Mystery Audit - A non-conventional area of Audit.
By CA.PRATIK NIYOGI
A Mystery is something that is not understood or known about. An audit which is conducted
without being known by the auditee is Mystery Audit. Thus, the visit of a store or use of a service
anonymously and assessing its quality is Mystery Audit. This type of Audit is used to assess such
factors as the quality of customer service, including general and technical efficiency, and
friendliness of staff, layout, and appearance of the premises, and quality and variety of goods or
services on offer. Mystery shoppers/Auditors fill in a questionnaire based on their impressions and
this information is then used to identify possible areas for business or service improvement.
Mystery Audits provide an independent and constant examination of the ‘real’ internal practices
of a company and what customers really think about its products and services? It helps in
evaluating the practices in relation to defined standard requirements and help companies to achieve
consistency as well as continual improvement in their customer delivery models, standards,
Apart from its customer based focus, Mystery Audit can also be used to judge productivity of
It has been proven time and again that employees do perform differently under a watchful eye than
they do when unattended. Job security, desire to please and succeed, and an internal sense of pride
play a role in how a worker responds to being monitored. If the employee is aware that he or she is
currently being evaluated, they may feel a need to strive to perform to higher standards than usual.
The incentives toward this behaviour include a desire to please reputational concerns, and job
security and stability. An effective mystery audit program, when employed with frequency, will
reinforce those desires creating a higher level of consciousness as staffs perform their job duties.
With positive reinforcement, the increased desire to please becomes a habit, resulting in better
employees who continually model behaviour for their peers in day-to-day settings.
While a business' motivation for monitoring employees, either secretly or otherwise, can be partly
attributed to the desire for financial gain or success, employee responses are usually linked more
directly to a sense of altruism, duty or loyalty. These are intangible motivators, which indicate that
people place more importance on their desire to please others and their social reputation than on
more concrete monetary benefits. Mystery Audit programs are increasingly favoured
methods of observing employee behaviour and performance. One of the strongest reasons is that
mystery audit is a third-party or objective guest or customer. When coupled with appropriate
training and feedback delivery, mystery shopping reports can be received more favourably than
traditional monitoring by management or administration. Mystery audit are perceived to be peers
rather than hierarchy in the chain of command. Their observations, when delivered constructively,
give the staff member a slice-of-life approach to viewing their own actions and behaviours.
It should be noted that mystery audit and similar methods of observing and monitoring employee
performance may give some employees the impression that their work is not satisfactory and,
therefore, it is necessary to spy or check up on them. However, if the mystery audit’s purpose is
explained as an evaluation method to reinforce and reward appropriate behaviour and the findings
are used to coach instead of finding fault, the results will be improved. The trick is to make sure
that meaningful recognition and rewards are in place when the monitored behaviour reaches or
exceeds the standard set forth. In other words, cheer them on when you catch them doing right.
The Customer based perspective.
In a complex and demanding consumer environment, the level and quality of service that
consumers expect has increased. Mystery Audits also popularly called Shopping Audits measure
and improve the quality of the service delivered to customers. Shopping Audits covers core points
within the service life-cycle that the customer experiences and highlights critical points in the
management of their sales:
Campaigns, promotions, etc.
The specialised mystery shopper auditors conduct anonymous and unannounced visits, evaluating
all aspects of service based on pre-established criteria. Each mystery audit check results in a
detailed report highlighting qualitative and quantitative data findings. All this information allows
customers to identify both their strong and weak points with regard to service and lets them
embark on a path of continuous improvement to increase customer satisfaction. Mystery shopping
audits complement traditional second party audits on general quality requirements. Mystery
shopping audits are focused on the aspects of service that an average customer notices. For
example, how much time was spent waiting before being served; the courtesy shown by the sales
people; if they were well dressed; and if they wore an identification badge among other criteria. To
be effective, these audits must be performed regularly.
