
by Denise Robitaille
Evidence is the fodder of detective stories, the bane of criminals, and the undoing of fiends. From Sherlock Holmes to Perry Mason, evidence lights the fuse for the climactic, “Aha!” that illuminates the denouement where all is finally revealed. The current offerings of crime scene investigator television shows perpetuate the image of the dogged investigators chasing down the clues that will lead to the eventual arrest of the villain.
Evidence is the stuff in whodunits that proves that the bad guy did it. In our judicial system the burden of proof is on the prosecution. Evidence is more commonly associated with indictment of the guilty party rather than exoneration of the innocent, despite the obvious fact that it can be used to substantiate either.
Is it any wonder that auditees ascribe such a negative connotation to the whole concept of audit evidence gathering? Or that they cringe at the mere arrival of the dreaded auditor? It’s not very often you’ll hear someone say: “I’m dying for the auditor to show up so I can show her all the cool things we’re doing.”
Joe Friday, the poker-faced gumshoe from Dragnet, was probably the only character who got it right: “Just the facts, ma’am.” In that one simple sentence he conveyed the essence of evidence gathering. It’s about assembling a selection of facts—generally found in records— to find out about something. In the case of an audit, it’s to find out if the defined requirements have been met.
Auditors bandy the term “evidence” around a lot. We need evidence to substantiate our conclusion as to the organization’s conformance to requirements. The unfortunate fact is that when asked why we need the audit evidence, our demeanor supports the auditees’ impression that we’re looking to see if they’re screwing up. We’re perceived as being in faultfinding instead of fact-finding mode. We’re looking for the bad guys.
We don’t do a particularly stellar job of pointing out all the bits of audit evidence that are harbingers of good news. Our audit reports are skewed toward findings of nonconformity and opportunities for improvement, which are really articulations of perceived risk that should be addressed before something does go wrong. We don’t spend nearly as much ink—or bytes—on the positive stuff. We aren’t as diligent in mentioning the processes that have improved since the last audit, the goals that have been achieved, the decrease in errors, or the success stories coming out of a well implemented corrective action.
What the auditee hears in the closing meeting is a litany of everything bad with only the sparsest of nods to any positive observations. Even if the audit report does convey laudatory comments for improvements and innovations, the kind words rarely reach the individuals who trembled and quailed through their audit interviews.
We begin with the somewhat adversarial premise that until something is proven to be compliant, there is no justification to presume that it is indeed compliant. That’s the “show me” approach. The opposite tactic would have the auditor presuming that everything is great until evidence is presented to the contrary, which carries its own risk. Auditors make reasonable conclusions based upon assessment of an adequate sampling of evidence. Failing to find fault doesn’t necessarily mean that everything is perfect.
Lack of audit evidence isn’t always indicative of noncompliance. I was watching a recent Nova episode on PBS. A physicist was talking about a new, unproven hypothesis about the nature and origin of our universe. He said, “You can choose to believe whatever you wish because we haven’t yet been able to prove these things.”
Which brings us back to Joe Friday. We have to begin an audit with a clean slate. No presumptions, “Just the facts.” Then we see where the trail of evidence leads us.
We probably can’t completely alleviate auditee fears when they hear the word evidence, but we should try to communicate the fact that audit evidence, in and of itself, is neither positive nor negative. Until it is assessed against requirements and in consideration of application, a piece of evidence is just a factoid. It’s simply a vehicle to get us where we need to go—an objective and meaningful audit report. It’s definitely not about finding the bad guy.
About the author
Denise Robitaille is a member of the U.S. TAG to ISO/TC 176, the committee responsible for updating the ISO 9000 family of standards. She is committed to making your quality system meaningful. Through training, Robitaille helps you turn audits, corrective actions, management reviews, and processes of implementing ISO 9001 into value-added features of your company. She’s an Exemplar Global-certified lead assessor, ASQ-certified quality auditor, and ASQ Fellow. She’s the author of numerous articles and several books, including The Corrective Action Handbook, The Preventive Action Handbook, and her latest book, 9 Keys to Successful Audits, all published by Paton Professional.