What a Less-Than-Proper Audit Looks Like

What a Less-Than-Proper Audit Looks Like

Published October 31, 2025

What a Less‑Than‑Proper Audit Looks Like

A less‑than‑proper audit can look similar on the surface—urgent, probing—but it skips the basics that make findings reliable. It starts with conclusions, resists reconciliation, and leaves leaders with ambiguity instead of clarity.

Authorization and Fundamentals

An audit must be authorized. Authority can be governmental (a regulator with statutory power) or organizational (a chartered internal function or an engagement contract). The delegation should be clear enough that the audited team can see who delegated power, to whom, and for what purpose. If there is no clear authorization or scope, it isn’t an audit—it’s procedural overreach.

Beyond must, there are shoulds. Proper audits should be prepared and noticed when feasible. They should be conducted fairly and respectfully. Surprise interventions happen, but they should immediately state authority, scope, and purpose. Without those anchors—authority, scope, and period—there’s no legitimate lane to drive in and no traceable end product.

A Small‑Scale “Audit,” as It Happened

On a simple project update, someone arrived unannounced, urgent: “I’ve audited you and I have some major concerns.” My teammate, visibly shaken, started to apologize. I cut him off and asked the impromptu auditor to explain her concerns so we could clear them up. I stayed polite, and my plan was to thank her for the feedback and end the meeting—there was no clear authorization. Then our client walked in and took a seat beside her. With his presence, I understood this was authorized, despite the lack of notice.

She went straight to “tampering with the record”: past dates and work hours in the plan had been altered “to make it seem like you’re working more than you actually are.” On its face, that sounded like padding hours to inflate billings. But this was a fixed‑scope engagement, not billed by the hour—so even if the hours display changed, billing was unaffected, and the point was moot. The substantive explanation was routine: converting forward‑looking estimates into after‑the‑fact actuals.

I didn’t mirror her urgency or tone. I asked, flatly, to see the specific records she was referring to. She didn’t identify any. Instead, she launched into a laundry list about plan clarity and documentation. I listened, took notes on each point, and let her run until she was finished. When the room finally went quiet, I signaled my teammate to hold his comments.

On a calmer day, I’d open with goodwill and a quick thanks; we were past that. I went point by point. For each alleged discrepancy, I confirmed the item and pulled the audit trail—tracked changes in the documents. I gave full context. On the “red flag” about past entries, I showed how we routinely update estimated dates and hours into actuals, with Git commits and calendar entries to substantiate the adjustments. On documentation, I showed the plan allocated two weeks to build it methodically, which we were still in the middle of, and I produced the work‑in‑progress draft. She waved it away.

After we addressed all points, a reasonable response would have been to acknowledge the clarifications. Instead, she doubled down, telling me this was “not how to conduct yourself in an audit.” I kept it simple: you listed discrepancies; I’ve answered them; are there other points you need addressed? She didn’t answer—she returned to her pre‑judged conclusion that our records handling was “concerning.”

Anti‑Patterns

These patterns show up when an audit is run without the essentials. Each one breaks the chain from evidence to conclusion.

  • No notice or scope: work begins without advance notice, a defined subject, or a stated period.
  • Unclear standing: authority or delegation isn’t shown; the mandate’s limits are vague.
  • Accusations before evidence: conclusions first; records later, if at all.
  • Refusal to cite records: no references to policy, contract, or regulation; nothing to reconcile against.
  • Dismissal of substantiation and work‑in‑progress: supporting documents are waved away rather than reviewed.
  • Moving goalposts: criteria shift midstream; yesterday’s satisfactory response becomes insufficient today.
  • Presumption of guilt: exceptions treated as verdicts rather than prompts for reconciliation.
  • Theatrics over method: urgency and status games replace calm inquiry and retraceable notes.

Why It Fails

A less‑than‑proper audit doesn’t fail because it’s intrusive or difficult. Proper audits are both. It fails because it cannot produce conclusions others can test and trust.

  • No reliable findings: without authority, scope, and period, observations are unmoored; no audit trail back to evidence.
  • Waste and churn: ad hoc requests drive context switching and duplication; deadlines slip without producing clarity.
  • Trust erosion: people learn process won’t protect them; cooperation drops.
  • Real risks obscured: noise crowds out signal; genuine control gaps hide inside broad accusations and shifting criteria.

The Result

A less‑than‑proper audit burns time and willingness without reducing risk. It degrades the signal leaders need to act. The fix isn’t to avoid audits; it’s to insist on the basics that make them legitimate and effective.

Clarity and integrity are the point.

For how those basics look when done well, see What a proper audit looks like.

This article is for informational purposes only and is not legal advice.