The Audit Process
Performing Mystery audit is a structured, multi-step process, which includes a number of
predefined processes and procedures that must take place to ensure its successful and timely
The Mystery Audit compliance can be dependant on a variety of circumstances, but primarily it's
driven by publicly traded companies having to certify on internal controls of service organizations
that they are outsourcing material or significant functions to. This is required under section 404 of
the Sarbanes-Oxley act, and therefore, an audit is necessary for many service organizations in US.
The Audit steps encompasses the following:
1. Initial discussion between mystery auditor and service organization for the purposes of
understanding the scope, timing and final deliverables of the audit.
2. Service organization successfully undertakes a mystery auditor ‘Readiness assessment’.
3. Mystery auditor reviews, analyzes, and make comments and recommendations regarding the
information obtained during the ‘ Readiness assessment’.
4. In-depth discussion ensues with service organization regarding the ‘Readiness assessment’.
5. Mystery auditor and service organization collectively agree on any areas within the service
organization’s control environment that require remediation prior to beginning of the Audit.
6. Mystery auditor sends to client a Prepared by Client (PBC) list which consists of documents and
other deliverables that must be prepared prior to commencement of the Audit.
7. Mystery auditor conducts fieldwork and holds in-depth meeting with service organization to
8. Preparation of initial draft report begins, with collaborative effort from service organization,
ultimately leading to the generation of Mystery Auditor's Report.
9.Final closing meeting between Mystery auditor and service organization for discussing final
Auditor's Report, along with management's comments for the audit, the intended user's of the audit
and all other significant items that merit discussion.
Methodology & Timelineness.
These audits include an examination of controls that have been placed in operation and testing of
operating effectiveness. Testing of controls is required, with a minimum testing period of at least
six months. Testing is conducted throughout various predetermined timeframes throughout the six-
month period, and in a manner that significantly mitigates any type of business interruption.
However, other factors, circumstances can lead to a smaller testing period, such as four (4) months,
or a longer testing period, such as ten (10) months. Many times, the test period is driven by
external auditor requirements, service user organization demands, along with service organization
financial and operational concerns for undertaking the audit itself. For example, many times a user
organization is notified by its external auditors (user auditors) that one of their outsourced
providers (service organization) conducts transaction processing activities that affect the user
organization's "information system". When this happens, a dialogue amongst all parties will ensue,
with the testing period being a paramount topic.
The Audit report is issued after a generally accepted period has been completed. For example, an
accounting firm would examine a company's controls from July 1, 2009 to November 30, 2009 and
report on the "controls placed in operations and tests of operating effectiveness" for the six-month
test period of the audit.
Readiness Questionnaire for Audit Readiness Review
Readiness questionnaire will assist service organizations who are unsure of the necessary steps that
must be in place before effectively beginning the audit process for compliance, which is essentially
the first step in the readiness assessment phase. By making the entity aware of the tasks involved
with preparing and ultimately engaging in this type of audit, precious amount and employee man-
hours will be saved, ultimately affecting audit pricing. Upon examining a service organization’s
controls and related activities, the auditor can then determine additional internal procedures need
to be undertaken before analysis and fieldwork begins.
Scope of CAs in Mystery Audits
Mystery Audits are nothing but an evaluation of service organization’s controls. Attention is drawn
to US SAS 70. SAS 70 is an acronym for Statement on Auditing Standard 70; it was developed
and is maintained by the AICPA (American Institute of Certified Public Accountants).
Specifically, SAS 70 is a "Report on the Processing of Transactions by Service Organizations"
where professional standards are set up for a service auditor that audits and assesses internal
controls of a service organization. At the end of the audit, the service auditor issues an important
report called the "Service Auditor's Report”.
SAS 70 also describes the procedures for performing a service auditor’s examination (SAS 70
audit) of a service organization’s controls. At the completion of a SAS 70 audit, a service auditor’s
report (SAS 70 report) is issued by the service auditor.
There are two types of SAS 70 reports:
• Type I Reports
• Type II Reports
SAS 70 Type I Audit Certification
A Type I service auditor’s report includes the service auditor’s opinion on the fairness of the
presentation of the service organization's description of controls that had been placed in operation
and the suitability of the design of the controls to achieve the specified control objectives.
