Agile Internal Auditing

Agile working practices were originally developed as an efficient and effective way of iterating in software development.  Agile principles value individuals and interactions over processes and tools, working software over comprehensive documentation, customer collaboration over contract negotiation and responding to change over following a plan.  Agile emphasizes an iterative structure that provides flexibility, efficiency, and increased transparency. In practice, this means rapid planning and task prioritization, weekly ‘sprints’ for goal setting, daily ‘scrum’ meetings to check on progress and regular periods to reflect on what has been achieved and to plan the next stage of activity.   

This process can also be applied to auditing, where there is a growing imperative for organizations to adopt more fluid ways of working between functions and operational silos.  For auditors, the challenge is to learn how to audit in an agile environment, understand the ‘agile’ language and its implications on audit methodology.   

What is Agile Auditing?

Agile auditing defines a shorter path to more insightful results with on-going one-to-two-week “sprints” where stakeholders are engaged earlier and more frequently. The main difference between agile auditing and traditional auditing is the lack of rigid, single-phase planning. Where traditional auditing focuses on detailed planning far in advance of the audit, agile auditing adopts a more flexible, iterative process by focusing on shorter “sprints” of planning, work, and collaboration.  Agile auditing also focuses on continuous communication and collaboration within the audit team and with audit stakeholders.  Agile auditing is also much more efficient in the time taken to plan, conduct fieldwork, review, and report results.  

Why Adopt Agile Internal Auditing 

Refined planning 

Agile internal auditing is flexible and iterative.  This means that instead of rigid planning for audits, the audit process is continually updated based on priorities that can be actioned when resources are available.  This allows for more frequent communication of results through dashboards and updates instead of a single, formal report at the end of an audit. 

Rapid adaptation to changing circumstances 

Agile auditing allows organizations to continually reassess their priorities and focus resources as priorities change.  After each “sprint” cycle, the audit team reviews and adjusts priorities and tasks.  This allows the team to identify issues as they arise instead of at the end of a lengthy audit process. Additionally, Agile Auditing delivers real-time assurance of compliance instead of assurance for a point-in-time only. 

Empowered audit teams

Where traditional audit teams have a fixed hierarchy of positions and responsibilities, agile auditing adopts a flat team structure. This empowers each member of the team to change direction to focus on priorities during each “sprint” period.  An agile approach helps auditors reduce low value work and achieve efficiencies by focusing on higher value priorities. Less experienced members of audit teams have greater involvement and more opportunity to gain experience and demonstrate competency. Audit teams stay together during audits which is more efficient and effective than continually moving people into different teams.

Accelerated and more flexible delivery

With an agile approach, auditors report results at the end of each “sprint” period, instead of at the end of the audit.  This allows for much more rapid planning, fieldwork, and reporting than traditional auditing.  

Increased value and insights 

By streamlining the audit process, agile auditing helps focus attention on insights, risks and opportunities that are the priority for stakeholders. Agile allows auditors to better adapt to the various requirements of managers. 

Improved stakeholder experience 

Agile auditing leads to a better experience for stakeholders as assurance of compliance is provided earlier in the audit process. There are additional opportunities to reduce misunderstandings throughout the process. 

Conducting Agile Audits

There are several methods that organizations can use to facilitate agile auditing: 

Audit profile canvas: An audit profile canvas is a short planning document that is produced by the audit team and key stakeholders.  It articulates the high-level goals and principles of the audit. The profile canvas helps to keep auditors focused on the overarching goals of the process in a format that is easily understood.

Scrum & User stories: A user story is the basic unit of work representing some value to the audit, or the requirements for the audit. A user story should have enough detail to enable the project team to make planning decisions by capturing the key elements “who,” “what,” and “why” in a simple and concise way. 

scrum agile internal auditing board

Kanban board: Kanban is a simple and effective visual method to monitor progress of internal audit activities.  It includes specific activities to be performed, activities in process and activities that have been completed.  Kanban provides an end-to-end view of an audit or sprint cycle, which helps audit teams focus and prioritize activities.   

kanban - agile internal auditing board

Specialized software: audit specific tools or governance, risk, and compliance (GRC) platforms that integrate with information security management systems and other controls, to streamline auditing processes.  Most tools can integrate with existing systems and monitor controls from a single, centralized platform and produce invaluable reports on critical areas.   

Many teams have implemented agile auditing for its flexible and iterative approach. Agile internal auditing shortens the path to more insightful results by adopting reoccurring “sprints” instead of rigid, single-phase planning. These methods have shown to improve efficiency of planning, rapid response to changing priorities, empowered audit teams and increased value and insights.