Meeting The Infrastructure Moment: How Owners of Projects/Programs Will or Won’t Succeed Part VI: Compliance

Once your organization has developed internal structure, processes, and procedures as we covered in Part I of our series, and then as it has progressed to develop a detailed plan and budget as we covered in parts 4 and 5 of our series, the next step to successfully delivering the program is to establish systems, processes, and staff dedicated to Compliance.???

Compliance is not the final destination, rather a continuous process to drive operational improvements.?It provides the “guardrails” and is meant to keep a project on track and meeting its objectives.

Compliance comes in many forms.?It can be focused on internal requirements, quality, budget, or schedule requirements, or it can be focused on external regulatory requirements, such as how or when funding can be used.?Regardless of the application of focus of compliance practices, they share several important parts:

PROJECT/PROGRAM CONTROLS

Integrating strategic, financial, operational and information technology into a program’s compliance framework is critical to operational success and meeting external requirements. Many organizations focus primarily on the Information Technology (IT) compliance aspect of their businesses. IT compliance is a tool or enabler for evaluating system controls over a process, project, or program.?A successful compliance framework incorporates both the systems (IT) and management controls (best practices), which when successfully aligned and combined, create the basis for ongoing project and program controls.?Controls, in turn, allow for effective measurement of a project or program’s progress and lay the foundation for ongoing successful management of outcomes. ??The combined commitment to systems and management controls also helps mitigate risks.?Although most owners of essential infrastructure or mission-critical projects aspire to have controls in place that are entirely preventative and automated, the reality is that comprehensive controls still must rely heavily on detective and manual control processes and practices to ensure no gaps and adapt to the dynamic nature of most projects, programs, and associated risks.?

COMPENSATING CONTROLS/AUDIT

In addition to the ongoing controls process, developing compensating controls or audit practices are vital to sustainable, repeatable, and successful compliance outcomes. For example, when managing Federal grants, state or local government agencies must comply with program requirements delineated in the award agreements.?Compliance failures - whether programmatic such as approving an ineligible participant or financial such as submitting an unallowable cost for reimbursement, can have long-term consequences.?In the example of an agency managing a federal award, compliance failures may lead to funding obligations or having to refund the grant award, partially or in its entirety.?

These financial and operational process risks can be mitigated by Project Leaders through establishing audit or test results that will allow them to conclude whether their systems/processes are working as expected and provide insight and recommendations for improvements.?When we engage in providing system and process audits of control functions, the following are key considerations that are often overlooked by Owners:

• Focus efforts on the areas of greatest risk, importance, and value to the project or program.?Just because a threat exists, does not mean it is a high probability of occurring or will have high impact if it does occur.?
• Increase active involvement and buy-in of management in the risk assessment process and the resulting outcomes. ?Even the most thoughtful and thorough controls processes and systems fail without organizational buy-in and commitment.
• Increase the involvement of subject matter professionals on targeted and key risk or compensation control areas.?
• The controls systems and processes are “off the shelf” and are not designed or tailored to fit the project or program needs and culture.?
• Comprehensive and expensive systems and processes are developed that are then unable to be updated or modified to meet dynamic project needs.?Owners that build systems and processes in a modular manner are better able to adapt and reduce “sunk costs”.
• An approach that is consistent, overarching, relevant, and useful, yet scalable and flexible so that it may be applied to any level within a project or program.
• Leveraging of program or project leadership, lessons learned control catalogs or industry-leading practices such as COS[1] O’s incorporation of governance guidance on risk management and control.

To successfully administer the federal funding granted for projects a client organization must understand all aspects of the related disbursement requirements. This can result in evaluating existing processes and identifying the need to adjust some to be compliant. It also requires identifying the necessary data collection and analysis constraints that will likely drive expenditure reporting requirements.

SYSTEMS TO IMPROVE EFFICIENCY & ACCURACY

Project Management professionals stress the importance of a continuous commitment to mitigating project risks throughout the project life cycle. Inconsistent application of risk management practices can lead to compliance failures, cost overruns, or scheduling delays. By leveraging lessons learned, applying project management best practices, and effectively using technological advancements, today's Project Management professionals can ensure project objectives are met; on-time, within scope, and on budget.

In Part VII of our series, we will further explore how to leverage technology and systems across the project and program.?

Guenther Preuhs is Executive Vice President, Program Controls based in the Anser Advisory Chicago office and David Jahosky is Vice President based in the Tallahassee, Florida office.

[1] COSO - Committee of Sponsoring Organizations of the Treadway Commission