Lyndsay C. Kadow (lyndsay.kadow@optum.com) is a Manager of Information Security Risk Management, Optum Enterprise Information Security, UnitedHealth Group in Hartford, CT, USA.
As compliance professionals who continue to navigate the everchanging landscape of audit, we can look back retrospectively to develop opportunities for improvement, to influence more positive outcomes, and to elevate the experience of not only the auditors but our teams as well. By hosting team listening sessions, collecting participant feedback, and identifying opportunities or findings that could potentially have been prevented, the annual audit cycle will feel less painful and, ultimately, be more successful.
It’s important to look at the audit experience as just that, an experience for each individual involved—a team comprising auditors, leaders, facilitators, subject matter experts (SMEs), and document support, to name a few. Each of these roles is important and vital, and often hinges on the success of the others. How can we improve the quality of the data we bring to the table this time? By looking back. Oftentimes the best audit preparation tools that we have are the documents and experiences from the previous audit. What went well? What was successful? What pieces and parts impressed the auditors, and more importantly, what encouraged them to ask more questions? Largely, what did we as a team learn?
When looking back, where do we start?
For those companies engaged in multiple, complex audits throughout the calendar year, it’s best to start by engaging an optimization team or, at least, a liaison who can represent process improvement. From an optimization perspective, create a cadence, usually annually or biannually, to conduct a program assessment to collect information from each audit or project. Establish fundamental metrics for each one to measure against. Create a report of what was successful during each audit/project and what was not successful—or failed. Regard each of those successes and failures with a similar value. It’s equally important to review the successes and maintain them as it is to correct the failures and identify situations that might have been a near-miss.
Once identified, determine where the failures actually failed—a missed deadline, a lack of document preparation, an unprepared SME—and make adjustments to internal processes or communications, for example, to ensure those failures don’t occur the same way again.
Another promising way to capture opportunities for improvement is to gather feedback from your colleagues, project team members, and stakeholders to help identify what parts of the audit process went well and what might need revision. Dedicate time to building effective survey questions, for example, or holding meetings with individuals who you know will be open to providing constructive criticism and honest feedback. Use these opportunities to ask specific questions and propose new ideas. Be sure to approach them with an open mind, embracing any feedback you may receive, positive or negative. Remember, if you’re not finding opportunities for improvement, you aren’t growing.
