Over the span of our finance careers, we've mostly heard about Internal Audit and Statutory Audit, but there's a relatively new way to audit that's gaining traction called Agile Auditing, so let's learn everything about it.
The term “Agile” can be described as something that is able to move quickly and easily. Further Agility can be defined as mindset and a framework that involves thinking, planning and working differently to deliver results in a timely frequent fashion to help the business mitigate risk faster.
Agile Auditing can be described as process improvement efforts employed by internal audit functions to achieve a more nimble, less wasteful internal auditing process by using agile software development methodologies and an associated mindset shift to achieve more value and agility from the internal auditing process.
When we look at our traditional waterfall approach (traditional internal auditing process) the focus is on improving the process and mitigating the risk by moving from one stage to the other like planning the audit first, then going for fieldwork, review and finally reporting whereas if we talk about Agile Auditing there is no particular requirement to complete one phase at time, here the process is based on flexible, iterative planning on an ongoing basis in “sprints” (short bursts of planning, work, and increased collaboration) and in addition, it focuses on continuous communication and collaboration, both among the audit team and with stakeholders.
The whole process of Agile Auditing can be divided into 3 stages as follows:
Planning: The planning stage begins with discussing about the areas that need be audited in this cycle and refining the list along with the stakeholders as to which area to audit first in terms of priority.
Sprints: All the areas to be audited are divided among teams within the internal audit team and performed in “Sprints”. Each sprint has a planning, fieldwork and review cycle which is completed for each area that has been divided among the team members and takes approximately 1-2 weeks to accomplish which helps to find out risks in each area in a short span of time as well as discussing these identified risks with the stakeholders. After ending one sprint cycle preparation for next sprint cycle is done.
Reporting: Once all the Sprints are completed a closing meeting of team members of internal audit team is conducted collating all the facts from each sprint in one final audit report and same is discussed again with the stakeholders, incorporating their feedback and comments and agreed actions in the report.
There are certain weaknesses in traditional approach which are mitigated by the agile approach as follows:
The Process is rigid: The waterfall approach is rigid that is when one phase is completed then only the next phase can be started that is it is inflexible whereas agile approach is more flexible.
Clients are not engaged often enough: There are times where work is being carried on by audit team in isolation whereas in case of agile auditing client interaction is very active to enhance timeliness of risk response.
Timeliness of insights: Audit results are not shared until audit observations are made whereas in case of agile approach a concurrent feedback and insights are shared so that clients can begin to formulate risk responses immediately.
Disagreement between audit team and audit client: Ineffective and/or infrequent communication with the audit client during the audit process may lead to disagreements about audit observations whereas agile auditing involves continuous interaction with client which leads to no disagreements.
Ideally the term agile is often used as a testing technique while software development or a framework which involves continuous integration between development and testing. The same can be applied to auditing as well by using software and tools thus the two methodologies are listed below:
Scrum: Scrum is a method of developing audit projects by working in cross-functional teams for short periods of time. Audit tasks are categorized as backlog, to do, in process, and done tasks. The Scrum team is self-governing and determines the project schedule to be completed within each sprint.
Kanban: The Kanban approach is similar to Scrum in that it tracks to do, in progress, and done activities, but it limits them by how many "work in progress" activities are permitted (the number is defined by the team manager and cannot be exceeded).
In a nutshell Agile Auditing if implemented correctly will help overcome all of the shortfalls of the traditional approach by involving greater involvement of the stakeholders, flexibility and engagement at each and every stage. It can be a deceptively challenging method to implement, but if it is the right fit, internal audit functions should not be discouraged from pursuing it.