SAS 70 Type II Audit Certification
SAS 70 Type II builds on the Type I report to also include an assessment of the effectiveness of
the controls over a period of time, which is recommended to be no less than six months. Such a
report can be used to provide evidence of the effectiveness of the controls in meeting stated
objectives during the specified period.
Significance of SAS 70 compliance
1. Safeguard client funds and information
2. It reduces their audit and compliance costs. It pushes the cost down their supply chain.
3. It reduces their risk.
4. Ensure client transactions are complete, accurate, and timely
Benefits to the Service Organization
• Provides management insight into the effectiveness of controls and possible areas for
• Eliminates or mitigates repeat audits from users
• Provides independent assurance
• Allows the service organization to meet contractual obligations
• Provides a competitive advantage
• Allows the service organization to respond to regulatory inquiries
• Reduce disruption to operations through a single audit request for information.
• Satisfy Service Level Agreements or contract provisions
• Demonstrate leadership and market differentiation
• Enhance business performance through value added recommendations
• Provide additional comfort on risk, systems and controls to participants and business
Benefits – Users
• Provides information to assess the overall control environment for their (user) auditors
• Satisfies client regulatory requirements
• May control some audit costs
• Provides time efficiencies to user auditors by already having information
• Provides a level of comfort over control consciousness of the service organization and its
The SAS 70 audit report can be used by user organization’s financial statement auditors as a
substitute for those parties performing their own first-hand audit procedures.
A SAS 70 audit can improve or sustain business relations between service providers and user
organizations. It may be also viable to pass the costs of fees paid for the SAS 70 audit to the user
The SAS 70 audit report allows the service organization to provide its customers with independent
third-party verification about the state of the internal controls governing the integrity, reliability,
effectiveness, and security of the processing services provided to user organizations
Undergoing the SAS 70 audit distinguishes the service organization from its competitors.
The SAS 70 audit process can provide benefits similar to an internal audit function
The concept of Service Certification as contemplated by SAS70 above can very well be coupled
with Mystery Audits in the Indian context. The above task of Service Certification can be entrusted
on Chartered Accountants. The users of services or the customers can be assured when such a
certificate is issued by a Chartered Accountant.
So, the scope of CAs can further be enhanced once India adopts to Service Certification through
Chartered Accountants matching SAS Certificate by CPAs in US.
Indian Service industry can achieve a major boost if the above is adopted.
Following is a sample of Mystery Audit Questionnaire which can be designed for Multiplexes.
Date Time : hrs. Location :
Criteria Answer (Y/N) Remarks
1 Website does not take much time to open.
1 Website design is attractive.
2. Booking Link is easily located.
3 Information available on the website is correct and latest.
4 Booking tickets online is easy.
5. Secured Payment Gateway is available.
6. Payment options are mentioned.
2.Parking and Exterior
1 Access to the cinema level is easy and comfortable.
2 Building façade is clean.
3 Parking lot is clean and well lit.
4 Exterior of the building is attractive.
5 Parking system is fast and efficient.
6 Directional signage clear and adequate.
7. Security Guard greets patrons.
8 Security frisk is done physically or with detectors.
1 If waiting line, progress appears efficient/ queue management
2 Booking to transaction completion does not exceed 3 minutes.
3 Requests are handled without excessive delays or interruptions.
4 Staff reconfirms the details before issuing tickets.
5 Correct change is returned, if required.
6 Staff offers alternatives where needed.
7 Staff sitting upright and greets guests properly and hands over tickets after reconfirming.
8 Verbal price quote is accurate.
9 Staff makes eye contact.
10 Staff smiles or makes pleasant expression.
11 Staff speaks clearly.
12 Staff behaviour is not hectic or chaotic.
13 Staff does not eat, drink, smoke or chew gum.
14 Staff does not engage in distracting personal chat or horseplay.
15 Staff specifically thanks guest.
16 Staff distributes promotional material and informs about the rating of the movies. If not
informed about the rating, auditor to enquire about the same.
