“Two-thirds of the Earth’s surface is covered with water. The other third is covered with auditors from headquarters.” – Norman Ralph Augustine
Sarcasm is also an intent in mentioning the above quote and at the same time, it is to showcase the wide presence of auditors in today’s corporate world who are primarily responsible for ensuring ‘everything essential’ to drive the business. Auditors ensure compliance with standards and are essential to different businesses and their aspects to ensure the deployment of best practices by organizations.
A typical audit approach implies – Planning, On-the-field work, Reporting & Follow-up.
Agile auditing would be – Continuous planning, Continuous on-the-field work, Continuous Reporting & Continuous Follow-ups.
Everything continuous will create the traits of just enough planning, continuous retrospective to know ways of improvement, failing faster, and above all, moving away from a reactive approach to a responsive mindset.
We will attempt to answer the following frequently asked questions on agile auditing in this blog:
- What is agile auditing?
- How to design an agile audit methodology for your organization?
- What are agile auditing techniques?
- How to do agile audit planning?
- What does agile audit mean?
- How relevant is agile in the audit process?
- What are some examples of agile auditing?
What is agile auditing?
Agile auditing is the term used to describe the usage of agility in auditing which implies the change in the current ways of conduct in today’s continuously changing work environment which leads to rapidly shifting business needs, evolving technology, expanding competitor’s base, complexity of compliance & security aspects and also gig-economy.
The software industry benefited from known approaches like Scrum & Kanban as they helped them imbibe the practices that let them fail faster by shortening the feedback loop and doing things incrementally which in turn helped them validate their current practices & then make a decision to either persevere, pivot or decommission.
The nature of the current and future business environment necessitates designing a focused agile audit methodology which will help auditors in embracing evolving risks and fulfilling their tasks of reviewing the current state and forecasting the strengths and weaknesses of the targeted area of audit. Agile audits can be spread across industries and can also be categorized as internal and external, across various focus areas like financial, tax, operational, compliance, IT systems, etc.
What is agile auditing used for?
Agile auditing methodology could benefit in resolving various changes that we see developing over time in how business environments are evolving worldwide. We are capturing some of the changes below:
- Reactive vs Responsive mindset: It has been experienced that during an audit the target group is under stress as they will be scrutinized by auditors who will be dwelling on data that could be many months old which is not easy to fetch or can be justified with proper reasoning. Also, it leads to the manipulation of data and hiding of information which is not right for the higher purpose which is ‘improvement’.
- Serving over Policing approach: Auditors can partner with their target groups and help them with suggestions and course corrections continuously instead of submitting their one-off full and final report which could lead to embarrassment and cause sourness in the system.
- Being relevant over prescriptive approach: In this continuously evolving world, the tools and practices applied are changing and this also requires a new pair of lenses to audit. The idea is to adhere to standards that could be achieved in many ways and shouldn’t be limited to a way that auditors only know. Both auditors and their target group can brainstorm and identify the best tools and practices that can still give a chance to innovate without compromising the sanctity of excellence and standards.
- Being immersive rather than detached: Auditors should collaborate with a target group with the intention of common shared goals as it is not the case at many places today. The POCs at target groups often find it difficult to adjust to changes in their constraints of scope, cost, time, etc which is important for business continuity and auditors must guide them to find ways to marry both constraints and excellence.
Agile auditing examples
The classic example could be reviews of project management, software development, data privacy, and security. This all could be termed as an ‘IT Audit’. There are several kinds of IT audits, each with different focuses and goals. Some of these include security audits, compliance audits, operational audits, IT governance audits, and software development audits. The specific type of audit conducted will depend on the needs of the organization being examined. Organizations may choose to conduct IT audits for a variety of reasons, including the following:
- To ensure that information systems are being used effectively and efficiently.
- To detect potential security vulnerabilities.
- To identify compliance risks.
- To assess the impact of new technology initiatives.
- To evaluate the effectiveness of IT governance processes.
