Agile internal auditing: RSA case study

We spoke to Ralph Daals, Group Chief Auditor at RSA.

RSA Internal Audit did not take a traditional approach to transformation – there were no project plans, champions or documents detailing the changes it would make. They didn’t have deep pockets for consultants – constraint was a key driver of innovation. They began by identifying and learning from cutting-edge companies regardless of industry and function. This led them to work towards an agile culture and function.

The team consists of more than 60 people in key cities across three regions: UK, Ireland and the Middle East; Canada; and Scandinavia. “Agile for us is about being dynamic and flexible. It is about our ability to anticipate, respond and continuously improve. Both to meet our stakeholders’ needs and the evolving world,” says Ralph Daals, group chief auditor at RSA. “Agility should be embedded in the mind-set, culture and values of the team; processes and methodologies then follow naturally. It’s about having a team that can continuously improve. That does not mean to say everything is perfect, but it’s about how we adapt and respond to these challenges to get better.”

This meant breaking down silos and eliminating traditional reporting structures and hierarchies to create a collaborative, interconnected team that draws on the skills and experience of the entire function. Inspired by Spotify’s agile culture, RSA turned their structures on its head, to centre around “squads” – self-sufficient groups of up to six people selected for their suitability for the audit or task, regardless of location or level. A squad is responsible for an audit or project and has significant autonomy over how they organise themselves and how to best deliver an outcome. Squads typically change once outcomes are achieved; the structure can vary, but the following gives a view of how it…