Can Professional Project Management Stop Project Fraud?
Author
By: Bassam Samman, PMP, PSP, EVP | CMCS CEO and
Founder
Projects are investments
that organizations undertake to achieve their strategic objectives,
regardless of the industry, size and type of projects. When a
project is approved for execution, the investment that had been
allocated for the project would take into consideration the revenue
that this project will generate when completed as well as the level
of risk that the project has. Failing to achieve the estimated
return of investment would result in unrecoverable losses to the
project owner. Of course, the return of investment is not
necessarily that always be measured in monetary figures but also in
terms of other tangible and intangible benefits.
Nevertheless, for many organizations not only
they do not have a documented process for managing the project life
cycle but they also lack having the internal control and audit that
will prevent those involved in delivering the project in committing
project fraud. Control activities are the policies and procedures
that help ensure management directives are carried out. They help
ensure that necessary actions are taken to address risks to
achievement of the entity's objectives. Control activities occur
throughout the organization, at all levels and in all functions.
They include a range of activities as diverse as approvals,
authorizations, verifications, reconciliations, reviews of
operating performance, security of assets and segregation of
duties. The absence of such internal controls and audits encourages
those involved in the project delivery to take actions that
although could benefit them personally or the organization they
represent but on the other hand they would harm the project
owner.
To start with, let us first define what we
mean by project fraud. Project fraud is the misrepresentation of a
project's mission or progress to secure project financing,
reporting wrong project progress to hide project delays and/or
budget overrun, wrong forecasting for expected project cost at
completion to avoid reporting lower project profitability,
overestimating the value of anticipated changes to the project
scope to increase the project value, misuse of project resources,
and/or improper dealings with project vendors for personal
enrichment, substituting specified equipments and materials with
lower quality alternatives, among many others.
Fraud is very much a part of every business
and projects are no different. Actually, there are more chances in
project fraud than other type of business frauds especially when it
comes to engineering and construction projects. Project fraud often
originates because employees don’t want to report bad news or
information that can harm them politically or career wise. It also
often results from poor planning and supervision that leads to
project rework, placing the project further behind.
The most common types of project fraud
includes over-reported and unsubstantiated business case or
feasibility studies, unsubstantiated project decisions,
under-reported initial estimates of project lifecycle costs,
under-reported initial estimates of project maintenance costs,
setting unrealistic project completion dates, unbalancing the
project cost estimate, under-reported costs, over reported schedule
progress, over-reported quality progress, project asset misuse,
vendor conflict of interest and kickbacks, vendor “overselling” of
their capabilities, inappropriate vendor charges.
Those project frauds occur to direct the
decision makers to take certain decisions that if they would had
the correct information instead of what had been passed, those
decisions could have not been taken. For example, over-reported and
unsubstantiated business case or feasibility studies would lead the
decision maker for selecting the wrong project investments
But what actions an organization can do to
reduce the opportunity to commit fraud. The first action would be
to raise the visibility of project progress as n one will commit
fraud if people are watching. That is why their growing demand
among project owners for having single version of the truth on what
it comes to projects performance reporting. Another action
would be the requirement for developing a detailed and complete
Work Breakdown Structure (WBS) where the project scope of work is
decomposed to a level that can identify extra, missing and/ or
vague work elements.
The segregation and clarity of project
duties between the different project team members as well as other
stakeholders is another effective action to stop project fraud. A
complete and detailed organization chart that will be integrated
with the WBS developed earlier will provide the project team with
what is known as the accountability matrix. This matrix details the
parties involved in each element of the project scope as well as
the role they have in performing, approving, reviewing, supporting
and others in delivering this scope.
Another action would be to manage the project
critical path or paths so the team members can become aware of
opportunities to accelerate and/or threats to project success. The
critical path provides an objective tool for assessing the impact
of today’s decisions on future project results. It also provides an
objective tool for setting priorities for taking actions and
allocating scarce resources to projects.
Risk identification, assessment and response
are other effective fraud control action. Projects are undertaken
with many uncertainties and assumptions. Implementing a formal risk
management process will ensure that risks are identified, assessed
qualitatively and quantitatively, response actions identified and
provisions including contingency plans and reserves are allocated
for the project. A formal risk management process will also provide
management with the support to make rational decisions when
needed.
Another important action is standardized
projects performance metrics and reporting. Those metrics provide
the project stakeholders with objective status of the project
budget, schedule and quality performance and the impact it would
have on the project completion date and estimated cost at
completion. The development in project management software
applications has enabled organizations to develop wide variety of
metrics that not only provides wide variety of performance metrics
but also enable organizations to created effective dashboards to
capture the performance of a single or a group of projects in the
desired format and level of detail. In addition, metrics will help
the organization in setting performance thresholds where alerts
will be triggered when a performance metric is over or under
desired limits. Those alerts will become issues that will be
assigned to project team members to resolve and which will be
escalated if there were not closed within specific time period.
The last recommended action is to impose the
requirement to prepare a detailed project closeout report. This
report will provide an assessment of the project successes and
failures, document lessons learned, confirming to which extent
project objectives were achieved and ensuring that the different
project contractual obligations had been terminated and transferred
to the project owner in a complete way.
The above actions plus many others can become
the basis for internal controls that an organization can adopt to
control project fraud. For internal control to be effective, it
must address the following five components: control environment -
The tone at the top and operating style, risk assessment -The risks
that matter for the organization, their risk appetite and the
available response actions to risk, control activities - Specific
policies and procedures to minimize risk, information and
communication - The flow of information and communication in the
company, and monitoring - Periodic assessments of internal control
effectiveness.