Why do companies flood auditors with unnecessary documents? Are they just messing with us?
All I want are the 1-3 items that I actually need to complete my testing. I need the loan statement and this confirmation. The rest is just clutter that I didn’t request.
Seriously, why am I getting a folder filled with documents I didn’t ask for instead of the ones I’ve specifically requested multiple times?
2 Responses
It can definitely be frustrating when you receive an overwhelming amount of unnecessary documents instead of the specific items you need. It could be a few reasons for this:
Process Overload: Sometimes, companies have standard procedures for document requests, and those processes might not be streamlined. They might send everything related to your request just to be thorough.
Miscommunication: There could be miscommunication within the team about what you actually need. Maybe your requests haven’t been clearly understood or relayed to the right people.
CYA Mentality: Some companies adopt a “cover your assets” approach, where they send more than required just in case they need to backtrack or clarify something later.
Lack of Organization: It’s possible that the organization or department responsible for sending documents lacks a well-organized system to quickly pull the requested items, leading to a higher volume of irrelevant documents being sent.
It’s definitely a good idea to reach out to them again for clarification, emphasizing the specific documents you need. Sometimes a direct follow-up can help cut through the excess and get you what you really need!
This is a phenomenon that occurs repeatedly and I think it is for several reasons.
Firstly people just hate audits and do anything they can to dissuade auditors from completing them.
Secondly the people at the top don’t want any interference so they give the job of provisioning Audit data to the stupidest, least professional people in the department who they retain for such purposes.
Thirdly is a question of all of the security people now involved. They make for so much red tape that no one knows what to provide anymore so they just have a rifle around and pass on whatever seems logical. It is just a fog of madness after GDPR, Info Sec and everyone else has stuck their oar in!