It’s basically impossible for internal audit teams to plan for market disruptions, last minute regulatory changes, and unexpected cybersecurity or data privacy threats. So how can these departments operate in today’s dynamic business environments while continuing to provide timely assurance and valuable insights? The answer is not found in the traditional annual audit planning approach—it just doesn’t provide the flexibility needed and might even result in decreased audit value.
Yet despite this, many audit departments still develop inflexible long-term plans that can’t easily pivot if (and when) the need arises. To really add significant organizational value and be that trusted partner for management, internal audit needs to evolve, and agile techniques can help.
Many organizations are adopting an agile approach because it can reduce audit costs and time to completion, while improving overall quality. The major benefits to taking an agile approach to auditing versus a traditional approach include increased communication, iterative planning, increased flexibility, the ability to respond to emerging business needs, and more empowerment in individual roles.
If this sound like something you could use on your audit team, read on as we explore the agile approach, methodologies, and how it all applies to audit.
Agile originated in software development
Originally a software development methodology, agile was developed in 2001 by a group of thought leaders, who at the time saw an industry that was unable to adapt to the quick pace of market and technology change. After years of development, products were being completed and delivered—but they no longer met customer needs. Agile aimed to address this challenge, reduce risks, costs, and incorporate feedback for an iterative approach to software development.
One of the main advantages of creating and adopting the agile approach for software teams was that it facilitated rapid feedback on scope and direction while the software was being developed—not after it was complete. These insights could then be incorporated during development phases, and as its name implies, allowed teams to be agile in responding to changing needs or scope. This was in direct comparison to the “waterfall” approach, a method where teams completed one step, fully, in sequence, before moving on to the next.
Since then, agile has been adopted and implemented by many industries and business functions unrelated to software development/technology.
The differences between agile and traditional auditing
The main difference between agile auditing and traditional auditing is that there isn’t rigid, single-phase planning. Instead, flexible, iterative planning on an ongoing basis in “sprints” (short bursts of planning, work, and increased collaboration) form the process. In addition, it focuses on continuous communication and collaboration, both among the audit team and with stakeholders.
In traditional audit, the planning, fieldwork, review, and reporting stages may take up to eight weeks or more, but with agile auditing, these three phases are completed in shorter-timeframe sprints. Every two to three weeks—or depending on the length of the sprint—the audit team reviews and adjusts priorities, tasks, and goals. This helps the team identify any major issues as they arise, instead of waiting until the completion of, for example, an eight-week-long audit project.
Benefits of agile auditing
Enhanced internal audit planning. Agile auditing is designed to be flexible and iterative. This means that rather than rigid internal audit plans, there’s a continually-updated backlog of audits and projects, prioritized based on risks and company needs that can be undertaken once resources are available. Communication is more frequent and informal, and reporting is more common through ongoing dashboards and updates, rather than formal full audit reports.
Allows audit to respond to changing business needs. No audit team has enough resources to do everything, but agile auditing allows you to reassess and shift resources as priorities change. Audit teams become more responsive rather than strictly adhering to much longer and more resource-intensive plans.
Empowered internal audit teams. Rather than a hierarchy of established roles, agile auditing involves flat, but empowered roles. This means the team can decide to continue with a project or change directions based on insights obtained during the sprints. These decisions can be made at lower levels because senior people have established parameters and guidelines during planning.
Accelerated delivery cycles. Working in sprints, auditors are checking in and tweaking their work every two to three weeks, not waiting until the end of the cycle. This means planning, fieldwork, and review cycles are delivered more quickly and results and insights obtained more rapidly.
Risk-specific insights and increased value. By streamlining the work and documentation, agile helps focus internal audit’s attention on the insights, risks, and opportunities that stakeholders need. It also allows internal audit to be more adaptive and helps the team deliver the value that the C-suite and executives now demand.
Common agile methodologies
Agile is an approach that contains multiple project management methodologies. The methodology you choose will depend on the unique needs of your team, your priorities, approaches, and organizational objectives. Two of the most common methodologies, popularized in software development, are Scrum and Kanban. Here’s a quick overview of each.
The Scrum methodology involves small cross-functional teams working on audit projects for short periods of time. Progress of audit tasks is tracked using the following categories: backlog, to do, in progress, and done tasks. The Scrum team is self-governing and determines the tasks to be completed within each sprint. They determine and plan the audit activities and deliverables that will be the focus of each sprint. There are many more elements to the Scrum methodology that can be applied to audit, and you can read more on the methodology.
Kanban is similar in approach to Scrum, tracking to do, in progress, and done activities, but it limits them by the number of “work in progress” activities (the number is defined by the team manager and cannot be exceeded). There are four fundamental Kanban principles:
Where to next?
We’ve just scratched the surface. There’s much more to learn about agile auditing, how to implement it, and how to adapt it for your unique needs. To learn more, watch the webinar below or stay tuned for future blog posts.
Agile Auditing: How Internal Audit Teams Can Keep Pace With Change
In this 60-minute webinar, we use a real-world example from a Global 1000 manufacturing company, and discuss:
- what agile methodology is
- how to transition to agile
- the role of technology
- how to get started.