active’ phase

Cost control and accounting

  • The project budget
  • Cost control and forecasting
  • Cost accounting
  • Schedule control
  • Dealing with cost over-runs
  • Exercise 10:  Auditing the project costs

Handover and post audit

  • Commissioning risks
  • Completion certificates
  • Maintenance agreements
  • PFI contracts
  • Post completion reviews
  • Learning from successes and mistakes
  • Exercise 11:  Completing a post audit of a project

Auditing systems under development

  • Why auditing systems under development need not compromise your wider audit role
  • The need to audit at key stages – not to be part of the project team
  • Ensuring that the processes and policies are complied with
  • Determining the points of potential failure
  • Ensuring controls are not bypassed – due to time constraints
  • Ensuring risks are identified at the start and regularly reviewed
  • Ensuring sufficient end user involvement
  • Audit stages and the questions to ask
  • Exercise 12 – Challenges of systems development audit

About Phil Griffiths

Phil Griffiths, FCA

Phil Grifffiths

Phil Griffiths is founder and Managing Director of Business Risk Management Ltd.

A Chartered Accountant, he has over 30 years experience in risk management, Corporate Governance, internal audit and fraud prevention as practitioner, professional adviser, facilitator and trainer.

His areas of specialism are:


  • Assisting Senior Management to identify, manage and then exploit the risks within their business via facilitated business risk management programmes
  • Helping Internal Audit functions to implement world class standards.
  • Developing fraud prevention, detection and investigation programmes
  • Training both private and public sector organisations in all the above disciplines.

He has extensive experience of the European, Asian, Middle Eastern, and African markets having trained professionals from over 1000 organisations in these regions during the past 15 years

He has extensive experience of managing and auditing major International projects. He has also direct experience of negotiating major contracts (including the largest mobile telecommunications contract in the world at the time)

Phil has developed strategic alliances with professional bodies and world renowned training companies, to deliver training and consultancy services across Europe, Asia, the Middle East and Africa.

He has developed over 300 training courses on all aspects of internal audit, risk management and fraud and delivered them across the globe.

He has led risk management programmes for more than 120 private and public sector clients tailored specifically to include facilitated workshops, development of risk strategies and assistance with implementation

He is an accomplished author. His book ‘Risk Based Auditing’ is an international best seller and his new book ‘Enterprise Risk Management – the key to business success’ is receiving much acclaim

Phil has published research into many aspects of internal audit and risk management best practice, including “Strategic Risk management” “The Need to Co-ordinate Assurance Providers” and “The Expectations of Chief Executives towards Internal Audit and its future”

He is recognised as an accomplished and charismatic facilitator, trainer and lecturer and is in continual demand to speak at the most prestigious events on risk management, internal audit and fraud.

Schedule Overview

Course Fee and Timings

The fee for the 2-day course is GBP 500 (US$ 650) which includes comprehensive course materials. The course will consist of three 1.5 hour sessions each day.

The course will consist of three 1.5 hour sessions with the following UK timings

  • 9.00 – 10.30 Session 1
  • 10.30 – 10.45 Break
  • 10.45 – 12.15 Session 2
  • 12.15 – 13.00 Break
  • 13.00 – 14.30 Session 3


Back to Top

Enter your email and subscribe for regular updates from Innoverto