Agility — or the ability to react quickly — is essential to surviving and thriving in today’s competitive landscape. Though agile techniques were originally used in the realm of software development, this concept has many applications in the modern business world, including how companies approach their internal audits. Here’s an overview of agile auditing and why many internal audit teams are jumping on the bandwagon.
Whereas a traditional audit requires extensive planning, fieldwork, and reporting, an agile audit moves at a faster pace. An agile audit also allows the audit team to continually refocus their attention and efforts where they’re needed the most. Agile auditing relies on the following key concepts.
The audit team keeps a backlog of reviewed and approved audit programs. As the environment evolves, the audit team can add, remove, or reprioritize audit programs within the backlog. This dynamic approach ensures that the audit team focuses on the most pressing issues — and minimizes the likelihood that they’ll waste time on an issue from a previous audit plan that’s no longer relevant.
Auditors create user stories that are made up of:
Each story corresponds to a unit of work related to the audit.
The user is the individual responsible for performing critical tasks related to the story. The action is what the user must do to generate a desired outcome. For example, a retailer (the user) wants to process credit card payments from customers online (the action), so they can order online (the outcome).
Creating a story provides the audit team with an understanding of the user’s requirements and the desired outcome.
With a story defined, the audit team can deliver its work in sprints. Each sprint is normally completed in one to four weeks. Sprints may include defined tasks and regular check-ins with stakeholders. A sprint has a planning phase and daily “scrums,” which are short meetings with the audit team and stakeholders. Items on the daily agenda include: