Show Me Don't Tell Me Why Declarative Statements Are the Enemy of Effective Monitoring
Published on: Fri May 27 2022 by Ivar Strand
“Show Me, Don’t Tell Me”: Why Declarative Statements Are the Enemy of Effective Monitoring
A standard scene plays out in countless audit and monitoring interviews. The monitor asks a direct question: “Do you perform a monthly reconciliation of this account?” The finance manager provides a direct answer: “Yes, we do.” The monitor makes a note, and the interview continues.
In this exchange, a fundamental failure of verification has occurred. The manager’s response is a declarative statement; it is a claim, not evidence. Accepting such statements at face value is an insufficient basis for a professional assurance opinion. Effective monitoring is built on a foundation of professional skepticism, a discipline best summarized by the simple principle: “Show me, don’t tell me.”
The Unreliability of Stated Compliance
This insistence on verifiable evidence is not about assuming dishonesty on the part of the auditee. The issue is more nuanced. A manager may genuinely believe a control is being performed correctly, but be mistaken about its frequency or thoroughness.
As we have discussed previously, the gap between formal de jure policy and informal de facto practice is a persistent feature of all organizations. A manager’s statement is likely to reflect the official policy. Only objective evidence can confirm the operational reality. An effective monitor’s responsibility is to audit the practice, not the assertion.
From Accepting Claims to Requiring Evidence
The role of a monitor is to methodically convert claims into facts through the disciplined collection of objective evidence. This requires a fundamental shift in the nature of inquiry, from asking questions that elicit a “yes” or “no” answer to making requests that compel a demonstration of proof.
-
Instead of asking: “Do you review user access rights on a quarterly basis?”
-
The request should be: “Please provide the system-generated reports from the last two quarterly user access reviews and the email correspondence confirming their review by management.”
-
Instead of asking: “Are large payments approved by the Country Director?”
-
The request should be: “Please pull up the five largest payments from last month in the financial system. Let us review the digital approval stamps and their associated user IDs in the audit trail together.”
-
Instead of asking: “Is the vendor list kept up to date?”
-
The request should be: “Please show me the change log or audit trail for the vendor master file for the past 90 days.”
This approach replaces reliance on memory or stated intention with a review of concrete, time-stamped evidence.
Evidence in a Digital Environment
In a modern, digitized financial ecosystem, the most reliable evidence is often that which is generated by the systems themselves. An immutable, system-generated log of user activity is a more objective source of evidence than a signed piece of paper which can be back-dated. A live walkthrough of a transaction in the system is more revealing than a verbal description of the process.
A key benefit of technology-driven monitoring is that it allows for the direct analysis of this digital evidence at scale, providing a more efficient and comprehensive way to verify processes than manual sampling alone.
A declarative statement is a useful starting point for inquiry, but it is never the conclusion. The core discipline of monitoring is the methodical verification of such claims against objective evidence. This is the only credible path to building genuine, independent assurance and stakeholder trust.
