One of my many jobs at the company for which I work is SQL report writing. I was asked to build a report of users who either created or deactivated in 2004 for one of our accounting applications (which is how I assume he got involved in this). Piece of cake. I build the report, spot check it for accuracy, and send it to the auditor.
Today I get an email from him saying he called up and “worked” with my boss to develop the specifications for the report (read he called my boss and she told him how she would build the report). I built the report two weeks ago and sent to him, but it wouldn’t be like him to stop there. He tells me that I have to check against the hire date to get the people who were hired in 2004. No shit, really?
I never would have thought of that. It’s not like I work with this database and these tables all day every day. I’ve only been at this job for two years, so of course I would have no idea how the tables need to be joined and what fields to add to the report. Luckily for me, this guy is an expert in relational databases. :rolleyes:
Please go back to auditing the accounting people and leave us IT people alone. You don’t know what you’re talking about and you’re bothering me. Go away and let me do my job.
And while I’m at it, fuck Sarbanes-Oxley for giving this guy the ammunition he needs to stick his nose in my job.
Ah. Elementary error when dealing with auditors. You did your job and what was asked of you first time, 100% correctly. The first rule of being audited is always leave a little detail that’s not quite correct, so that the auditor can find it. If it’s a really small detail leave clues to point it out.
If you don’t they’ll only come bothering you until they can find something, anything, to write in their report.
The second rule is always document the little detail that’s not quite correct in advance, with work arounds and possible solutions. That way when your boss brings it up you can show that you’re way ahead of the game.
Fully agree on leaving a minor error on things being reviewed.
In my last job, there was a quality control person on reports. God forbid you if you gave her a clean report.
If you made a minor grammer-type mistake on the first or maybe second page, you were fine. She would find the mistake and write up what it should be like. She would then relax and everything would be fine.
If you gave her something without the mistake, she would get nervous. She was completely incapable of NOT finding a mistake. She could NEVER say it was fine as it is. If she couldn’t find anything to correct, she could go off the deep end and propose radical changes requiring revision and many more hours of work for you.
Grrrrr…good advice on making a minor mistake early on.
This is the perfect opportunity to respond to the twit, forwarding his memo to the accounting manager and the auditor’s boss, listing the exact criteria that were used to build the report, including noting the various selections and controls that you had built in that he had forgotten to note in his memo challenging your work–delivered in the most innocent tone imaginable so that no one could accuse you of being spiteful in pointing out his deficiencies.
I used to love playing with auditors’ heads.
On the other hand, I do agree that in a system-wide audit or a departmental internal audit, it is important to leave a couple of highly visible (and wholly inconsequential) gaps so that they can “find” something. You have to remember that most of them are reporting to former auditors, themselves, and they are not judged on QA, but on the number of demerits they hand out–no demerits means they are given a bad review because “no system” could be perfect.
I have also worked with one or two extremely competent auditors who really weree looking for QA, making suggestions to enhance the system before the audit and working to modify stupid rules when they were excess baggage. All too rare, but they do exist.