Skip to main content

Software IG for Corporate IT

Posted by malcolmdavis on July 6, 2003 at 2:35 PM PDT

I wager I can walk into any Fortune 500 Company, pull a module of code, and discover that there is no corresponding unit test. Furthermore, the module most likely will not follow the company’s coding standards. Even though many of these companies contain documented processes for unit tests and coding standards, very few have independent auditors that can walk into a group and comprehend what is going on.

To help avoid the fraud, waste, and abuse that can occur inside large organizations, the military uses the concept of an Inspector General or IG. The IG is an independent external auditor that walks behind those in command and monitors if they are doing their job.

The concept is that the people in command are responsible for the actions of the workers. Since the focus of the IG is the individuals in command, not the workers, this puts pressure on the officers to understand what is going, and to follow-up on all activities. This is why when taking over a military platoon; the first duty of a second lieutenant is to have an assessment of all equipment and personnel. The second lieutenant is responsible for everything in the platoon. That lieutenant knows that there will be an IG inspection someday.

I recently asked a technical lead: ‘is the group following coding standards?'. His reply was, 'They better, I told them to....'. After the conversation with the ‘technical lead’, the IG would have started pulling sample code, looking for unit test, etc.

The concept of an IG runs through all walks of life, and professions. An example for the banking industry is the Treasury Department’s OCC (Office of the Comptroller of the Currency). One thing the OCC does is review loan procedures for the banks. To validate that banks are following their own loan procedures, OCC inspectors will randomly pull bank loans looking for discrepancies. When discrepancies are found, it is the bank officers whom are responsible. The US Treasury’s external audits are a major contributor to the strength of the US banking system.

Nothing is perfect: Auditors play the major role of attesting that the financial statements of an organization are ‘true and fair’. Yet, as we have learned through recent corporate scandals, (Enron & Anderson), even independent audit mechanisms can fail.

Related Topics >>