Internal Audits Without Pain

If you work in a regulated environment, or in any environment in which you must comply with documented procedures, you probably are familiar with some of the procedures you must follow. Inevitably, there are some procedures that you don't understand quite so well, because they might be new, newly revised, or rarely used. Because you can't be certain that your understanding of all procedures is up to date, there is some doubt in your mind that you're doing everything by the book.

To add to your anxiety, auditors occasionally drop by to verify that you're complying with the requirements of all those procedures. The anxiety can be more intense if the degree of compliance the auditors find can be an important indicator of your career success.

Unfortunately, The people who devise procedures don't
always know whether the burdens those
procedures impose are sustainablethe people who devise procedures don't always know whether the burdens those procedures impose are sustainable. That is, the effort required to understand and comply with the procedures might not be consistent with the effort available, given the other constraints on your work, such as deadlines, budgets, and other procedures.

The problem you face can be challenging. Here are seven insights that can help ease the burden of working in procedure-driven, audited environments.

Auditors attend to deviations that create high risk

The deviations auditors most value are those that create the greatest risks. It isn't that the auditor wants to find noncompliance that generates risk. Rather, most auditors are even happier to find compliance in all areas where noncompliance generates high risk.

But either way, they must examine work products and processes for instances of noncompliance that create greatest risk.

Auditors often use sampling techniques

Many auditors are resource-constrained. Because their audits don't have enough resources or time to examine every attribute of every work product and process, they sometimes examine attributes determined by a random sampling method.

If you can determine what sampling method the auditors use, you can apply it to your own work to search for deviations in advance of the audit. Correcting what you find, in advance, can improve work output quality. Otherwise, there really isn't much you can do to anticipate what the auditors will examine based on random sampling, because it's random.

When you find deviations on your own, extrapolate

If you make self-auditing a part of your own work routine, you can improve audit results proactively. When you find an indicator of noncompliance, correct it, of course. But also examine analogous attributes of all work products and processes to repair any analogous deviations that might have occurred.

Auditors favor examining what's easy to examine

Clever auditors search for noncompliance in areas where noncompliance is easy to recognize when it occurs. A high cost of verifying compliance is a deterrent for resource-constrained auditors.

If examining a work product for noncompliance is laborious, then auditors are relatively less likely to examine that work product, all other factors being equal.

Audit tools reduce audit costs

Resource-constrained auditors can expand what they examine by employing automation. They create tools that examine work products to ensure that they're in compliance with standards. For example, if all documents must bear identifiers that comply with a standard for identifiers, writing a tool to check for this is a simple matter.

If you can get access to the tools yourself, you can ensure compliance with the standards that the tools measure. If you can't get access to the tools, you can create your own tools if you know what the tools check for.

Pay attention to what auditors found in the work of others

If you know what auditors found in the work of others, you can check for those same things in your own work. That much is obvious.

But knowing what auditors found in the work of others also tells you where the auditors looked. Even more important: because auditors usually find something wherever they look, knowing that they found nothing in some areas tells you where they didn't look. For either of these ploys to work, you need to exchange audit results with a group of colleagues who are subject to similar audits.

Some audits have specific agendas

Some audits arise as results of accidentally discovered incidents of noncompliance. Such incidents are often surprising to all concerned. They can even be embarrassing. The audits that result have agendas.

When an audit has an agenda, the auditors want to examine work products in which they expect to find deviations of a particular kind. Examinations can range more broadly, but they have a specific purpose: to eliminate as far as possible from the set of work products any noncompliance of the kind that matches the agenda of the audit. Be certain that you address that kind of noncompliance in advance.

Last words

Most important: your past performance is a guide. It tells you where unintentional noncompliance is most likely to re-occur. If you have a record of deviation in specific areas, auditors might examine those areas more carefully. But much depends on what were the causes of past deviations. For example, if in the past your noncompliance arose from failing to maintain currency in your understanding of some procedures, then focus not on the nature of the noncompliance, but instead on those procedures that have recently changed. In any case, analyzing the results of past audits is probably a good starting place.  Top    Next Issue

Projects never go quite as planned. We expect that, but we don't expect disaster. How can we get better at spotting disaster when there's still time to prevent it? How to Spot a Troubled Project Before the Trouble Starts is filled with tips for executives, senior managers, managers of project managers, and sponsors of projects in project-oriented organizations. It helps readers learn the subtle cues that indicate that a project is at risk for wreckage in time to do something about it. It's an ebook, but it's about 15% larger than "Who Moved My Cheese?" Just . Order Now! .

Your comments are welcome

About Point Lookout

Thank you for reading this article. I hope you enjoyed it and found it useful, and that you'll consider recommending it to a friend.

This article in its entirety was written by a human being. No machine intelligence was involved in any way.

Point Lookout is a free weekly email newsletter. Browse the archive of past issues. Subscribe for free.

Support Point Lookout by joining the Friends of Point Lookout, as an individual or as an organization.

Do you face a complex interpersonal situation? Send it in, anonymously if you like, and I'll give you my two cents.

Related articles

More articles on Project Management:

Remote Facilitation in Synchronous Contexts: II

Facilitators of synchronous distributed meetings — meetings that occur in real time, via telephone or video — encounter problems that facilitators of face-to-face meetings do not. Here's Part II of a little catalog of those problems, and some suggestions for addressing them.

The Injured Teammate: I

You're a team lead, and one of the team members is very ill or has been severely injured. How do you handle it? How do you break the news? What does the team need? What do you need?

Ten Approaches to Managing Project Risks: I

Risk management usually entails coping with losses if they do occur. Here's Part I of a concise summary of the options for managing risk.

Avoid Having to Reframe Failure

Yet again, we missed our goal — we were late, we were over budget, or we lost to the competition. But how can we get something good out of it?

Irrational Deadlines

Some deadlines are so unrealistic that from the outset we know we'll never meet them. Yet we keep setting (and accepting) irrational deadlines. Why does this happen?

See also Project Management and Personal, Team, and Organizational Effectiveness for more related articles.

Forthcoming issues of Point Lookout

Coming April 24: Antipatterns for Time-Constrained Communication: 1

Knowing how to recognize just a few patterns that can lead to miscommunication can be helpful in reducing the incidence of problems. Here is Part 1 of a collection of communication antipatterns that arise in technical communication under time pressure. Available here and by RSS on April 24.

And on May 1: Antipatterns for Time-Constrained Communication: 2

Recognizing just a few patterns that can lead to miscommunication can reduce the incidence of problems. Here is Part 2 of a collection of antipatterns that arise in technical communication under time pressure, emphasizing those that depend on content. Available here and by RSS on May 1.

Coaching services

I offer email and telephone coaching at both corporate and individual rates. Contact Rick for details at rbrendPtoGuFOkTSMQOzxner@ChacEgGqaylUnkmwIkkwoCanyon.com or (650) 787-6475, or toll-free in the continental US at (866) 378-5470.

Get the ebook!

Past issues of Point Lookout are available in six ebooks:

• Get 2001-2 in Geese Don't Land on Twigs (PDF, )
• Get 2003-4 in Why Dogs Wag (PDF, )
• Get 2005-6 in Loopy Things We Do (PDF, )
• Get 2007-8 in Things We Believe That Maybe Aren't So True (PDF, )
• Get 2009-10 in The Questions Not Asked (PDF, )
• Get all of the first twelve years (2001-2012) in The Collected Issues of Point Lookout (PDF, )

Are you a writer, editor or publisher on deadline? Are you looking for an article that will get people talking and get compliments flying your way? You can have 500-1000 words in your inbox in one hour. License any article from this Web site. More info