Why do we use random audits?

Dart board

Random audits or inspections have long history in regulation. However, given the pressure on regulators today to stop bad things from happening, is it time to question this practice? So why are random audits used? The apparent reasons include:

  • Efficiency, auditing every situation is not possible
  • The threat of an audit keeps everyone honest
  • They’re fair; no prejudice determines who gets audited

Are these reasons really valid? Let’s consider them.


  • Using audit resources to look into situations that don’t need to be looked into is not efficient


  • There’s no doubt the threat of an audit can promote improved practice. So, when audits are targeted at sub-standard situations based on risk factors, the likelihood of these situations being audited increases greatly. Thus, if the possibility of an audit can motivate improvements, the greater certainty of being audited should strengthen the motivation to improve.


  • The idea that random audits are fair is baseless. It’s not fair when auditors waste their time, and the time of others, examining well managed situations that are compliant when there are unaudited situations that need attention. Even worse, when the bad apples aren’t uncovered regulatory authority is diminished.

In mid September, I attended the annual conference of CLEAR (Council for Licensure Enforcement and Regulation) in Virginia. I attended an excellent presentation given by Andre Jacques, MD, Director of Practice Enhancement Division, College des Medecins du Quebec. When Dr. Jacques joined the College in 1993, the practice team used random audits. The results: only one out of ten audits uncovered situations that needed attention. Today, because the team uses sophisticated techniques to target high-risk situations, eight out of ten audits are productive. The team is very successful at deploying audit resources into situations that really need to be examined in detail.

Dr. Jacques and his team have also, remarkably, changed attitudes about the interventions of Quebec’s regulatory authority for doctors. Most often, regulatory interventions are seen to be negative, even in the practice improvement arena. We’re not talking about enforcement. The threat of a regulatory sanction that places restrictions on or takes away a license is a defensive risk management strategy with negative connotations. However, to intervene to help make a situation better is a positive risk management strategy. Dr. Jacques and his team have earned the trust of physicians and also gained widespread support from Quebec universities (who educate physicians), the unions who represent physicians’ interests; and other medical colleges and associations that focus on standards development, policy, training, and lobbying. Everyone benefits and, most of all, the public.

The idea of random selection makes sense in the world of lotteries, but for organizations that have core risk management missions to improve public safety does it really fit? There’s no question that it’s challenging to develop approaches for effective targeting. In speaking with Dr. Jacques, he made it clear that their performance in targeting has improved over time. They had to (and continue to) work hard to discover the risk factors that will help them identify situations that are unsafe or need to be improved. Risk management is all about uncovering the threats that will impede your mission, and about developing positive strategies for improvement. Targeted audits are one of the most effective risk management approaches that regulators can use.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s