April 16, 2007 – Audit Failures

I have a friend who used to work for the Internal Revenue Service (IRS) as a tax collector for the United States. When this agent performed an audit he expected you to be honest and work with him to determine what was owed. He had the authority to make your life miserable if you chose to mess around. After trying unsuccessfully on one case to work through issues with an individual the agent showed up at the company before 6:00 AM with padlocks and chains to impound all of the vehicles. In concert with this move he froze all financial assets as soon as the banks opened.

On the flip side, he was working with a woman whose husband had run up bills, lied on his income tax and then left her. She met with him to work out some payment arrangement. After reviewing the case he determined that there was no way she would be able to repay what was owed so he wrote the whole thing off. She walked away free and clear.

When I was a project auditor I didn’t have that level of authority. The audits I performed were focused on making sure the projects and teams were following the procedures and that the company was not at risk. It was great to audit the managers who honestly worked with me to understand the project even when there were problems.

To keep from having and causing problems, review the following audit failures that should be avoided.

Lacking Definition. The most important part of a project is the definition. Without clearly defined objectives, deliverables and ground rules you won’t know where you are going, when you are done or how you will get there.

Make sure your defining documents clearly identify the project scope. Problems are usually found in this area just by speaking with the project manager. I review the Statement of Work and then start asking innocent questions like “what is your team currently working on?” When he starts talking about things that aren’t in the SOW I know there’s a problem.

Review your project’s defining documents and make sure you are doing what you said you would and nothing more.

Missed Milestones. Milestones are checkpoints. There isn’t anything magical about them. But if an audit discovers several of them have been missed then the project is at risk of failure to deliver. Don’t try to hide the fact that you are behind. Be the one to point it out. Then outline what you are doing to pull the project back on schedule. This may include bringing in additional resources, issuing change requests to adjust the dates or lowering the scope to meet the deadlines.

The audit reads a lot better if it shows you understand the issues and have a plan to correct the course. It sounds a lot better than “he hasn’t got a clue that the project is in jeopardy.”

Unacceptable Approvals. A good auditor looks deeper than file names to determine if an artifact is acceptable. There were multiple times that I looked at approval emails to discover they were worthless. There are 4 areas that approvals fail:
1. The person approving isn’t authorized. Check the names against the approval matrix or other guiding documents (i.e. SOX) for the right signoff levels.
2. The document doesn’t say what it approves. When issuing an email requesting deliverable approval make sure it spells out exactly what is being approved. Just saying “I approve the document we looked at yesterday” isn’t going to cut it.
3. Using voting buttons. At first it looks like a good idea: send an email and let them pick either Approve or Reject. The problem is the email content is lost on the return and all you get is the word “approve” or “reject.” It doesn’t say what they approved and it relies completely on the file name.
4. Doesn’t actually say “Approved.” I have seen questionable approvals that say “looks good” or “ok.” Not the best, but at least it indicates an affirmative response. The tough ones are the conditional approvals. If they say, “I approve this if Joe approves it” you better have Joe’s approval evidence, too. Or if it says, “I approve if you change these 3 things.” You will need to have it re-approved by everyone after those 3 things are modified.

Take a look at what you are presenting for your audit and don’t try to hide anything. The real reason for performing them is to identify areas that need improvement and then focus the necessary help on solving the problems. Besides, it can’t be as painful as a tax audit.