Internal Audits Without Pain

If you work in a regulated environment, or in any environment in which you must comply with documented procedures, you probably are familiar with some of the procedures you must follow. Inevitably, there are some procedures that you don't understand quite so well, because they might be new, newly revised, or rarely used. Because you can't be certain that your understanding of all procedures is up to date, there is some doubt in your mind that you're doing everything by the book.

To add to your anxiety, auditors occasionally drop by to verify that you're complying with the requirements of all those procedures. The anxiety can be more intense if the degree of compliance the auditors find can be an important indicator of your career success.

Unfortunately, The people who devise procedures don't
always know whether the burdens those
procedures impose are sustainablethe people who devise procedures don't always know whether the burdens those procedures impose are sustainable. That is, the effort required to understand and comply with the procedures might not be consistent with the effort available, given the other constraints on your work, such as deadlines, budgets, and other procedures.

The problem you face can be challenging. Here are seven insights that can help ease the burden of working in procedure-driven, audited environments.

Auditors attend to deviations that create high risk

The deviations auditors most value are those that create the greatest risks. It isn't that the auditor wants to find noncompliance that generates risk. Rather, most auditors are even happier to find compliance in all areas where noncompliance generates high risk.

But either way, they must examine work products and processes for instances of noncompliance that create greatest risk.

Auditors often use sampling techniques

Many auditors are resource-constrained. Because their audits don't have enough resources or time to examine every attribute of every work product and process, they sometimes examine attributes determined by a random sampling method.

If you can determine what sampling method the auditors use, you can apply it to your own work to search for deviations in advance of the audit. Correcting what you find, in advance, can improve work output quality. Otherwise, there really isn't much you can do to anticipate what the auditors will examine based on random sampling, because it's random.

When you find deviations on your own, extrapolate

If you make self-auditing a part of your own work routine, you can improve audit results proactively. When you find an indicator of noncompliance, correct it, of course. But also examine analogous attributes of all work products and processes to repair any analogous deviations that might have occurred.

Auditors favor examining what's easy to examine

Clever auditors search for noncompliance in areas where noncompliance is easy to recognize when it occurs. A high cost of verifying compliance is a deterrent for resource-constrained auditors.

If examining a work product for noncompliance is laborious, then auditors are relatively less likely to examine that work product, all other factors being equal.

Audit tools reduce audit costs

Resource-constrained auditors can expand what they examine by employing automation. They create tools that examine work products to ensure that they're in compliance with standards. For example, if all documents must bear identifiers that comply with a standard for identifiers, writing a tool to check for this is a simple matter.

If you can get access to the tools yourself, you can ensure compliance with the standards that the tools measure. If you can't get access to the tools, you can create your own tools if you know what the tools check for.

Pay attention to what auditors found in the work of others

If you know what auditors found in the work of others, you can check for those same things in your own work. That much is obvious.

But knowing what auditors found in the work of others also tells you where the auditors looked. Even more important: because auditors usually find something wherever they look, knowing that they found nothing in some areas tells you where they didn't look. For either of these ploys to work, you need to exchange audit results with a group of colleagues who are subject to similar audits.

Some audits have specific agendas

Some audits arise as results of accidentally discovered incidents of noncompliance. Such incidents are often surprising to all concerned. They can even be embarrassing. The audits that result have agendas.

When an audit has an agenda, the auditors want to examine work products in which they expect to find deviations of a particular kind. Examinations can range more broadly, but they have a specific purpose: to eliminate as far as possible from the set of work products any noncompliance of the kind that matches the agenda of the audit. Be certain that you address that kind of noncompliance in advance.

