Continuous Auditing | Voice of the employee | Fantasy Golf Risk Management | Gut Feel | Good Enough | The Coffeepot

Ever feel like audit just needs to be “good enough” to check a compliance box? That’s where continuous auditing comes in—letting small teams do more with less, shifting from sampling to real-time monitoring.

Meanwhile, in Back of the Napkin, we explore how consultants are often just employee frustrations wrapped in a PowerPoint that leadership finally listens to.

Borrowing Inspiration takes a detour into fantasy golf (yes, really) to test risk management strategies—spoiler: gambling is still a bad bet.

Auditcraft dives into that gut feeling auditors get when something seems off, and why it’s a powerful tool when paired with actual evidence. And finally, in Foo, we embrace the 80/20 rule—because sometimes “good enough” beats chasing perfection.

As a reminder—

• AuditPal Spotlight: Highlights of internal audit trends.
• Back of the Napkin: One new thing I learned this week.
• Borrowing Inspiration: Ideas or tools from other fields.
• Auditcraft: Update on what I tried or failed at this week.
• foo: Random thoughts or ideas not necessarily related to audit.
• The Coffeepot: The “Too Long; Didn’t Read” part.

Now that you’re up to speed, read on! 🙂

---

Zac Explains Audits is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

---

AuditPal Spotlight:

Continuous Auditing

Audit has always been obsessed with materiality, time, and reasonableness… and for good reason. Audit, especially internal, is usually seen as a means to an end. Whether it be compliance, covenants, or regulatory scrutiny, audit is usually looked at as something that just needs to get done and that their value comes from costing just enough to get across that “good enough” bar. While I have discussed why this thought process is not true, or at least shouldn’t be true nowadays, the fact still remains.

Given this, audit isn’t typically flush with budget, which can mean we have to get creative in how we complete our work. Typically, we do this through sampling, so that we can get a reasonable picture into how a population of items might look. There are mathematical ways to determine how many samples is an effective measure, but to be extremely simple and un-nuanced, I’ll say that by looking at 25 random samples we can get a pretty good picture of how a population might look. Sometimes though, pretty good isn’t good enough and we may be asked to provide even more assurance, which doesn’t typically bode well for time budgets.

Continuous auditing is a concept that allows audit to provide more assurance in a more cost-effective manner. Many times, it can even shift time budgets away from the area to allow time to be allotted elsewhere. This can be incredibly useful for smaller companies or audit departments as it lets you get more work done in less time with less resources.

Continuous auditing for small departments

So, we know the big players can use all sorts of different tools and custom solutions to start continuous auditing, but how does a small department do it?

Well, first we need to understand what kind of data is available to us and how we can get that data in a useable format. There is a concept in computing processes called ETL or Extract, Transform, Load. I think this concept is a great way to think about what we are trying to do.

1. Understand – What is our goal and what information do we have?
2. Extract – How can we get this information out of the system
3. Transform – What do we need to do to the data to make it able to be used (Excel, PowerBI, Python)
4. Load – How do we load this data into our current audit tools
5. Iterate – How do we make this process automated to be able to continuously perform it without auditor intervention?

Example

Imagine we have a situation where we are performing a business expense audit every year that uses a standalone SaaS software. This software has the ability to connect directly to Excel or PowerBI via a Power Query connection.

What we can do is load the data into PowerBI, then create a dashboard that will alert us whenever a specific situation occurs. For example, if an expense that would normally require a receipt is approved without one or perhaps an expense report that has been sitting for X amount of days.

If we can get comfort over the completeness of the information being shown to us, we could get to a situation where the ongoing audit is really just reviewing the population of items that appear as exceptions. In the case that no exceptions occur, then internal audit can be satisfied that no further testing is needed, saving time and money.

I haven’t had my coffee yet – just tell me!

Continuous auditing isn’t just for large organizations with unlimited resources.

---

Back of the Napkin:

Sometimes consultants are just a voice of the employee

I’ve come to the opinion that the best way to get leadership to act on employee concerns is to have a consultant say it for them most of the time.

Employees know what’s broken. They see the inefficiencies, outdated processes, and roadblocks every day (and get to feel them every day…). But getting those insights to leadership—and actually seeing action—can be tough. That’s where consultants might be able to help.

The consultant advantage:

A good consultant isn’t just an outsider with a slide deck. They act as a translator, validator, and amplifier for employee concerns.

