top of page



When organizations go through a complex systems implementation project, they are at times, overwhelmed with “Reviews”. What are all these reviews and are they necessary? Let’s explore this and shed some light on what is necessary and what is not.

First, all of these reviews are intended to reduce risk and increase the likelihood of success for a systems project. They all have positive intent; however, they are different, and it is important to understand the differences. Let’s define each one.

IV&V (Independent Verification and Validation) Reviews are an independent process to validate that a system meets requirements and specifications, fulfilling its intended purpose.

EQA (External Quality Assurance) Reviews help organizations to 1) enhance the effectiveness, quality and value received from their systems implementations, and 2) identify and mitigate risks and resolve issues that could impact the success of the project.

Risk Assessments are a one-time project review that focuses on the identification and mitigation of project risks.


Technical System Assurance Reviews are very specific system reviews to ensure the system that is to be implemented is configured, developed and tested in a manner that is consistent with system standards.


Implementation Partner Reviews are conducted by the prime implementation partner and is usually intended to review the implementation partner project processes to identify project risks and ensure the implementation partner personnel are doing the necessary tasks and following an effective approach to successfully go-live.


Internal/External Audit or Compliance Reviews are best described as reviews by either the Internal or External Audit or Compliance personnel with the intent of identifying process or compliance risks.


The Angle? What is necessary and makes sense?


First, the idea of reviews is a good one. Having a third “set of eyes” to provide thoughts, ideas and suggestions is very good.


From the assortment of reviews, the following makes sense:

  • One, since IV&V Reviews and EQA Reviews are essentially the same, suggest either but ensure it includes both qualitative and quantitative aspects.

  • Two, I don’t recommend a one-time Risk Assessment. Projects are too complex to assume you can do one review and you are okay.

  • Three, Technical System Assurance Reviews are good and necessary but should focus on system readiness. They will not assure project success, they are intended to focus on system readiness.

  • Four, Implementation Partner Reviews are not a replacement for IV&V or EQA. These reviews are, for the most part, intended to reduce the risk of failure of the implementation partner.

  • Five, Internal/External Audit or Compliance Reviews, when aligned with the EQA reviews, can be very helpful. It makes sense to have this type of review performed near the beginning of the project and then toward the end in conjunction with the EQAs to identify any process or compliance aspects that need to be considered.


When deciding to move forward with a systems project, identify a third party EQA Partner and work with that partner to develop a review plan that makes sense for the size, scale and complexity of the systems implementation project.

bottom of page