Time It Right

When to conduct an audit, just as who should lead it, is a matter of debate. When to start depends on the type of system or application deployed, the amount of time it will take before the application begins generating some results or data, and the amount of time it takes staffers to get acclimated to the new system and new processes. Generally the audit should take place well within a year of implementation.

"When we started the audit a month after the implementation, we didn't have enough data to see if the system was successful or not," says Michael Baker Corp.'s Higgins. "It's really important to make sure the system is up and running long enough to have enough data in the system that you can analyze."

Ken Cunneen, IT leader for technology and integrated supply chain systems in Honeywell Aerospace's Aviation Aftermarket Services division, says if a company implements a financial system that only gives results once a quarter, the audit team should wait at least three to six months until the system has generated enough data before performing a PIA.

On the other hand, the sooner you start the audit, the fresher the data and the easier it is to cull lessons learned. Which is why PIAs should not be a onetime event, says PWC's Christian.

Sun Life Financial's project office begins PIAs within a month of project completion to do a postmortem on the implementation process and to get feedback from users to make enhancements to the system. "When we have benefits that are realized over a period of years after the project is implemented, we do follow-up reviews," says Sun Life Financial's Esposito.