• Translation: They frame issues in a way executives understand—linking problems to strategy, risk, and financial impact.
• Validation: Employees may feel unheard, but when a consultant gathers data and presents the same insights, leadership listens.
• Amplification: Consultants elevate employee voices beyond middle management, ensuring key concerns reach decision-makers.

Example in action:

• An internal team struggles with an outdated system that slows down operations. They’ve raised the issue for years but get no traction.
• A consultant comes in, conducts interviews, gathers data, and presents findings: “Your system inefficiencies cost you X dollars and Y productivity hours per year.”
• Leadership moves from inaction to approval on a system upgrade.

How to make the most of consultants:

Consultants should be used as strategic partners to drive real change:

• Encourage consultants to spend time with employees and understand frontline issues.
• Align their work with employee needs to ensure recommendations lead to action.
• Treat their insights as a catalyst, not just a report—use them to create momentum for real improvements.

Bottom line:

Consultants aren’t just outside experts—they can be the missing link between what employees know and what leadership needs to hear. When used effectively, they turn employee frustrations into executive action.

I haven’t had my coffee yet – just tell me!

When used effectively, consultants can turn employee frustrations into executive action.

---

Borrowing Inspiration:

Fantasy Golf and Risk Management

Had a funny thought the other day and it came from the worst possible place… Gambling… It might just have had something to do with the SuperBowl (or SuperbOwl for my friends on Reddit… don’t ask…) But I started to think about the idea of risk management and diversification as it relates to Fantasy Football.

Unfortunately, with the Superbowl over, that also marks the end of the season as far as football goes, so I had to find a substitute to test my theory. I chose golf – because my brother and dad go nuts for it. I also at least know some of the names, so that should help me too.

The Research

Like most of us today (not saying it’s good or bad)- I headed over to ChatGPT to see what it could find for me. What is pretty interesting is that there are massive communities dedicated to stuff like this, which maybe shouldn’t be too surprising considering the amount of money flowing into online gambling… Word for the wise, don’t gamble kids- the majority of people have to lose in order for this thing to keep going and its been going for a long, long time.

ChatGPT states that the most important metrics to follow would be:

1. Player exposure – How concentrated are you in certain players?
2. Ownership exposure – Overall, how favored is the player by others in the contest? Note: this isn’t tracked for you, so we’ll have to come up with a substitute to model this figure, but I have an idea…
3. Leverage score – The difference between your player exposure and the ownership exposure. This shows your level of leverage e.g. if you are positive (or overweight) then you are taking on higher risk, but to hopefully get a higher return. This is starting to sound more and more like stock picks than golf picks…
4. Expected Value (EV) of lineups – This one is a bit trippy, but I want to include it to really drive home the point that gambling really isn’t worth it and you should definitely not spend any money that you aren’t willing to lose because you will lose it, statistically.

How it works

If you haven’t done anything like this before, note… don’t… Then I’ll explain a bit how it works.

You basically get to pick 6 golfers in a tournament and they all have pre-ordained salaries that you have to pick with a salary max that you have to stay under.

Ultimately, this team will gain points based on how well they do and the sum of those points becomes your total score.

Data

We’ll need data to start looking at this, so lets find a contest and see what we can do.

This one seems to be a good one, so we’ll use this for our test. I spent $0.50 on this, so you know I’m serious about this experiment.

I’d love to run more of these fun experiments! Consider becoming a paid subscriber for $5 (Substack’s minimum). All newsletters remain free, but paid members can comment and access exclusive content in the works.

Anyways- The important points to note here are the prize bands, the total number of entries (23,952), and the entry fee ($0.05 per lineup). We’ll be using all this data in order to come up with a few different metrics.

Additionally, we’ll need some player data, which the particular betting site I am using provides a handy-dandy .csv file with all the golfers, their FPPG (fantasy points per game) and their salary (cost to pick up).

Excel File

Ok, now lets get back into my realm a little bit- One weird Excel file HOT TO GO! – just like Chappell Roan!

Configuration Tab – Specifies some data that can be adjusted based on the contest

Prizes Tab – Specifies prize data, probability, and Expected Value… Yep… $0.04 on a $0.05 per lineup bet is the expectation… Again… Don’t gamble, you will lose!

Player Tab – Specifies player data and makes some calculations to find player exposure and relative cost/value.

Dashboard Tab – Risk dashboard to show our data in graphical format.