To make all the above forms contextual, the following agile auditing techniques or agile audit methodology needs to be practiced:
- Clearly defined goals and objectives of the audit should be translated into incremental goals that can be achieved through back-to-back iterations of size 2-3 weeks called sprints
- The emphasis should be on identifying the high value & high-risk impact so that those could be quickly identified and addressed instead of following the one-off approach and then segregating in the order of priority
- The collaboration should be transparent and hence a Kanban board is a must-have to pursue the backlog of items and know their status. Everyone should collaborate using the same board. Even the reports should be automated to track progress
- Frequent connects should be encouraged between all stakeholders and using the scrum framework will make it happen in short, continuous, quicker intervals
To assess the implementation of new technological vulnerabilities, we should form a team of Auditors specialized in Infosec & Data Privacy, Tech Architects & Engineers.
Together they all should understand the potential risks and then evaluate all the aspects that they need to check through iterations so that it will help them in quickly identifying the vulnerabilities, if any, to discontinue the tool or if there are no vulnerabilities then procure and start implementing it.
How to Make Your Audit Process Agile?
Your agile audit methodology will be led by your context, business scenario, organizational culture, team structure, and business goals. However, below is a broad agile audit approach for implementing agile in your auditing process:
- Assessing the current approach to conducting the auditing
-
-
- This will help us identify the purpose, areas of improvement, current strengths, people involved, recurrences, current experience, and recommendations and help you refine your agile audit approach
- This will help us identify the purpose, areas of improvement, current strengths, people involved, recurrences, current experience, and recommendations and help you refine your agile audit approach
-
- Getting trained on agile fundamentals
-
-
- It is not easy to break the status quo. Hence, all the auditors should first understand how the frameworks like scrum and kanban work and what is the pursuit of agility
- It is not easy to break the status quo. Hence, all the auditors should first understand how the frameworks like scrum and kanban work and what is the pursuit of agility
-
- Agile Coaching for handhold interventions
-
- A seasoned consultant should partner with auditors and help them set up the mechanics to practice and implement agile practices in their purview and handle challenges and build consensus
- The handholding interventions include:
- Short-term planning over long-term planning
- Visualize the work and optimize the flow
- Regular connect within the team & also external stakeholders
- Frequent client collaboration
● Agility Health Check & Performance measurement
- Based on an agreed benchmark of improvement, we should validate the impact of agile in the auditing approach and identify ways to improve further
● Scaling
- It is important to scale agility and not limit it to a few aspects. We should look at opportunities to connect all the work to the overall business agility and value to customers as it will bring alignment and rigor to work together
The Benefits of Agile Auditing
The following are the key benefits of agile auditing methodology:
● Quicker turnaround time from stakeholders
- Bringing all people as a part of one Scrum team and tracking it in small iterations will help in faster response time and quicker identification of concerns and fast resolutions
● More alignment with the target group that lead to the success of the audit
- Tracking work over common Kanban board which are aligned to key objectives will bring alignment that will help in identifying and resolving issues
● Cultural change – Common shared goals over divisive mindset
- Auditing should have a serving attitude over policing and it’s not just the attitude but how it is perceived by others. Hence, changing the ways of work will bring a mindset shift towards shared accountability
● Openness in communication
- Many times it has been observed that communication happens through mails or announcements and even when the meeting happens then it is more like ‘this is not right’ or ‘this is missing’. Here the expectations and norms will be clearly set as a part of one team.
● Faster identification of risks
- The goal is to draft the audit plan which can be further extended to evolve and fulfill the goals. Hence, identifying the potential risks will always be the top priority to achieve the end goal which could be addressed in earlier sprints itself.
Common Challenges in Agile Auditing
While agile auditing will be beneficial multiple times than the current ways of working, it will also come with challenges:
- Challenging the status quo: Auditing has primarily been an activity that once it has been set only gets repeated periodically. When we bring agility into it then it needs to concur with the ongoing changing dynamics which may need to be understood first by auditors and should be addressed by training and coaching. The pursuit is to move away from the right long-term plan and move towards flexible short-term goals to fulfill long-term objectives.