17 Staff neatly groomed.
18 Staff uniform or attire is clean, well pressed.
19 Staff uniform or attire is in good condition.
20 Microphones working.
21 Counters and glass thoroughly clean.
22 Counters and glass not worn or damaged.
23 No burned out light bulbs observed.
24 Light fixtures and lamps clean, dust free.
25 Light fixtures and lamps not worn or damaged.
26 Flooring / steps not worn or damaged.
27 Flooring / steps free of debris.
28 Plant, flowers and containers clean and healthy.
29 Lights and signages put on at darkness.
30 Signboards, displays, notice boards clean, well maintained and in a visible location.
31 Photosets visible.
32 Physical schedule/ LED clearly displayed and well maintained.
33 Access control working/ guard present. Box Office door locked at all times.
1 Security guard checks the ticket before entry to the multiplex.
2 Entry doors are not worn or damaged.
3 Entry doors are clean.
4 Floor and carpets not worn or damaged.
5 Floor and carpets free of debris.
6 Floor and carpets free of stain and soil.
7 Walls and ceilings not worn or damaged.
8 Walls and ceilings clean.
9 Wall fixtures, fittings and art dust free and clean.
10 Wall fixtures, fittings and art not worn or damaged.
11 Service and emergency doors not worn or damaged.
12 Service doors clean, free of marks.
13 Light fixtures, fittings not worn or damaged.
14 Light fixtures and lamps clean, dust free.
15 No burned out light bulbs observed.
16 Furniture upholstery / fabrics not worn or damaged.
17 Furniture upholstery clean.
18 Furniture wood / metal surfaces not worn or damaged.
19 Furniture wood / metal surfaces clean.
20 Sufficient waste bins provided and clearly visible
21 Waste bins clean.
22 Elevator car interiors not worn or damaged.
23 Elevator car interiors clean and dust free.
24 Escalator / staircase not worn or damaged
25 Escalator / staircase clean and dust free
26 Plant, flowers and containers clean and healthy.
27 Signboards and notice boards clean, well maintained.
28 Temperature comfortable.
29 Smoking zone clean and well maintained.
30 Exit clean and well maintained.
1 Usher speaks clearly.
2 Usher offers assistance or automatically provided. Elderly and physically challenged
people are escorted to their seats.