The contest has not been completed yet, but already I can tell the 10 lineup strategy is likely not going to work out. I believe once you start going into contests with multiple entries there are people doing what I’m doing, but way better. Still a pretty interesting look into the world of risk management using fantasy golf as a canvas.

I haven’t had my coffee yet – just tell me!

I tested risk management concepts in fantasy golf using Excel, only to confirm that, statistically, gambling is a losing game.

---

Auditcraft:

“Gut Feel” in Audits

You see an issue, and something doesn’t sit right. No hard evidence yet—just a gut instinct honed by experience, pattern recognition, and maybe a few past audit war stories.

But what exactly are we feeling here and why?

The Background

Humans have evolved to have this “gut feeling”, which forces us to be on edge and alert. There is a great book about this phenomenon, which is called “The Gift of Fear” by Gavin de Becker. He is primarily focused on recognizing danger or potential violence and argues that our “gut feeling” is our subconscious telling us it noticed some things that are active brain didn’t. The sense of unease is its way of telling us to be prepared.

Turns out we can train this skill in audit too!

When you feel that creeping gut feeling coming on ask yourself why and then try and confirm or refute it:

• Why do I feel this way? (Experience? Pattern recognition? A specific red flag?)
• What data would confirm or refute this instinct?

Then, after gathering evidence, compare the gut reaction to reality.

The Lesson

Intuition is a powerful audit tool, but it’s not a substitute for evidence. Instead, it should be a hypothesis generator—a trigger that pushes us to validate or disprove our instincts with real data.

The best auditors balance instinct with analysis. Trust your gut, but back it up.

I haven’t had my coffee yet – just tell me!

Intuition is a powerful audit tool, but it’s not a substitute for evidence.

---

Foo:

Why “Good Enough” Beats Perfection in Almost Everything

Have you ever worked on something and just really nailed it? Like you sat down and the next thing you know its hours later? Then it happens, you are almost done and all the sudden your 60 words per minute turns into 1.5? That’s perfection getting in the way of progress. Sometimes, you just have to let it fly knowing good enough is better than perfect.

The 80/20 Rule at Work

Economists came up with a law for this phenomena called the Pareto Principle, or better known as the 80/20 rule. This rule applies to a peculiarly large number of items in our daily lives. From 80% of sales coming from the top 20% of your customers to 80% of your headaches coming from the bottom 20%- this rule appears everywhere. Even in language where the most frequently used 20% of words account for 80% of the word occurrences. The thought is simple, 80% of the result typically comes from 20% of the work.

Where “Good Enough” Wins

Let me ask you something, if you had to pick between two identical restaurants for dinner, but one of them charged you $1,000 for a great steak and the other charged you $200 for a pretty good steak, which would you choose? Unless you have more money than sense… you are probably joining me at the $200 steakhouse and letting Tom Brady or Elon Musk eat that other steak.

The Audit & Business Angle

So how do we tie this to audit or business, so my readers don’t revolt on me?

Well… Lets look at it from a risk assessment perspective. Using the Pareto Principle, I can say that 80% of the risk in any process is coming from 20% of the existing issues. Given this thought, if we focus our limited time frame on identifying those 20% of risks, or at least the largest risks we find- would it then not make sense to think we have reasonably reduced quite a bit of risk within the given process?

This is kind of what we as auditors are driving towards with things like risk assessments or materiality and why great auditors are able to understand the “so what?” before they make a recommendation. If the recommendation lessens the processes risk by 20%, but we spent 80% of our budgeted time on it – are we really helping the client or just sucking up money?

The Hidden Cost of Perfection

So the next time you get in that flow where work is flying from your fingertips and you get stuck all the sudden and now nothing is moving. Just remember that you already did the hard part and you’re just finishing up that last 5%, don’t spend more time than it’s worth.

I haven’t had my coffee yet – just tell me!

Perfect is nice. Done is better. The juice isn’t always worth the squeeze.

The Coffeepot:

I haven’t had my coffee yet; you are just going to have to tell me what you are talking about-

• AuditPal Spotlight: Continuous auditing allows audit to provide more assurance in a more cost-effective manner.
• Back of the Napkin: When used effectively, consultants can turn employee frustrations into executive action.
• Borrowing Inspiration: I tested risk management concepts in fantasy golf using Excel, only to confirm that, statistically, gambling is a losing game.
• Auditcraft: Intuition is a powerful audit tool, but it’s not a substitute for evidence.
• foo: Perfect is nice. Done is better. The juice isn’t always worth the squeeze.