Practical tips for effective project assurance and control


  1. Be clear on what the point of project assurance & control is, and the effort that will go into it.
  2. Have a plan for how Assurance & Controls gets engaged with the project, with real clarity on what is to be done, when, by whom, and most importantly why! This takes effort from all involved, and is only really successful when there is a clear common purpose and buy-in.
  3. Tailor assurance & controls activities, scale to the needs / complexity / importance of the project and the client’s appetite for and approach to assurance and control. Have a mindset to keep assurance & control activities lean, focussed and value added.
  4. Recognise the different phases of a project, and how assurance and controls should adapt to them. Most organisations have their own standard delivery roadmaps, but a simplistic approach is setup, implementation & close out. Biggest learning for me is that taking the effort to get things set up right in the first place gives the biggest return.
  5. Establish trust & build relationships: we’re all on the same team here, and that the ideal outcome as above is a successful project for the client with appropriately rewarded project teams & people. Assurance & Controls teams should have an objective, strong independent voice and opinion, but the way this is communicated and managed is really important.
  6. Recognise when things are not going well, assurance & controls interventions are difficult, reliable information is not being freely shared, relationships & trust are not where they need to be. Try to sort out as a team with open and honest conversations, do engage more senior stakeholders/ sponsors to resolve if needed.
  7. Ensure that Assurance & Controls activities are led by someone with appropriate experience (lots)and credibility. It’s a big ask to present an overview of where a project is in a comparatively short meeting/ intervention usually based on limited time and perhaps 1% of the information and context that others involved will have.
  8. Be humble also, don’t be afraid to ask dumb questions (one of my specialities) and say when you don’t understand.
  9. Employ the ‘sniff test’ — if something doesn’t smell/ feel right, usually it isn’t. Follow your instincts, be persistent and try to get to the root cause.
  10. Make sure that reports/ outputs of assurance activities are digestible, with good summaries and easy access to key takeaways, with appropriate detail / backup.




  1. Let it become a superficial tick-box exercise to meet a required process/ corporate need.
  2. Focus on only on the negative: recognise good things that are happening to frame the overall picture of how things are, while making sure necessary messages and escalations are made.
  3. Get overly focused on key statistics, e.g. for risk control number of open risks, those without mitigation plans, open > 60 days etc. This is all good data, but I’d be far more concerned if a project team was not able to articulate what their top 3 project risks and issues are, what impacts they have and what is being done to manage them..
  4. Forget important issues such as the health/ wellbeing of the project team members, how effective communications are. These are often key indicators of potential problem areas.