3 Usher behaviour is not hectic or chaotic.
4 Usher has a positive attitude and body language.
5 Usher does not engage in distracting personal chat or horseplay.
6 Usher does not keep hands in pockets, folded arms or slouching posture.
7 Usher does not eat, drink, smoke or chew gum.
8 Usher neatly groomed.
9 Usher uniform or attire is clean, well pressed.
10 Usher uniform or attire is in good condition.
11 Basket offered/ food was offered on seat.
12 Carpets free of debris (popcorn, paper etc.), stain and soil.
13 Carpet in good condition.
14 Seats free of stain and debris.
15 Exit clean and well maintained.
6. Projections/ Engineering
1 Lobby and auditorium maintained at a comfortable temperature.
2 Show starts on time in proper sequence of BMP programme.
3 Image is properly displayed on the screen.
4 Sound is appropriate.
5 Movie is run till the entire credits finishes rolling.
6 Slides are displayed without a jarring effect and moves smoothly.
7 Fire fighting systems situated in convenient and visible locations.
8 Exit routes and other signs displayed appropriately.
9 All lights in the auditorium including the track/ step lights in working condition.
10 Odour dispensers/ Ozonisers working, no foul smell or off odour in the auditorium.
1 Restroom entrance door not worn or damaged.
2 Restroom entrance door and frame clean, free of marks.
3 Signage are clean, legible and in good condition.
4 Floor not worn or damaged.
5 Floor free of debris.
6 Floor free of stain and soil.
7 No open drains in the restroom.
8 All surfaces clean, free of hair and dirt.
9 Walls and ceilings not worn or damaged.
10 Walls and ceilings clean.
11 Wall fixtures, fittings and art dust free and clean.
12 Bathroom door not worn or damaged.
13 Bathroom door and frame clean, free of marks.
14 Light fixtures, fittings dust free and clean.
15 Light fixtures and lamps not worn or damaged
16 No burned out light bulbs observed.
17 Countertops not worn or damaged.
18 Countertops clean and dry.
19 Sink not worn or damaged, all fixtures operate smoothly.
20 Sink thoroughly clean.
21 Mirrors not worn or damaged.
22 Mirrors clean and dry.
23 Toilet not worn or damaged, all fixtures operate smoothly.
24 Toilet thoroughly clean.
25 Paper supplies neat and adequately stocked.
26 Trash receptacle clean.
27 Soaps neatly and adequately stocked.
28 Cleaning equipments and materials are kept out of view.
29 Air fresh, odour free and exhaust on.
30 Temperature comfortable.
31 Staff speaks clearly.
32 Staff offers assistance or automatically provided.
33 Staff behaviour is not hectic or chaotic.
34 Staff does not engage in distracting personal chat or horseplay.
35 Staff does not keep hands in pockets, folded arms or slouching posture.
36 Staff does not eat, drink, smoke or chew gum.
37 Staff neatly groomed.
38 Staff uniform or attire is clean, well pressed.
39 Staff uniform or attire is in good condition.
1 Time and order placement to transaction completion does not exceed 2 minutes.
2 Staff can helpfully discuss details of items displayed.
3 Staff tries to up sell other products
4 Staff repeats the order.
5 Staff returns the correct change.
6 Staff specifically thanks guest.
7 Verbal price quote is accurate.
8 Staff makes eye contact.
9 Staff smiles or makes pleasant expression.
10 Staff speaks clearly.
11 Staff behaviour is not hectic or chaotic.
12 Staff does not eat, drink, smoke or chew gum.
13 Staff does not engage in distracting personal chat or horseplay.
14 Staff does not keep hands in pockets, folded arms or slouching posture.
15 Staff neatly groomed.
16 Staff uniform or attire is clean, well pressed.
17 Staff uniform or attire is in good condition.
18 Staff offers alternatives where needed
19 Counters or tables thoroughly clean.
20 Counters or tables not worn or damaged.
21 No burned out light bulbs observed.
22 Light fixtures and lamps clean, dust free.
23 Light fixtures and lamps not worn or damaged.
24 Floors not worn or damaged.
25 Floor free of debris.
26 Floor free of stain and soil.
27 Walls and ceilings not worn or damaged.
28 Walls and ceilings clean.
29 Temperature comfortable.
30 Food & beverage portions are consistent and adequate.
31 Foods & beverages have fresh colour and texture.
32 Foods & beverages have good flavour.
33 Foods & beverages match menu description or special request.
34 Foods attractively arranged or displayed.
35 Display racks not less than two thirds empty.
36 Equipment, if observed, clean and well maintained.
37 All items as per menu available.
38 Staff makes recommendations.
39 Displays and art clean and well maintained.
40 Displays and art attractive and appealing.
41 Environment seems secure and comfortable.
42 No excessive noise or odours from kitchen or service areas
43 Sound system in use.
44 Hot items served hot : cold items served cold.
45 Appropriate condiments provided automatically or stocked in self serve area.
46 Sufficient wastebins provided and clearly visible
47 Wastebins clean and have liners and covers.
48 Minimum required POS are manned and operational.
49 Merchandise signage and menu boards lit up, working and visible.
1 POPs visible/easily located
2 POPs correct and complete.
3 Talkers/posters/shelf stickers neat and in good condition.
4 Item costs of promotions well displayed.
5 Promotion items stock available.
6 Cashier hands over free/ promo stock (where applicable).
11. Check List
1 Staff at the box office attempts to sell food coupons.NA
2 Mention the place and person who collected the ticket counterfoil.
3 No of POS counters at the concessions.
4 No of POS counters at the box office.
5 Time taken to reach the counter for ordering food at concessions.
6 What items have you eaten?
7 What is the cost per ticket?
Name of the movie:
Cost of Tickets: