Monday, February 9, 2009

Ode to Useful Auditing

I gave a Firetalk at ShmooCon on Saturday night. I told the people that attended that I would post the poem from the talk:
There once was a man named Steve,
Who was notified he was subject to audit.
It just about made him heave,
But he knew he could simply discredit.

The auditor sent over their test plan,
To which he responded with documentation.
And then they started to scan,
Yet he feared not for his occupation.

The scanners left to perform their magic,
Steve awaited the results package.
He had confidence that it wouldn't be tragic,
For the auditors were at a disadvantage.

One day the deliverable arrived,
Upon that was convened a meeting.
A plan that Steve had contrived,
Involved supplying the auditor a beating.

Steve began by questioning tool sets,
And continued by criticising results.
The contractor began to fret,
But didn't consider it an insult.

The "auditor" launched into his shtick,
Complete with tons of excuses.
It speckled with buzzword shit,
But his logic only confuses.

Now that management's confidence is shaken,
Steve goes in for the kill.
He announces the auditor is mistaken,
Then defines their lack of skill.

His argument lies in their false positive rate,
And their inability to ask questions.
The documentation review was a sorry state,
He finished by making some suggestions.

Remove these morons from my sight,
They are the reason auditor is a dirty word.
These reports are only meant to cause a fright,
This entire exercise has been absurd.

After which, I launched into my usual rants about why the Federal auditing needs to change.

Please note, I am not saying that auditing is dead. I am only saying the useful auditing died some years ago and it needs to be resurrected.

No comments: