Audit process overview:- Goal: ensure experiment metrics are accurate, timely, and free from duplicates, missing events, ordering errors, sudden shifts, or leakage into metrics.- Stakeholders: Product Manager (owner of metric definitions & business impact), Analytics/Experimentation Lead (owner of audit cadence & dashboards), Data Engineering (fixes instrumentation/pipeline bugs), Engineering (fixes client/server event code), QA (validates fixes).Audit steps:1. Define canonical event spec & golden SQL metric (single source of truth).2. Daily automated checks (alerts); weekly manual deep-dive; monthly steward review.3. Incident workflow: alert → analytics triage → assign to Data Eng/Engineering → fix → verify → postmortem.Sample test queries (SQL pseudocode):- Missing events: count by day vs expected userssql
SELECT day, COUNT(*) AS events
FROM events
WHERE event_name='signup'
GROUP BY day
ORDER BY day DESC;
- Duplicate events (same user, event_id, timestamp):sql
SELECT event_id, COUNT(*) c
FROM events
GROUP BY event_id
HAVING c > 1;
- Out-of-order timestamps (client_ts > server_ts or non-monotonic per user):sql
SELECT user_id, MIN(server_ts - client_ts) AS min_diff
FROM events
WHERE server_ts < client_ts
GROUP BY user_id;
- Sudden change detection (day-over-day % change):sql
WITH daily AS (SELECT day, COUNT(*) cnt FROM events WHERE name='purchase' GROUP BY day)
SELECT day, cnt, LAG(cnt) OVER (ORDER BY day) prev, (cnt - prev)/NULLIF(prev,0) pct_change FROM daily;
- Metric leakage (conversion events occurring before exposure or in control group):sql
SELECT e.user_id
FROM events e
LEFT JOIN exposures x ON e.user_id = x.user_id AND x.experiment='expA'
WHERE e.name='conversion' AND x.exposure_ts IS NULL;
Monitoring alerts & thresholds:- Missing events: alert if event count drops >30% vs 7-day rolling mean.- Duplicates: alert if duplicate rate >0.5% of total events or >1000 duplicates/day.- Out-of-order timestamps: alert if >1% events have client_ts > server_ts or negative skew >5s median.- Sudden changes: alert if day-over-day change >50% or statistical anomaly (z-score >4).- Metric leakage: alert if >0 conversions without exposure per 10k users or any conversions in control cohort.Include alert channels (PagerDuty for critical, Slack + email for warnings) and contextual payload (query results, sample user_ids, recent deploys).Ownership & remediation:- Analytics triage (within 1 hour for critical alerts): confirm noise vs real issue, annotate dashboard.- Data Engineering: fix ETL or dedup logic within SLA (24–72 hours depending severity).- Engineering (client/backend): fix instrumentation or SDK bug within sprint (typically 1–2 weeks) with hotfix option for production-impacting issues.- PM: communicate product/business impact to stakeholders, prioritize fixes in roadmap if recurring.Cadence:- Continuous automated (daily) checks.- Weekly audit meeting: review alerts, triage false positives, review high-risk metrics.- Monthly steward review: validate metric definitions, ownership, and runbook updates.- Quarterly retrospective: review incidents, refine thresholds and instrumentation standards.Key governance items:- Maintain metric catalog with definition, SQL, owner, alert thresholds, and runbook.- Require every experiment to reference a canonical metric ID from the catalog.- Automate verification in CI for instrumentation changes (unit tests, event-schema validation).