One Chart: The Audit-Findings Pareto

Take a year of audit findings, strip out the names, and sort them by root cause. A familiar shape appears almost every time. It is not a flat spread of many small unrelated problems. It is a steep curve: a couple of categories tower over the rest, and a long tail of minor issues trails off behind them. The Pareto principle — roughly eighty percent of effects from twenty percent of causes — is not a law of nature, but for audit findings tied to records it is an unusually reliable rule of thumb.

The reason this matters is leverage. If findings were evenly distributed across dozens of unrelated causes, improvement would be a slog with no obvious starting point. But when two categories generate most of the findings, the path is clear: fix those two and the total collapses. The chart below is the whole argument in one image, so let's look at it before saying another word.

Reading the curve

The two bars on the left are the ones worth your attention, and they are remarkably consistent across organizations and sectors. The tallest is almost always missing or unprovable approvals — decisions that were made but cannot be tied to an authorizing person and moment. The second is version and record mismatches — the file the auditor pulls does not agree with the file the work was actually based on. Together these two routinely account for the lion's share of findings. Everything to the right of them — late documents, access problems, assorted one-offs — is real, but it is noise compared to the signal on the left.

Notice what the cumulative line is telling you. By the time you reach the second bar, the orange line has already crossed eighty percent. That is the practical meaning of the Pareto shape: you do not have to fix everything to fix most of it. You have to fix the front of the curve.

What the chart tells you to do on Monday

The temptation after an audit is to write a sprawling remediation plan that addresses every single finding with equal weight. The chart says don't. Spreading your effort evenly across the whole list is the one strategy guaranteed to underperform, because it pours the same energy into the long tail as into the two causes that actually drive the result. Instead, aim almost everything at the front of the curve.

1. Close the approvals gap first. Make every material approval leave an automatic, attributable, dated record. This bar alone is often a third of all findings.

2. Kill version ambiguity second. Ensure there is one authoritative version of every record and that the field works from it. That is the second bar gone.

3. Let the tail wait. The long tail is worth a glance, not a campaign. Most of it shrinks on its own once the front of the curve is fixed.

Run the exercise on your own findings and the curve will almost certainly look like the one above. The value is not in admiring the shape; it is in resisting the urge to treat every finding as equally urgent. Most of your audit risk is concentrated in a place small enough to fix this quarter. The chart's only job is to point at it.

We turn one number or one chart into a single decision every week in our one-chart series. The findings curve is the one we come back to, because the fix is so much smaller than the problem feels.