- Very sequential procedures: Auditing is a step-by-step approach and agility will demand reevaluating the previous steps based on the continuous feedback loop.
- Gap in understanding & communication between auditors & target groups: Due to the current setup of auditing processes, a lot of effort and openness will be required to bring alignment and consensus on ways of working as teams often safeguard their own interests. You will have to very sensitively weave processes in your agile audit methodology which can circumvent this resistance and mindset and motivate teams to think with a common shared vision.
- One-off presentation of findings: The biggest hurdle would be moving away from the ‘presenting of final findings’ approach to continuously presenting the findings, assessing the gaps, evaluating solutions, and on-the-fly solving them.
How to Measure the Success of an Agile Audit?
Auditing always happens in terms of the benchmark that is set ahead as standards and the whole purpose is to check adherence to the standards and publish the gaps. The key metrics still won’t change but could be pursued differently. The success criteria would be amplified further.
Agility would expect the following success criteria –
- Improved communication, collaboration, and trust leading to faster identification of risks
- Increased teamwork and accountability leading to faster response time
- Responsiveness to changing dynamics leading to making meaningful initiatives
Are consulting companies helping businesses to do agile audits?
Yes. With the world moving towards rapid change, which we denote as the VUCA environment, the way we do anything needs to be questioned and repurposed. Benzne Consulting as an agile implementation consulting company has extensive experience in implementing agile transformation journeys in IT as well as non-IT environments due to evolving demands of organizations to embrace change and having a growth mindset.
We have implemented agility across business functions that are non-software focused like sales, HR, marketing, BPM, and manufacturing, and will be glad to help you in designing and implementing a business value-driven agile auditing methodology.
Conclusion
Agile auditing is absolutely needed as the start-up culture is so growth-focused that they later face penalties or shut down shops due to non-compliance and lack of adherence towards standards, which auditors bring along with them. Agile Audits will help such new-age clients to be more structured and at the same time, help established companies that are struggling to scale further. consult@benzne.com if you need to discuss contextualizing, designing, and implementing agile transformation in your organization.Check more about Benzne Agile transformation roadmap leadership consulting.
Frequently Asked Questions
1. What is an agility audit?
Agility in auditing is simply the usage of agile ways of working in the auditing process which implies adopting agile principles like short-term planning over long-term planning, Visualizing the work and optimizing the flow, regular connect within the team & also external stakeholders, frequent client collaboration and many other such practices to negotiate rapidly changing business environment in a VUCA world.
2. What is the difference between traditional auditing and agile auditing?
A typical audit approach follows the following steps – Planning, On-the-field work, Reporting & Follow-up.
Agile auditing focuses on continuous planning, Continuous on-the-field work, Continuous Reporting & Continuous Follow-ups.
3. What is an example of an agile internal audit?
The classic example of an agile internal audit could be reviews of project management, software development, data privacy, and security. This all could be termed as an ‘IT Audit’. There are several kinds of IT audits, each with different focuses and goals. Some of these include security audits, compliance audits, operational audits, IT governance audits, and software development audits.
Check agile auditing techniques in the agile auditing examples section to get some idea on agile internal audit methodology.
4. What is the difference between agile and waterfall audit?
- Big Upfront Planning vs Just Enough Continuous Planning
- On-the-field work vs continuous on-the-field work
- Reporting vs Continuous reporting with collaboration
- Follow-up vs continuous follow-ups and stakes in improvement
5. What is a sprint in an agile audit?
While following agile audit methodology, clearly defined goals and objectives of the audit are usually translated into incremental goals that can be achieved through back-to-back iterations of size 2-3 weeks called sprints. The emphasis in the sprint should be to achieve that incremental goal, get feedback, and improve further in the next iteration.
Scale Agile across your enterprise with expert transformation services. Improve collaboration, delivery, and innovation at all levels.