A couple of weeks ago, I took part in the digital days of the German Institute of Internal Auditing (original: Deutsches Institute für Interne Revision - DIIR).
An exciting congress where there were not only presentations on many current topics, but also the opportunity to exchange ideas with other participants despite the digital setting - thanks to a virtual coffee bar where participants could meet during the breaks between the presentations.
Impressive that this great opportunity for exchange can also be made possible in times of virtual congresses.
However, when I entered the virtual coffee bar, it felt like there were only two or three other participants apart from me.
No problem at first, because even in this reduced constellation it was possible to have interesting conversations.
But what surprised me was that there were over 200 participants:
Where were the rest?
When it was time to give my talk on the second and last day of the congress, I mentioned to the audience how successful I thought the set-up of this virtual coffee bar was.
The reactions in the comments sidebar of my presentation surprised me:
several participants reported that they had not been able to enter the coffee bar due to technical difficulties.
Among the reasons given were the security settings including the firewall and the incompatibility with the browser.
A fallacy: He who is silent can do no wrong.
What surprised me, however, were not so much the technical difficulties - after all, we are all rather beginners when it comes to virtual congresses.
I was surprised that none of the participants had addressed these technical errors before - after all, we had already reached the last day of the DIIR Congress.
A great opportunity to exchange ideas and network was given away here.
At the same time, this phenomenon of "saying nothing" is not unusual.
On the contrary:
in the context of digitization, mistakes happen again and again - the question is how to deal with them!
In my dealings with other auditors who work in companies, I repeatedly hear that there is still a lot of catching up to do when it comes to "error management".
The fear of getting into trouble with superiors by admitting one's own mistakes is too great - although admitting mistakes is essential for successfully changing processes.
But addressing problems, in general, is also made difficult for many auditors.
Unfortunately, it is still the case in many corporate cultures that the bearer of bad news is tarred with the same brush.
If you digitize too quickly, you increase the risk of errors.
Digitization has a lot of potential for error!
Because an incredible amount has changed in the last few years!
The world - and its data - are now more and more closely interconnected.
It's clear that this rapid development also leads to errors.
And that's exactly what I talked about in my presentation at the DIIR Digital Days.
The title of my presentation:
Audit Digitization Fuck-ups.
So, over the years, I have observed several mistakes that keep occurring in companies.
One of them, for example, is impatience:
companies often want to achieve too much too fast.
But the consequences of hasty digitization are hiding everywhere:
if a company wants to digitize not just one process, but four at once, and if all of this is supposed to happen particularly quickly, then there are often errors in content:
for example, the software does not record processes correctly or retrieves data incorrectly.
Such errors are not unusual in the test phase.
However, if they remain undetected due to time pressure, they can quickly become expensive.
Important: Don't forget the employees when it comes to digitization.
But it is not only the software that is quickly overwhelmed - but employees are often too.
Because they are often not on the same page as the drivers of digitization.
On the one hand, this leads to employees not understanding the advantages of digitizing individual processes.
On the other hand, a half-hour crash course in software operation is usually not enough to fully penetrate a program.
The consequences are, on the one hand, operating errors that do not - as planned - save time and costs but cause them.
On the other hand, the motivation of many employees to participate in the digitization of the company decreases.
But rushed digitization is only one of many mistakes I addressed in my presentation - to repeat all the points here would probably go beyond the scope of a blog article.
What struck me, however, was that there seemed to be a particular interest in dealing with mistakes in the questions following my presentation - possibly triggered by the discussion about the coffee bar.
Two of the questions asked were:
1st question: "Have you experienced an audit communicating its own mistakes in the company? What happened?"
My answer: "Yes, I have experienced that. However, in most cases, these mistakes were only addressed within the audit team.
Once, however, I witnessed the auditors openly communicating a mistake to the company as well.
Unfortunately, however, the environment was not prepared for this, so that this opportunity could not be used."
Question 2: "Do you think that an audit should be open about its own mistakes in the company?"
My answer: "Yes! In one's own team this should be an absolute must.
In the company, however, mistakes should only be openly communicated if the corporate culture is already established and lived accordingly.
If not, I think it belongs on the audit program."
What does error management mean for us auditors?
After the digital DIIR days, I could not get the topic of "error management" out of my head.
I asked myself:
Can we as auditors allow ourselves not to openly communicate errors?
Is this not a very important part of our work?
And how can we succeed in becoming better in this area in the future?
Therefore, I have decided to deep dive into this topic a little more and write a small group of articles over the next couple of weeks.
But of course, I am also interested in your opinion here:
I welcome your comments and anecdotes on this topic - gladly also in anonymous form to email@example.com.
Let us try to learn together from our mistakes!
About the author:
Alexander Rühle, CAI, CISA, is the CEO and CO-founder at zapliance. After 15 years in the finance and auditing world and having met his partner in crime, Prof. Dr. Nick Gehrke, at PWC, they started zapliance together, with the mission to change the way business professionals of the future work with data.