Last week's post triggered a flurry of angry or disapproving comments (many of them on LinkedIn), but I think I must have expressed myself badly because most of the points that my critics made are things I agree with. So clearly I misled readers into misunderstanding me. Let me try again.
The criticisms that I saw repeated three general points:
- Audits add value to the organization. Employees should not fear them.
- Auditors should never sleepwalk through an audit.
- Organizations should never lie to their auditors.
To be crystal clear, I agree with all three of these points! I never meant to say anything different. What I was trying to talk about was something else altogether. But obviously I failed to make myself clear. So let me take up each of these points in order, and explain what I was trying to say.
1. Remember what it is like to be an auditee
Yes, of course in the big picture audits add value to the organization, or they should. We all know this. It's part of why we work in this field in the first place. And maybe the top management of the audited organization believes it too; sometimes they do. In fairness, though, I have also seen organizations where top management gave lip service to the idea that audits add value, but at the same time they sent a message to their employees was "There better not be any nonconformities." It's sad, but we've all seen organizations like that, too. It takes all kinds.
But even if top management takes the most generous possible approach, none of that helps the line employee who is about to face an auditor. You can repeat until you are blue in the face that no-one will be punished for findings, and the individual line employee still wants to make sure the auditor finds nothing to write up in his area. Go write up somebody else, but not me! Even after you tell your employees not to be afraid of the audit, some of them are anyway—they just hide it from you, because they know you don't want to see it.
So over the years I have had to develop advice that I can give to line employees before an audit, to make them feel that they have some control over what is going on so that they feel less afraid. That's why I tell them to be confident and trust the system. In last week's post, I said,
... don't look like you are nervous or afraid. When the auditor says "Show me," you say "Sure, that's easy. It's right here." Then you pull out a file that looks like it is supposed to look, ....
Advice like this helps to take the edge off when an auditee is nervous (as they often are). And that makes the audit go better for everyone.
2. Of course auditors don't really sleepwalk
A lot of people hated my use of the word "sleep". One critic said firmly, "If my auditor fell asleep I would send him packing and bring one in that is wide awake and looking to find areas where he can add value." OK, I was trying to be a little funny and it looks like the word wasn't well-chosen. But I thought I went on to explain what I meant by "sleep." What I tried to say was that every auditor has to think along multiple tracks at once.
- Along one track, he is asking questions and listening to the answers.
- Along another track, he is planning what questions come next, and what direction he wants to turn the investigation.
- Along yet another track, he is correlating these answers with answers to similar questions in other departments, to see if they confirm a common system or point to discrepancies.
- And along a fourth track he is monitoring the time, to make sure he can be done by the scheduled close.
All this means it is normally impossible for the auditor to give full attention to the immediate questions and answers—all those other tracks have to be considered as well. So that's why I jokingly talked about the auditor being "asleep" ... because he is only listening to the answers with part of his attention. But this "sleep"—in other words, this multi-track thinking—is not a flaw or a vice. It is an absolute requirement of the job. If you cannot think along multiple tracks at once like this, you cannot be an auditor!
The other thing that some readers seem to have missed is that this multi-track thinking lasts only so long as all the evidence is in order. The most important part of what I said last week is that as soon as the auditor sees something that looks wrong, all the other tracks disappear and he becomes laser-focused on the evidence in front of him. Everyone who has ever audited has experienced this moment: you know what something should look like ... and it doesn't ... and suddenly you forget about the schedule and about your other plans and about everything else except understanding the artifact in front of you. This is the lived experience of every auditor in the world. I called it "waking up" but you can call it something else if you like. The point is that we know what it feels like when it happens. And we know, as auditors, that we won't let anything stop us until we get to the bottom of the discrepancy we have just seen. That's just how auditing is.
3. The Ramanujan paradox
Maybe the most serious misunderstanding is that several people thought I was telling organizations to lie to their auditors. No! Never lie to an auditor. There are a lot of reasons, and maybe someday I'll write a post just about this one point. (If you want to see one, tell me in the comments.) Yes, it's true that I said you should make sure everything looks right. But what some people seem to have overlooked is that the easiest way to look like you are in compliance with a standard is really to be in compliance with it. This is important, so I'll say it again.
The easiest way to look like you are in compliance with a standard is really to be in compliance with it!
Doing it right is always easier than faking it. If you try to fake it, you'll just get caught anyway. And the only way to avoid getting caught is to put in five times as much effort on the fake as it would have cost you to do it right the first time. So make life easier on yourself and everyone else. Do it right the first time. It's less trouble, it's less stress, and you'll sail through your audit.
This principle—I mean, that the easiest way to look like you are in compliance with a standard is really to be in compliance with it—is an important one. I call it the Ramanujan paradox, because it echoes so exactly the story of how G.H. Hardy discovered the great Indian mathematician Srinivasa Ramanujan. Do you know the story?
One morning early in 1913, he [Hardy] found, among the letters on his breakfast table, a large untidy envelope decorated with Indian stamps. When he opened it, he found sheets of paper by no means fresh, on which, in a non-English holograph, were line after line of symbols. Hardy glanced at them without enthusiasm. He was by this time, at the age of thirty-six, a world famous mathematician: and world famous mathematicians, he had already discovered, are unusually exposed to cranks....
.... The script appeared to consist of theorems, most of them wild or fantastic looking, one or two already well known, laid out as though they were original. There were no proofs of any kind. Hardy was not only bored, but irritated. It seemed like a curious kind of fraud....
.... At the back of his mind, ... the Indian manuscript nagged away. Wild theorems. Theorems such as he had never seen before, nor imagined. A fraud of genius? A question was forming itself in his mind. As it was Hardy's mind, the question was forming itself with epigrammatic clarity: is a fraud of genius more probable than an unknown mathematician of genius? Clearly the answer was no.
—C.P. Snow, from the Foreword to G.H. Hardy's A Mathematician's Apology, pp.30-32.
As with mathematicians, so with management systems. Fraud is far more difficult than doing things right the first time, so take the easy way and do it right.
Conclusion
In the end, I stand by last week's essay, as far as the meaning is concerned. But I really misjudged how to say it. And I apologize to all of my readers for leaving you with misunderstandings. I hope this clarification has helped a bit.