In 2001 a group of software developers came together to find a better way of working; they were frustrated that their hard work often delivered something that was no longer fit for purpose, too late to be of use, different to what the end user was expecting…sound familiar? Internal audit can be equally frustrating. Well it’s time to limber up, they developed AGILE and it could be just what you need too.
This guide explains the principles of 'agile' and shows how its relevant to internal audit. We also provide insight from audit functions that are using the approach via three case studies.
How does software development relate to auditing?
Agile is defined by the Oxford dictionary as ‘able to think and understand quickly’ and ‘relating to or denoting a method of project management, used especially for software development, that is characterized by the division of tasks into short phases of work and frequent reassessment and adaptation of plans’.
In the project world, the traditional methodology for many years was waterfall. A linear process where one phase follows on from the next, skills are mainly silo based and nothing of real use is delivered until the end – think of building a house.
This is how the developers were working; an approach not dissimilar to that of an internal auditor. Auditors customarily develop a plan, follow it and have copious quality review points before sharing findings with clients. The problem is that while the waterfall is taking effect, the environment is often in a state of flux around it; the strategic priorities of the organisation, the risks, the people involved…the very elements that influenced the original requirements/scope.
The agile approach they developed is an iterative process that delivers incremental outputs with regular renewal of analysis and planning.
The agile approach…
We keep moving forward, opening new doors, and doing new things, because we’re curious and curiosity keeps leading us down new paths.
– Walt Disney
Agile auditing: reinventing internal auditing – a presentation given at Internal Audit 2017 by Ralph Daals, RSA