Pointless auditing 😵

A while ago at work I fixed some things and released to prod. As usual, this involved tickets, code reviews, pull requests, test evidence, change request approvals, post implementation checks, and I've probably missed a few things off that list. It's a bit tedious but normal. Time passed and I now remember very little about it, but there's lots of audit trail.

Today at 4:20pm I was asked to supply some evidence for an audit of the change request, and could I do so by 4:30, please. I was puzzled. The audit ticket is in the same ticketing system, so the change number automagically links to the ticket, which in turn links to the other information. What more do you need?

Turns out I had to provide screenshots of pull request approval pages (not links) and the screenshot must be the whole screen so that it shows the date and time on the clock in the corner.

WTF? A link to the source control server page where someone said my change was OK - that's checkable and hard for me to fake. If I give you a screenshot, it's a piece of cake for me to fake it, including the date and time. Are the auditors are too stupid to see this, or do they think I am?

I beat the system. I didn't supply the screenshots until 4:35.