In the most recent issue of Internal Auditor magazine (available on newsstands everywhere – okay, maybe not everywhere, but if you're a member you can look it up on line and, now that I think of it, how come you're not a member?!! Where was I? Oh yeah...) In the most recent issue of Internal Auditor magazine I got the chance to talk about the recent "catfish" situation regarding Manti Te'o.
If you don't remember what happened (because, let's face it, by this time a lot of more [and less] important stuff has flowed under the metaphorical bridge), you can go back to my article or just Google and Bing to your heart's content to learn what hoards of news reporters, bloggers, tweeters, etc. had to say on the subject.
Elizabeth Echlin Harmer sent me a nice note regarding the article. She wrote, "When I read your recent article on catfish, it started me thinking on the need for healthy skepticism. I thought you might be interested in this article from the nuclear industry, and I would be interested in your thoughts." The link is to a blog post where the individual writing the blog (Rod Adams) discusses possible issues with the credentials of an individual providing consulting in the nuclear energy field.
Let us all pause and consider the ramification of someone doing consulting work for the nuclear energy profession whose credentials may be suspect. Makes a football player becoming involved with a fake girlfriend seem a bit, shall we say, inconsequential, doesn't it? (And you thought there might be ramifications from errors in your reports.)
The article brings up some interesting issues beyond the one Mr. Adams is trying to hammer home, and what follows is an extended version of my reply to Ms. Harmer. (Maybe someone should have warned her about the risks of expressing interest in my thoughts. Has she seen the length of some of these posts?)
I find the link fascinating on a number of levels. First, I found the comments provided by others at the end of the piece particularly fascinating. The issue of arguing credentials on so public a stage, the desire by others to make this a broader discussion, and the resulting questions about slander and libel in the Twitterverse are perfect examples of the way issues regarding social media are being hashed out as we speak – battles that are still being sorted out by regulators and the courts . This post is a perfect example– including the risks anyone faces when they make their contentions and arguments public.
The next level relates to the point I think Adams' is trying to make with his post. How does a resume, position, or title impact the trust people place upon each other? Adams raises some interesting questions, and the replies to the post raise similarly interesting points. And I would raise that question to auditors. How often do we accept the answers and solutions provided to us because of an individual's pedigree?
As an example, do we ever question a decision that comes down from the halls of the Legal Department? My guess is seldom, if ever. And that is because we accept them as the authorities – they have the sheepskins and JDs that mean they know what they are talking about. And don't mistake what I am saying; we hire them because they are the authorities (just as we are hired because we are the authorities on such things as risk, controls, and process evaluation). But is it worth our while to take a moment and give their decisions a reasonableness test? (And, while we're at it, let me throw in another interesting concept: Mayhaps we should occasionally include the audit step of verifying the bona fides provided by any auditee.)
And the final fascinating level is more specific to internal audit (and the point I was trying to make in the catfish article). How far should we trust people? When we work virtually, what should we believe? And even face-to-face, what is our responsibility in ensuring the veracity of the individuals involved? I would argue that we all (I'll throw me in that one) far too readily accept the proposition that the person we are speaking with is indeed the person they purport to be. Do I question a long-time friend to make sure it is really him? No. Do I take some steps to ensure that the Director I'm talking with – one I've never met before – is who he says he is? Maybe.
I recently saw a presentation where the individual (not an internal auditor) mentioned she was unaware that skepticism was a part of our jobs. I think Adams' post, as well as any discussion regarding catfish episodes, reminds us that a cornerstone of our strength is the appropriate use of professional skepticism. I believe we are diligent in keeping the skepticism volume turned to eleven when we listen to answers to the questions we ask, but turn it off completely when it comes to ensuring that people are who they say they are – including our acceptance of their authority to express those opinions.
As I said in the article, the virtual world makes a brand new world for all of us. For auditors, it makes some things easier – research is as easy as the click of a button. However, it makes it much harder for us as we are required to interact virtually. I know of one group that is doing investigations virtually – including teleconference interviews of suspects. To ensure they maintain solid cases, they have to take extraordinary measures to ensure they are actually talking to the individual involved – including the placing of unimpeachable witnesses with the suspects. They have found their solution to their own struggles with a virtual world.
We may all have to take a lesson from this group. I do not necessarily like the approach; it goes against everything I have ever learned as an investigator. But we live in a new and constantly evolving world, and we are going to have to be uncomfortable in order to succeed it in.
I invite you to take a look at the blog post and let us all know what you think