Two people looking at tablet

Seven Steps to Becoming an Agile Internal Audit Shop

Seven Steps to Becoming an Agile Internal Audit Shop

Synopsis
8 Minute Read

Business environments have never been as dynamic as they are today. Internal auditors need to be nimble and responsive to keep up with shifting risk scenarios and continue to drive value for their organizations.

Insight
Enterprise Risk

Business environments have never been as dynamic as they are today. Internal auditors need to be nimble and responsive to keep up with shifting risk scenarios and continue to drive value for their organizations. That’s where agile auditing comes in.

Internal auditors work to identify, assess and respond to risk — those presenting opportunities and those which could be detrimental to the health of the organization. The agile audit process keeps your finger on the pulse of your organization so you can quickly adapt to change. It is iterative, allowing you to continually revisit and reprioritize your audit plan due to changes in risks or the emergence of new ones.

While the concept of agile audit is not new, it’s often seen as an all or nothing approach and too disruptive to fully adopt. Yet it is the innate flexibility of agile auditing that allows internal auditors to adopt its practices bit by bit, rather than all at once.

Seven Steps to Becoming an Agile Internal Audit Shop

Business environments have never been as dynamic as they are today. Internal auditors need to be nimble and responsive to keep up with shifting risk scenarios and continue to drive value for their organizations. That’s where agile auditing comes in.

Internal auditors work to identify, assess and respond to risk ¬— those presenting opportunities and those which could be detrimental to the health of the organization. The agile audit process keeps your finger on the pulse of your organization so you can quickly adapt to change. It is iterative, allowing you to continually revisit and reprioritize your audit plan due to changes in risks or the emergence of new ones.

While the concept of agile audit is not new, it’s often seen as an all or nothing approach and too disruptive to fully adopt. Yet it is the innate flexibility of agile auditing that allows internal auditors to adopt its practices bit by bit, rather than all at once.

Choose According to Need

Gradually transitioning to an agile auditing methodology can help to manage the change and secure buy-in from organizational leaders and managers. A phased approach gives you the flexibility to focus on what works and adapt or eliminate what doesn’t.

1. Start out small

Adopt agile concepts that will have the most impact for your organization or internal audit function. For example, a key element of an agile audit is reducing the internal audit planning timeline. Focus on a six-month or one-year time horizon so your audit plan and is flexible to adapt to emerging and changing risks. Alternatively, increase the frequency of communication throughout the audit to deliver value-driven results in real time. That way management can quickly action recommendations as the audit is underway with reporting becoming more streamlined.

2. Get the board onboard

Executive and board support is critical to the success of agile audit implementation. Transparency and collaboration among all parties is necessary to fine-tune the process to the organization’s evolving needs. Discuss what you would like agile audit to accomplish with executives and audit committee members — also, how it will unfold and the changes to expect in report formats and content. Share the new approach with whomever you are auditing and explain how it will improve the process. Seek their feedback upfront, both to understand concerns and opportunities and to enhance the process and ease implementation.

3. Simplify the list

Typically, an audit commences with identifying and assessing all the risks within the audit you need to consider and the traditional audit program is designed to complete a thorough assessment of each. Distill them to the most significant risks, working with management to focus on those risks that truly matter.

Leverage your audit results to focus on key issues, opportunities and areas of most concern. Stop auditing where your initial assessment identifies little to no value. The key is understanding insights from the audit. Abandon work that is not driving value and quickly shift to areas of greater risk and reward.

4. Tighten your timelines

Many organizations have two-to-three-year timelines for their internal audit plans. Change that to a one-year window and meet with your team on a biweekly basis. This will allow you to evaluate the status of your work, revisit risks and control objectives and make sure you are focusing audit efforts in the right areas. By regularly aligning audit efforts with organizational needs, you’ll see better risk-based decision making and more efficient resource planning.

5. Optimize your report writing

Agile auditing will provide real-time insights that you can use to customize the report format (i.e. length and content) to stakeholder needs. A concise report which is delivered in real time and covers critical factors will allow you to respond quickly and with more impact than a “perfect” report issued long after the work has been completed.

6. Collaborate and communicate

Agile audits are risk driven, so it is critical to secure agreement up front with your organization’s board, audit / risk committee and management on what those key exposures are.

Think about what will drive value-added audit results and address the risk areas of greatest concern for your client(s). Outline your audit objectives, scope and risk areas to collaborate on with your stakeholders:

  •   Define key milestones (i.e. sprints)
  •   Determine the frequency and nature of audit status reporting and progress updates (e.g. weekly or biweekly meetings)
  •   Readily assess how well risk areas are being managed and the sufficiency of control testing in order to direct resources where needed.
  •   If you discover unexpected layers of risk, use the agile process to pivot from scheduled, but less critical programs when the need arises.

7. Scrum

Part of the agile audit process includes scrums — fixed-schedule stand up meetings with the team and / or management to review a project’s progress or lack thereof. Benefits include:

  • Reduced business environment-related risk: Flexibility to add or modify requirements throughout the project to res pond to business threats or opportunities
  • Reduced risk related to expectations: Frequent opportunities to secure feedback and set clear expectations with project stakeholders
  • Reduced project overruns: The audit team delivering the project owns and estimates audit completion in sprints driving reduced timelines with enhanced value.
  • Reduced non-detection risk: Transparency means risks are more likely to be detected and communicated early, leading to better response and mitigation
  • Reduced investment risk: Scrums enable the audit team to deliver frequent, pragmatic insights in a timely manner.

Who Benefits

Agile audits are suited to all organizations, big or small, public or private. For smaller, resource constrained companies, agile audit can an entity’s competitiveness by enabling the audit team to rapidly switch gears and focus on changing risk exposures — while following best practices. Agile processes will also drive value for large organizations with considerable resources dedicated to by augmenting resources and making them more efficient and focused.

Keep it Simple

the end of the day, what’s most important is driving efficiency and reporting timely, appropriate audit results that drive effective decision making in conformance to professional standards. Agile approaches can be implemented in increments, building concepts over time to drive effective change management and garner organizational buy-in.

journey could take one year or several. Leverage your lessons learned and always remember change does not need to be to drive value for your organization.

more information, contact Mariesa Carbone, National Leader, Enterprise Risk Services, at 780.453.5377 or [email protected], Geoff Rodrigues, National Leader, Internal Audit Services, at 416.596.1711 or [email protected]

Insights

  • Performance

    March 28, 2024

    2023 year-end tax considerations

    We review important legislative changes in 2023-24 and what you need to consider to manage your personal and corporate income tax liability before the end of 2023.

  • Progress

    March 28, 2024

    New Trust Reporting Rules – Are You Ready?

    Find out more about proposed new federal trust reporting rules which would increase disclosure requirements, and what you can do to prepare for them.

  • Confidence

    March 28, 2024

    Bare trusts: Many Ontario farmers expected to have new tax filing requirements

    The end of 2023 brings a new tax filing burden for farmers with regards to bare trusts. Learn how this new legislation with have a significant impact.