Today I get to meet with the auditors -- the Corporate Auditors; when people mention them, you can hear the capitalized initials in their voices. I don't have a problem with the concept of auditors; I think of them as keepers of the faith who, by their rigidity, pull an organization toward the pole that the corporation says it hews to all the time, religiously (The analogy of the Taliban does occur to me). What I've got a problem with is the basis of audits, and response to them.
BASIS: Too much of audits are based on the whim and bias of the auditor. While some, and perhaps even most, of this is based on expert and/or experienced knowledge, much of it is based on the bias of the auditor, and what a given auditor expects and chooses to accept. What's acceptable to one is not acceptable to another; it might not even be acceptable to the same auditor at a later date.
RECOURSE: In corporations, there is no recourse from what an auditor chooses to write up. Even the IRS can be beaten into submission if you're willing to spend the time and money, but auditors have no similar back door. Most times, a manager will just roll his eyes and advise you to go along. That's not right.
I know its not that straightforward. When you delve into the intricacies of any human system, there are plenty of opportunities for disagreement. One person thinks a change is minor and should not require oversight; another thinks it's major, and ought to be reviewed. Usually, the second view is that of a person who doesn't personally have to wait for the oversight -- but that doesn't make them wrong.
Resilient systems allow for human error. About two months ago, I sneaked in a change. It was a change that was needed, and was valid -- but I forgot to get prior authorization, and waiting to get authorization at that point would have meant public notice that the change went in late. So I just did it. Was that wrong? Yes, unquestionably. I did the wrong thing, just so I wouldn’t be held to blame. A better answer would have been that I remembered to get authorization -- which is why there is now a piece of note paper on my cubicle wall with the name of that system in big black letters, to remind me that yes, I am responsible for that system, too. And if an auditor asks why I have that system name written there -- I'll -- ah....prevaricate.
No comments:
Post a Comment