“Ok, let’s follow a few of these risk mitigation actions down to outputs and verification activities” says the auditor.
A typical question. Anybody who’s ever been audited for risk management process, has been here dozens of times.
While I try to bring the attention of the auditor to another topic, I know a few meters away in a control room, my colleagues are scrambling through the endless Excel files, trying to find that bloody risk mitigation action.
Even if you print those gigantic Excel files on an A3, or a plotter, you just can’t read them. They are simply too big. And the page layout function of Excel is not the best.
You start rendering the last weeks prior to the audit in your head – the final push, all hands on deck, everybody rushing, hundreds of requirements, risk mitigation actions, verification protocols, deviations, reports to write, approvers that are offsite or nowhere to be found. It is not because you have been careless, it is just the reality of Every Single Project.
...
To continue reading, please see the full post here.