Last words

Most important: your past performance is a guide. It tells you where unintentional noncompliance is most likely to re-occur. If you have a record of deviation in specific areas, auditors might examine those areas more carefully. But much depends on what were the causes of past deviations. For example, if in the past your noncompliance arose from failing to maintain currency in your understanding of some procedures, then focus not on the nature of the noncompliance, but instead on those procedures that have recently changed. In any case, analyzing the results of past audits is probably a good starting place.  Top    Next Issue

Projects never go quite as planned. We expect that, but we don't expect disaster. How can we get better at spotting disaster when there's still time to prevent it? How to Spot a Troubled Project Before the Trouble Starts is filled with tips for executives, senior managers, managers of project managers, and sponsors of projects in project-oriented organizations. It helps readers learn the subtle cues that indicate that a project is at risk for wreckage in time to do something about it. It's an ebook, but it's about 15% larger than "Who Moved My Cheese?" Just . Order Now! .

Your comments are welcome

About Point Lookout

Thank you for reading this article. I hope you enjoyed it and found it useful, and that you'll consider recommending it to a friend.

This article in its entirety was written by a human being. No machine intelligence was involved in any way.

Point Lookout is a free weekly email newsletter. Browse the archive of past issues. Subscribe for free.

Support Point Lookout by joining the Friends of Point Lookout, as an individual or as an organization.

Do you face a complex interpersonal situation? Send it in, anonymously if you like, and I'll give you my two cents.

Related articles

More articles on Project Management:

Some Causes of Scope Creep

When we suddenly realize that our project's scope has expanded far beyond its initial boundaries — when we have that how-did-we-ever-get-here feeling — we're experiencing the downside of scope creep. Preventing scope creep starts with understanding how it happens.

Managing Risk Revision

Prudent risk management begins by accepting the possibility that unpleasant events might actually happen. But when organizations try to achieve goals that are a bit out of reach, they're often tempted to stretch resources by revising or denying risks. Here's a tactic for managing risk revision.

Mitigating Risk Resistance Risk

Project managers are responsible for managing risks, but they're often stymied by insufficient resources. Here's a proposal for making risk management more effective at an organizational scale.

The Risks of Too Many Projects: I

Some organizations try to run too many development projects at once. Whether developing new offerings, or working to improve the organization itself, taking on too many projects can defocus the organization and depress performance.

The Risks of Too Many Projects: II

Although taking on too many projects risks defocusing the organization, the problems just begin there. Here are three more ways over-commitment causes organizations to waste resources or lose opportunities.

See also Project Management for more related articles.

Forthcoming issues of Point Lookout

Coming September 3: Contributions in Team Meetings: Advocating

An agenda in the form of an ordered list of topics might not provide an appropriate framework for a given meeting. For example, if A depends on B, and B depends on A, we must find a way to discuss A and B together in some orderly fashion. Here are some alternatives to linear, ordered agendas. Available here and by RSS on September 3.

And on September 10: Contributions in Team Meetings: Scoping

Some meetings focus on solving specific problems. We call them "working sessions." More often, we delegate problem solving to task teams, while meetings wrestle with the difficult task of identifying or "scoping" problems rather than solving them. Scoping discussions can be perilous. Available here and by RSS on September 10.

Coaching services

I offer email and telephone coaching at both corporate and individual rates. Contact Rick for details at rbrenaXXxGCwVgbgLZDuRner@ChacDjdMAATPdDNJnrSwoCanyon.com or (650) 787-6475, or toll-free in the continental US at (866) 378-5470.

Get the ebook!

Past issues of Point Lookout are available in six ebooks:

• Get 2001-2 in Geese Don't Land on Twigs (PDF, )
• Get 2003-4 in Why Dogs Wag (PDF, )
• Get 2005-6 in Loopy Things We Do (PDF, )
• Get 2007-8 in Things We Believe That Maybe Aren't So True (PDF, )
• Get 2009-10 in The Questions Not Asked (PDF, )
• Get all of the first twelve years (2001-2012) in The Collected Issues of Point Lookout (PDF, )

Are you a writer, editor or publisher on deadline? Are you looking for an article that will get people talking and get compliments flying your way? You can have 500-1000 words in your inbox in one hour. License any article from this Web site. More info