Select Page

An overview of agile auditing

Galvanize

Galvanize

Agile approaches originated in software development, but have proven helpful for audit departments in more than one way.

It’s basically impossible for internal audit teams to predict market disruptions, last-minute regulatory changes, and unexpected cybersecurity or data privacy threats. So how can these departments operate in today’s dynamic business environments while continuing to provide timely assurance and valuable insights? The answer is definitely not found in the traditional annual audit planning approach—it just doesn’t provide the necessary flexibility.

To really add significant organizational value and be that trusted, strategic business partner, internal audit needs to evolve, and agile techniques can help.

Adopting an agile approach can reduce audit costs and save time, while also improving overall audit quality. Other major benefits of taking an agile approach to auditing include increased communication, iterative planning, increased flexibility, the ability to respond to emerging business needs, and more empowerment in individual roles.

Agile originated in software development

Agile methodology was developed in 2001 by a group of thought leaders, who saw that the software industry was unable to adapt to the quick pace of market and technology change. After years of development, products were being completed and delivered—but they no longer met customer needs. Agile aimed to address this challenge, reduce risks, costs, and incorporate feedback for an iterative approach to software development.

The main advantage of the agile approach was that it helped software teams get rapid feedback on scope and direction while the software was still being developed—not after it was already complete. Insights could immediately be incorporated during ongoing development phases. This was in direct comparison to the “waterfall” approach, a method where teams completed one step, fully, in sequence, before moving on to the next.

Since then, agile has been adopted and implemented by many industries and business functions unrelated to software development/technology.

The differences between agile and traditional auditing

The main difference between agile auditing and traditional auditing is that there isn’t rigid, single-phase planning. Instead, the process is based on flexible, iterative planning on an ongoing basis in “sprints” (short bursts of planning, work, and increased collaboration). In addition, it focuses on continuous communication and collaboration, both among the audit team and with stakeholders. In traditional audit, the planning, fieldwork, review, and reporting stages may take up to eight weeks or more, but with agile auditing, these three phases are completed in much shorter time frames.

Benefits of agile auditing

Enhanced internal audit planning

Agile auditing is designed to be flexible and iterative. This means that rather than rigid internal audit plans, there’s a continually updated backlog of audits and projects, prioritized based on risks and company needs that can be undertaken once resources are available. Communication is more frequent and informal, and reporting is more common through ongoing dashboards and updates, rather than formal full audit reports.

More rapid responses to changing business needs

Agile auditing allows you to reassess and shift resources as priorities change. Every two to three weeks (or depending on the length of the sprint) the audit team reviews and adjusts priorities, tasks, and goals. This helps the team identify any major issues as they arise, instead of waiting until the completion of an eight-week-long audit project. Audit teams become more responsive rather than strictly adhering to much longer and more resource-intensive plans.

Empowered internal audit teams

Rather than a hierarchy of established roles, agile auditing involves flat, but empowered roles. This means the team can decide to continue with a project or change directions based on insights obtained during the sprints. These decisions can be made at lower levels because senior people have established parameters and guidelines during planning.

Accelerated delivery cycles

Working in sprints, auditors are checking in and tweaking their work every two to three weeks, not waiting until the end of the cycle. This means planning, fieldwork, and review cycles are delivered more quickly, and results and insights obtained more rapidly.

Increased value and risk-specific insights.

By streamlining the work and documentation, agile helps focus internal audit’s attention on the insights, risks, and opportunities that stakeholders need. It also allows internal audit to be more adaptive and helps the team deliver the value that the C-suite and executives now demand.

Common agile methodologies

Agile is an approach that contains multiple project management methodologies. The methodology you choose will depend on the unique needs of your team, your priorities, approaches, and organizational objectives. Two of the most common methodologies, popularized in software development, are Scrum and Kanban. Here’s a quick overview of each.

Scrum

The Scrum methodology involves small cross-functional teams working on audit projects for short periods of time. Progress of audit tasks is tracked using the following categories: backlog, to do, in progress, and done tasks. The Scrum team is self-governing and determines the tasks to be completed within each sprint. They determine and plan the audit activities and deliverables that will be the focus of each sprint. There are many more elements to the Scrum methodology that can be applied to audit, and you can read more on the methodology.

Kanban

Kanban is similar in approach to Scrum, tracking to do, in progress, and done activities, but it limits them by the number of “work in progress” activities (the number is defined by the team manager and cannot be exceeded). There are four fundamental Kanban principles:

  1. Visualize the work (common strategies are Post-it notes and/or a whiteboard, or project planning software) to increase communication and collaboration.
  2. Limit work in progress (this ensures that the team’s capacity isn’t surpassed, and tasks remain prioritized).
  3. Measure and optimize the flow, collect metrics, predict future problems.
  4. Continuously improve.

Learn more about Kanban.

For a more in depth exploration of agile auditing and where the field is heading next, download the eBook below.

eBook

Death of the Tick Mark

This eBook highlights:

  • How internal auditors can become sought-after by efficiently spending their time on what matters
  • Where audit and audit technology are headed… what this means for you and how you can get ahead of the curve
  • Real-life rockstar auditor stories that will make you realize you’re either the one creating automation… or you’re the one who’s being automated

Download eBook

Related Articles

Find us in Gartner MQ for IT Risk Management

Gartner names Galvanize (formerly ACL and Rsam)* a Leader in the 2019 Magic Quadrant for IT Risk Management

Learn what you should be looking for when selecting an ITRM solution.

Download the report