w w w. r a m a . c o . i n / w w w. r a m a e r p .

i n

Presentation on
AGILE INTERNAL AUDIT
METHODOLOGIES
By: CA Ram Agarwal January, 2021
Index

Sr. No Topics Covered

1 Agile – Meaning, Concepts and Principles

2 Agile – Internal Audit

3 Components Agile Internal Audit and Methodologies

4 Traditional Waterfall Audit v/s Agile Internal Audit

5 Agile Internal Audit vis-à-vis IAF

6 How Do To Do Agile Audit

7 Case Studies

8 Challenges

2
Agile- Definition

What is Agile?
The term AGILE was originally used in software development in 2001 to describe the flexible nature of software
developed in iterative stages. Today, it is being used in all functions of an organization including the second- and third
line functions.
Agility means the ―ability to move quickly and easily‖. It is also defined as ―the ability to think quickly and in an
intelligent way‖ when it is referenced to the mind-set.

EXAMPLES:

Not Agile
- Train
- Aeroplane

3
Concept
How Agile Concept is applied?
• The agile methodology is a type of project
management method and was mainly developed by
the software development industry to reduce costs,
time and improve quality & delivery.
• It achieves this by breaking a project into several short
incremental and repeatable tasks (known as sprints
that are usually 1-4 weeks in length) and by seeking
the collaboration of all stakeholders and by
conducting daily scrum meetings.
4
• Agile development follows an incremental model,
which develops collaboration within the team and
continuous planning, as well as everlasting evolution
and learning.
• Agile methodologies should respect the software
development cycle – planning, execution and final
delivery – therefore allowing software to be
developed in stages; this makes it easier to identify
and resolve bugs.
Principles

Individuals and Interactions over

processes and tools

The Agile
Responding to change over Working software is more
philosophy is
following a plan important than comprehensive
based on 4
principles
documentation

Customer collaboration over contract

negotiation
5
Agile Internal Audit

Agile Internal Audit is the mindset and method that
an IAF uses to focus on the needs of stakeholders
− Accelerate the audit cycles,
− Providing timely insight
The key features of an Agile Internal Audit
 Other mindset of the auditors
 The approach of the audit is flexible
 The use of day starts (scrum meetings)
 Increased involvement of the auditee

− Increase audit quality and  Less documentation

 Continuous coordination of the product (report)
− Reduce the waste of resources  Applying Agile principles that are relevant

By applying an Agile method, the productivity and added value of the IAF can be increased and the lead time
of an audit can be reduced.
6
Components

Core Components
There are three basic structural components to an Agile audit:

Audit Backlog — Similar to an audit plan, the backlog is
a collection of scoped items (as per stakeholder needs i.e.
AC / Board etc.) that must be reviewed by the audit team.
Unlike an audit plan, scoped items can be removed or
added to the backlog based on perceived risk and value
add of the item.
Rather than focusing on items that were predetermined
during annual audit planning, auditors can address
emerging issues that the stakeholders are currently
experiencing, by using backlogs.
Internal auditors and stakeholders must agree on how an
item in the backlog will be tested, as well as the expected
value from the test, prior to adding the item to the backlog.
Audit Sprints — During the execution of the
audit, the item is unlisted from the audit backlog
and the various scope elements will be divided
into defined auditable subjects, so-called sprints.
A sprint is a time period within which a task
must be completed. Sprints are typically one to
four weeks long, with two weeks being the
average.
Sprints ensure audit teams meet required
deadlines through accelerated delivery cycles.
Scrums — Scrums are short and concise
meetings, typically lasting 15 to 30 minutes,
that are held daily between audit team
members and key business stakeholders.
The meetings cover
1) what was done yesterday,
2) what will be done today,
3) roadblocks to the current sprint and
4) potential issues.

