Internal Audit (IA) is in a race to transform and innovate to ensure that they continue to stay relevant and deliver the value and assurance required, back to management, boards, and audit committees. Changes in the business and risk environments have prompted the need to identify process improvement opportunities and minimize any possible surprises.
The rapid changes in the regulatory, technology and business environment (e.g. Intelligent Automation) and the introduction of new regulations globally (e.g. The EU General Data Protection Regulation (GDPR)) have had a significant impact on organizations. Over the past few years, the internal audit function has had to maintain a balance between providing advisory/consulting services along with their traditional assurance and compliance role.
Internal audit is now being asked to do a lot more. Executives, board members, shareholders, and regulators ask questions and demand more strategic focus from their internal audit functions. Boards and audit committees are looking for their internal audit functions to become more forward looking and help anticipate risks. More organizations realize the need to revitalize their internal audit function – focusing far beyond their traditional role.
To be able to take on these challenges, internal audit needs to be able to adapt and deliver at a faster pace, while maintaining their standards and quality. As an organization continues to change and evolve, so does the level of maturity and complexity of the areas of focus, and hence, driving the need for internal audit functions to become more nimble/ agile in what they do and acknowledging the need for more specialized resources to deliver value on those projects.
For example, traditionally, audit planning and scoping is finalized far in advance of the commencement of the audit itself. This leaves little room for any changes in the scope of an audit as a result of changes in conditions that might have come up in the time between audit planning and the fieldwork. Further, any insights that might be gleaned during the audit itself, which could have a significant impact on the outcome of the audit, would not be appropriately factored into the scope. There is a need for more flexibility to be built into this process. This is where internal audit can learn from the transition to Agile in the field of software development.
Software development has evolved from the formal waterfall model, which has predefined steps and long iterations, to less formal, but very often more efficient, models. These more efficient models are usually collectively referred to as Agile. In the waterfall model, proportionally more effort is put into design and specification documentation. In Agile models, design and specification documentation are kept to the bare minimum required and the major part of documentation is created at the operations and support levels (e.g. user manuals), which occur much later in the system life cycle.
The term "Agile" often refers to software development and emphasizes individuals and interactions over processes and tools, working software over comprehensive documentation, customer collaboration over contract negotiation, and responding to change over following a plan.
Internal audit departments could benefit from an Agile approach. In particular, the planning and execution of audits can benefit greatly from Agile IA. Our Agile Internal Audit (Agile IA) methodology applies concepts from Agile to internal audit activities.
Please download the PDF to learn more about some of the main advantages of this approach and our methodology.