Internal Audits Without Pain

If you work in a regulated environment, or in any environment in which you must comply with documented procedures, you probably are familiar with some of the procedures you must follow. Inevitably, there are some procedures that you don't understand quite so well, because they might be new, newly revised, or rarely used. Because you can't be certain that your understanding of all procedures is up to date, there is some doubt in your mind that you're doing everything by the book.

To add to your anxiety, auditors occasionally drop by to verify that you're complying with the requirements of all those procedures. The anxiety can be more intense if the degree of compliance the auditors find can be an important indicator of your career success.

Unfortunately, The people who devise procedures don't
always know whether the burdens those
procedures impose are sustainablethe people who devise procedures don't always know whether the burdens those procedures impose are sustainable. That is, the effort required to understand and comply with the procedures might not be consistent with the effort available, given the other constraints on your work, such as deadlines, budgets, and other procedures.

The problem you face can be challenging. Here are seven insights that can help ease the burden of working in procedure-driven, audited environments.

Auditors attend to deviations that create high risk

The deviations auditors most value are those that create the greatest risks. It isn't that the auditor wants to find noncompliance that generates risk. Rather, most auditors are even happier to find compliance in all areas where noncompliance generates high risk.

But either way, they must examine work products and processes for instances of noncompliance that create greatest risk.

Auditors often use sampling techniques

Many auditors are resource-constrained. Because their audits don't have enough resources or time to examine every attribute of every work product and process, they sometimes examine attributes determined by a random sampling method.

If you can determine what sampling method the auditors use, you can apply it to your own work to search for deviations in advance of the audit. Correcting what you find, in advance, can improve work output quality. Otherwise, there really isn't much you can do to anticipate what the auditors will examine based on random sampling, because it's random.

When you find deviations on your own, extrapolate

If you make self-auditing a part of your own work routine, you can improve audit results proactively. When you find an indicator of noncompliance, correct it, of course. But also examine analogous attributes of all work products and processes to repair any analogous deviations that might have occurred.

Auditors favor examining what's easy to examine

Clever auditors search for noncompliance in areas where noncompliance is easy to recognize when it occurs. A high cost of verifying compliance is a deterrent for resource-constrained auditors.

If examining a work product for noncompliance is laborious, then auditors are relatively less likely to examine that work product, all other factors being equal.

Audit tools reduce audit costs

Resource-constrained auditors can expand what they examine by employing automation. They create tools that examine work products to ensure that they're in compliance with standards. For example, if all documents must bear identifiers that comply with a standard for identifiers, writing a tool to check for this is a simple matter.

If you can get access to the tools yourself, you can ensure compliance with the standards that the tools measure. If you can't get access to the tools, you can create your own tools if you know what the tools check for.

Pay attention to what auditors found in the work of others

If you know what auditors found in the work of others, you can check for those same things in your own work. That much is obvious.

But knowing what auditors found in the work of others also tells you where the auditors looked. Even more important: because auditors usually find something wherever they look, knowing that they found nothing in some areas tells you where they didn't look. For either of these ploys to work, you need to exchange audit results with a group of colleagues who are subject to similar audits.

Some audits have specific agendas

Some audits arise as results of accidentally discovered incidents of noncompliance. Such incidents are often surprising to all concerned. They can even be embarrassing. The audits that result have agendas.

When an audit has an agenda, the auditors want to examine work products in which they expect to find deviations of a particular kind. Examinations can range more broadly, but they have a specific purpose: to eliminate as far as possible from the set of work products any noncompliance of the kind that matches the agenda of the audit. Be certain that you address that kind of noncompliance in advance.

Last words

Most important: your past performance is a guide. It tells you where unintentional noncompliance is most likely to re-occur. If you have a record of deviation in specific areas, auditors might examine those areas more carefully. But much depends on what were the causes of past deviations. For example, if in the past your noncompliance arose from failing to maintain currency in your understanding of some procedures, then focus not on the nature of the noncompliance, but instead on those procedures that have recently changed. In any case, analyzing the results of past audits is probably a good starting place.  Top    Next Issue

Projects never go quite as planned. We expect that, but we don't expect disaster. How can we get better at spotting disaster when there's still time to prevent it? How to Spot a Troubled Project Before the Trouble Starts is filled with tips for executives, senior managers, managers of project managers, and sponsors of projects in project-oriented organizations. It helps readers learn the subtle cues that indicate that a project is at risk for wreckage in time to do something about it. It's an ebook, but it's about 15% larger than "Who Moved My Cheese?" Just . Order Now! .

Your comments are welcome

About Point Lookout

Thank you for reading this article. I hope you enjoyed it and found it useful, and that you'll consider recommending it to a friend.

This article in its entirety was written by a human being. No machine intelligence was involved in any way.

Point Lookout is a free weekly email newsletter. Browse the archive of past issues. Subscribe for free.

Support Point Lookout by joining the Friends of Point Lookout, as an individual or as an organization.

Do you face a complex interpersonal situation? Send it in, anonymously if you like, and I'll give you my two cents.

Related articles

More articles on Project Management:

Quantum Management

When we plan projects, we estimate the duration and cost of something we've never done before. Since projects are inherently risky, our chances of estimating correctly are small. Quantum Management tells us how to think about cost and schedule in new ways.

My Right Foot

There's nothing like an injury or illness to teach you some life lessons. Here are some things I learned recently when I temporarily lost some of my independence.

Project Improvisation as Group Process

When project plans contact reality, things tend to get, um, a bit confused. We can sometimes see the trouble coming in time to replan thoughtfully — if we're nearly clairvoyant. Usually, we have to improvise. How a group improvises tells us much about the group.

More Obstacles to Finding the Reasons Why

Retrospectives — also known as lessons learned exercises or after-action reviews — sometimes miss important insights. Here are some additions to our growing catalog of obstacles to learning.

The Risk of Astonishing Success

When we experience success, we're more likely to develop overconfidence. And when the success is so extreme as to induce astonishment, we become even more vulnerable to overconfidence. It's a real risk of success that must be managed.

See also Project Management for more related articles.

Forthcoming issues of Point Lookout

Coming August 13: Leaving High-Touch Jobs: How

High-touch jobs require that we work closely with colleagues, teammates, clients, or suppliers. Because choosing to leave such a job affects all these people, and the person departing, we would do well find a path that respects all involved. Here are some suggestions. Available here and by RSS on August 13.

And on August 20: Earned Value and Goodhart's Law

Earned Value Management, widely used approach to project management, is most useful in contexts in which estimators are familiar with the Tasks, the Technologies, and the Teams. But even then, it is vulnerable to the tactics of those who game the metrics. Available here and by RSS on August 20.

Coaching services

I offer email and telephone coaching at both corporate and individual rates. Contact Rick for details at rbrenaXXxGCwVgbgLZDuRner@ChacDjdMAATPdDNJnrSwoCanyon.com or (650) 787-6475, or toll-free in the continental US at (866) 378-5470.

Get the ebook!

Past issues of Point Lookout are available in six ebooks:

• Get 2001-2 in Geese Don't Land on Twigs (PDF, )
• Get 2003-4 in Why Dogs Wag (PDF, )
• Get 2005-6 in Loopy Things We Do (PDF, )
• Get 2007-8 in Things We Believe That Maybe Aren't So True (PDF, )
• Get 2009-10 in The Questions Not Asked (PDF, )
• Get all of the first twelve years (2001-2012) in The Collected Issues of Point Lookout (PDF, )

Are you a writer, editor or publisher on deadline? Are you looking for an article that will get people talking and get compliments flying your way? You can have 500-1000 words in your inbox in one hour. License any article from this Web site. More info