jump to navigation

“Have You Got Documented Procedures?” April 26, 2010

Posted by Audit Monkey in The Joy & Pain of Internal Audit.
Tags: , ,

The politics posts on the Blog are going down like a lead balloon so time to revert to good old-fashioned auditing.

Those in the know will recognise the title of this post; it is the first question the auditor will rattle off at the start of the interview with the auditee to ascertain how a process or system works. Inevitably the answer is “yes”, or “yes but they require updating” or “sorry, guv’, can’t be doing with’em”. (Well, I exaggerate, no-one has said the latter but a bit of honesty once in a while would be refreshing).

I always find asking this question rather laborious as it will often result in the standard audit recommendation that “procedures are drafted, updated, etc”. Job done.

Anyhow, I had an interesting conversation a couple of weekends back with my sister’s next door neighbour. A lovely gentlemen, let’s call him Dr.Patel, who funnily enough, is a Doctor at a South London hospital. We talked at length about the state of the Nation, the forthcoming General Election and his role as a Doctor in the NHS. The usual gripes came out, the inscessant paperwork, peer-reviews (whatever these are) and auditors grinding on about the need for documented procedures. In context, the main complaint was that as a physician it was impossible to document every possible protocol and process as the human is an infinitely complex machine which will not fit conveniently into any written instruction.

I concurred but with my Auditor hat on, I commented that procedures had greater relevance in a structured environment such as a bank but also served as guidance. Dr.Patel, not to be out witted by a smart arse Accountant, reposted, “remember 7th July 2005 bombing in London? We were asked to stand-by for 20 or so casualties? What do you think I did?”

Having audited in the NHS, I’m aware that all Acute Hospitals are obliged to have a MIP, Major Incident Plan, which details the actions Hospital staff should undertake in the event of a large-scale accident, e.g. rail crash, on their manor. The more intelligent out there can probably see answer to the million Dollar question; ‘did Dr.P grab the ring binder and read the MIP on the morning of July 7th or do something else?’ This was my reply.

“You probably went to your Ward, gave instructions to the nursing staff regarding your high priority patients, then proceeded to A&E and grabbed a set of clean scrubs on the way”. Dr.Patel said affirmed, “Precisely” but the “MIP says Doctors should wear pink scrubs, Surgeons, blue scrubs! Who cares what colour the scrubs are?”

In the event, Dr.Patel and his fellow hospital staff were stood down. So, are documented procedures relevant? At what point do the procedures end and initiative takeover? What would we do in the absence of procedures?

My opinion, procedures provide a structure or an approach that can be adopted in a situation but are no substitute for common sense, so it looks like my ‘favourite’ audit question will remain for the time being.


1. Richard - April 28, 2010

Without wishing to rain on your auditing fireworks it often seems to me that documenting procedures are at best a way of forcing people to ponder imagined what-ifs before they happen and at worst a job creation scheme to keep people’s Microsoft Word skills up to date.

In reality though, when the merde hits the fan people don’t go hunting round for the latest version of the panic doc, they get on with the issue at hand. When the dust has settled then it is time for a full finger-pointing post mortem and recommendations are inevitably made to get documentation updated in order to assist with resolving the next incident. The problem then is having too many docs and not being able to see the wood for the trees.

However, for obscure systems about which there is little local knowledge then documentation comes into its own so being nudged by auditors now and again to get something down in writing isn’t necessarily a bad thing.

In conclusion – keep up the good work 😉

2. Audit Monkey - May 2, 2010

Richard – good comment. Nice to see what other people think from the other side of the fence. You raise several good points.

I agree. Documented procedures shouldn’t be excessive and accessible. I often think procedures for a particular process shouldn’t be sub-divided and separated out. One manual would suffice.

As for obscure systems, it was only last week I was auditing someone who was programming a bespoke system. The usual chestnuts. Lack of continuity if the original programmer disappears off to Mars and key person dependency. One way around this, documented procedures. Ugh!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: