, , , , , ,


So I’ve just been appointed as the new head of internal audit and counter fraud for the First Order.

It’s been an interesting time. We have a new leader, Kylo Ren who is charismatic and a little challenging to work for. Audit independence is going to be challenging with this CEO! We’ve just lost our chance to crush the rebellion, despite expending lots of resources on crushing activities. Value for money will be a challenge. The Jedi and the force still seem strong with the rebels.

My first job is to conduct a independent review into the lost opportunity to crush the rebels and the killing of our previous leader, Snoke.

So, first I need to look at defence design. We lost a dreadnought to a single rebel bomber and a few fighters. How did this occur when so many cruisers and our fighters were there? Why are there so many single points of failure? Is it quality of design? Process of approval? Lack of independent quality assurance? Poor intelligence of rebel capability?Then we had the leak of security codes to allow an approach to our leader Snoke’s ship. They got onboard and close to the supreme leader. Thanks to the individual that was bribed to turn them over. Then the stormtrooper called Finn. He is an anomaly according to Captain Phasma, but how can this occur? We have strong controls. I will need to use some data analytics to get under the skin of this. How many others go ‘wrong’. Then we had the debacle of a single rebel ship being able to sit in full view but not be able to be attacked. What is the point of all of this technology? Finally why were we not able to detect it turn on us and jump to light speed through our ship, destroying it?

We have a strong control framework based on 145th COSO edition framework – how did it go so wrong? We have a clear command and control framework and each part of the machine operated. Perhaps it was a compliance issue? Do we need an even larger stormtrooper second line? Perhaps a better training programme for Sith Lords? Our Sith compliance and risk training programme seems not to have delivered?

I have a good 10,000 storm trooper auditors. But are they enough? Or perhaps I need to have them trained to think? Or perhaps I need them trained in the force? To resist Jedi mind tricks! Thinking auditors… hmm… interesting.

What is clear however that this is another disappointing lesson that compliance and command and control cultures always seem to fail when it matters; when strategic choices are made; or when the system, designed for normal operations is put under severe stress.

Are there more complex risk based lessons I need to consider here in my review of this debacle? Thoughts on a droid video please! Happy Christmas!