Operational innovation. Business resilience. Operational disruption, possibly resulting from third-party management issues like suppliers’ solvency, compliance, service/product quality and even suppliers’ behavior (if your enterprise happens to be subject to the UK Bribery Act or similar legislation). These are just a few of the challenges that enterprises face. As the function responsible for providing objective, independent and risk-based assurance, audit groups are rethinking whether traditional audit approaches are the most effective in this current business environment where resilience is expected despite the challenges presented by innovation and disruption.
Understandably, these entity-wide challenges have led internal audit groups to adopt a more dynamic approach to risk assessment – assessing risk more frequently and continuously. As audit groups have revisited risk assessment methodology, they have also looked at how they perform audits and how they report audit results. Enter agile auditing and auditors’ hopes that this twist on the traditional audit approach will help them keep pace with continuous changes.
Agile auditing leverages several of the practices used in traditional auditing and enhances them. For example, communication throughout fieldwork is a longstanding best practice in traditional auditing. Essentially, auditors are encouraged to share information with groups being audited as soon as there is information to share. In agile auditing, this continuous communication is also encouraged. However, the communication can be characterized as more of a dialogue than the informative, even potentially monologic, communication that may be seen in the traditional audit approach.
Other benefits of agile auditing include:
- Streamlined audit engagements—Combining the planning, fieldwork and reporting phases into a single cohesive engagement avoids the execution of disparate engagement phases with long lead times.
- Flexible audit scope—As new information is provided to or discovered by auditors, Agile facilitates real-time audit scope adjustments. Auditors should continue to obtain audit management approval as potential scope adjustments are discovered and be prepared to adjust testing focus as new information is discovered or provided by audit customers.
- Frequent audit plan updates—The increased velocity of engagements produced by Agile IT audits provides an opportunity for the audit backlog and annual plan to be revisited.
These benefits are, without question, ones that both auditors and groups being audited can value. But the benefits are not achieved without some challenges. For example, adjustments in testing focus may very well result in a more relevant audit. These adjustments may, however, require more time from those providing documentation or participating in audit interviews. In this and other cases where agile auditing is used, auditors should socialize the correlation between any additional time being requested and the benefit that will be achieved.
So, is agile auditing a sure thing that can enable auditors’ abilities to keep pace with the fast and continually changing business environment? If auditors consider potential challenges associated with the benefits of agile auditing and remain vigilant in identifying other ways to improve the audit process, the answer is yes. Agile auditing is a great tool to keep pace with the rapid, ongoing changes associated with the current business environment. Like in tennis, though, keeping an eye on where the ball will be, rather than where it is, will help auditors look to the future and be prepared to adopt additional approaches that meet the needs of the future business landscape.
Editor’s note: For additional insights on this topic, download ISACA’s Destination: Agile Auditing free resource.
