Intelligent Auditing in the 21st Century (Part 1)

Intelligent Auditing in the 21st Century (Part 1)

Too many times over the last few years have we seen a massive failure in business processes that have lead to loss of revenue and customers or on a grander scale, environmental disaster and death. Just as many times have we seen someone say, ‘I could’ve told you that was going to happen’. Naturally the reaction would be, ‘Then why didn’t you?’ but the fact is, in cases such as Deepwater Horizon, the Toyota brakes recall or the Fukushima plant, the indicators of the risk already existed before the poor performance/unintended event emerged from the system or process. By the time it happens though, it’s too late.

Consider an audit; the auditor tells the manager of an organisation where they have been and what they have been doing – it’s all based on historical data – records and documents. Where they have been is already known to the manager because well, they’ve been there. Does this help the manager direct the organisation forward? It helps to know where you’ve been so you can learn from mistakes you’ve made but what about mistakes you don’t know you’ve made or mistakes you don’t think you could make. There’s a disparity between the documented world and the real world and this is one of the reasons for process failure. Let us consider the 3 types of knowledge:

  • That which you know
  • That which you know you don’t know
  • That which you don’t know you don’t know

Auditing based upon historical data can provide you with insight to help you learn from your mistakes and rectify what you know and to an extent, that which you know you don’t know (effectively the point of auditing). But the 3rd type of knowledge, where the disparity between the documented and real world exists – that’s where intelligent auditing comes in.

Documentation and records only provide a snapshot of everything that is going on in an organisation – after all, they’re living entities with infinite complexity. Consider that whatever happens in a business can be attributed to a number of different decisions and interactions made by and between humans – the possibilities are endless. Think how many people you’ve interacted with today. Extrapolate for your whole organisation over a period of a few months – how many hundreds of thousands or even millions of interactions is that? How many different courses of actions as a result? When an auditor is present, they’re barely scratching the surface of ‘business as usual’ – this is the kind of business auditors need – basing auditing solely on historical data is therefore, by definition, flawed.

In a couple of weeks, we’ll look at a possible route forward and a new auditing model.

Share the Post