Auditors, Risk Managers and Zombies

Day 1: Auditors and Zombies

In a factory someplace, there are 20 workers whose job it is to continuously pass a ball to each other as quickly as possible. Watching this important work from a viewing area are 10 newly minted auditors selected from a Big 4 accounting firm. On this day, managers give each of the assembled auditors a pen and a notebook and explain that in order to satisfy a “regulatory requirement” they are to count how many times the ball gets passed during the day. The auditors with the correct answer will be promoted to Senior Associates by their firm; the rest will be fired and immediately hired by the factory as new ball-passing workers.

There are no issues for the first hour as the ball gets passed and counted by enthusiastic workers and auditors respectively. At around 10am the factory managers release a hungry zombie onto the floor whose job it is to make new zombies by biting the flesh off the ball-passers. Despite the hazard, the workers continue doing their important work while successfully passing the ball and evading zombie threats. The auditors continue counting passes from the safety of the gallery. No issues noted.

When the zombie has achieved its objectives it drags its prey to a corner of the factory where it dismembers the former ball-passer and feeds on its flesh. After several minutes, zombie-handlers remove the zombie and its “zombie offspring” and a new zombie is then introduced to factory floor. This process continues until 5pm when the remaining ball-passers go home and remaining zombies are returned to their quarters.

At 5:15, managers assemble the auditors in the board room (who are hungry and tired from a long day of counting). They are each given a special remittance form and an envelope and asked to write down the following: (a) the number of passes they recorded; (b) the number of zombies they witnessed; (c) their name, and; (d) the phone number for their next of kin. Auditors then place their sealed envelopes in a metal box and take their seats. While the auditors enjoy some refreshments, managers review the responses in nearby office.

When managers return at 5:30, the results are revealed. On this day, only one of the ten auditors recorded the correct number of balls passed but none answered the zombie question correctly. In fact, none of the auditors reported seeing any zombies during the day. (1)

It turns out the auditors were so focused on counting the passes that they didn’t notice the zombies or the gruesome disemboweling of workers.  (During their post-mortem meetings with managers, two of the auditors stated they were puzzled by “pools of maroon blood” and “the mess on the floor” that seemed to suddenly appear at 5:00, but postulated that it must have always been that way.)

Day 2: Risk Managers and Zombies

The following day, one risk management practitioner was hired to count ball-passes. This time however, every time a zombie appeared, he hollered to the workers to stop passing the ball for a moment. The risk manager jumped down from the gallery and stabbed the zombie in the brain with his Sharpie. Upon returning to the gallery the workers were asked to resume their important work and counting continued. At the end of the day, the risk manager not only reported an accurate tally of ball passes and zombies but none of the workers were harmed. None of the zombies met their objectives.

Moral of the story

To anyone who thinks audit is risk management and auditors are risk managers remember that while auditors are busy counting their balls risk managers are on the lookout for zombies.

Image credit: Going Loud Studios

(1) There is a paragraph in Richard House’s book The Kills/Sutler that partially inspired this post,  where he explains the reason why the auditors would not have noticed the zombies. It’s “because they’re too busy trying to get something right”.