7
Agile Internal Audit- Methodology

Methodology:

1. Active and broader involvement in disruption

2. Being prepared and adaptive

3. Assessing the risk of future disruption

4. Proactive involvement in disruptive events

5. Flexible talent management

6. Flexible planning

7. Meaningful collaboration with other lines of defence

8
IA Methodologies - Waterfall Approach v/s Agile

Waterfall Agile

Requirements

Analysis Build

Design

Construction
Define Release Repeat
Testing

Management

9
Traditional Audit v/s Agile Internal Audit

Traditional Agile

Waterfall Model Scrum Framework

Planning Backlogs

Fieldwork & Review Sprints & Retrospectives

End of Project Reporting Iterative Reporting

10
Traditional Audit v/s Agile Internal Audit
Differentiator Traditional
Independent operating audit teams organized according to the
structure of the organization. These teams are usually fixed and have a
Team hierarchical structure.
The audit teams are managed by senior auditors or audit managers.
Established annual plan and planning for a long period (year or multi-
Planning year plan) which is not, or hardly, updated based on relevant
developments.
Focus on the (waterfall) process of the audit. The audit steps should be
completed before proceeding to the next step and audit.
Approach
Within the audit team itself and with the auditors, there are few interim
coordination moments.
Audit products consist of audits that look at complete processes or
topics with relatively long lead times.
Lead Time The focus here is mainly on providing assurance. An audit must be
carried out according to the planning.
Reporting Fixed written reporting format.
11
Agile
Collaboration between multidisciplinary teams, supplemented with Agile experts per
sprint, so that all the necessary knowledge for the execution of the sprints is available.
These teams are determined per sprint, whereby the division of tasks depends on the
work to be performed (instead of the job level).
Flexible planning with regular (for example quarterly) coordination moments with the
Executive Board or Audit Committee. The risk analysis is carried out more frequently,
resulting in an Agile audit plan.
Focus on the result of the audit. Frequent stand-ups to discuss together what everyone
is doing and whether there are requests for help.
There is a lot of iterative contact, and more coordination moments with the auditee.
The audits, including the sprints, generally have a shorter lead time. If the objective of
the audit is achieved earlier, the result will be immediately reported.
Additionally, if the audit no longer provides any added value, the audit is stopped more
quickly.
In addition to full-scope audits, the IAF has other audit products, such as quick scans.
There is a flexible form of reporting in which at least objectives and scope of the audit,
conclusions, recommendations and action plans are reported.
Benefits of Agile Internal Audit

There are many benefits of applying Agile to internal audits which may include:

Higher- quality insights Increased client satisfaction Enhanced internal audit Empowered internal audit
and faster insight planning teams
generation

Faster responses to Less documentation Accelerated delivery cycle Clearer outcome

changing business needs

12
Does Agile Auditing Positively Impact IAF

Aspects Traditional IAF Agile Impact

Aims to provide ongoing advice and insight on a short-cyclical basis,
Mission, vision and IAFs providing retrospective assurance about processes
able to respond more flexibly and swiftly to the changing needs, thus
objectives and objects in the organization.
acts as an advisor and sparring partner to the organization.
Assessed on its productivity, the percentage of the These KPIs shift towards customer satisfaction, the number of
KPIs and
annual audit plan completed or the results of the interaction moments with the auditee and the turnaround time of
performance (external) quality assessment. the audits.

Competencies and At times, it becomes difficult to find the skills &
competent resources to check the new type of risks or
skills areas…
Behavior and Resistance in accepting the audit findings due to lapse of
time, less interactions with auditee and usual behavioral
culture distance being auditor and auditee
Department and Traditional hierarchical structure with the Head of IA,
team composition audit managers and (senior) auditors
13
The audit team is more than ever composed based on the required
competences and experience with Agile for the various sprints and
activities to perform.
Not only requires auditors to learn a different way of working, it also
asks auditors to adjust their mindset. The IA team and the auditee
enter into discussion through transparency in the communication
about the interim (sprint) results.
An Agile IAF has flat organizational structure. The Scrum Master
ensures that the team remains focused, makes progress and meets
the deadlines in an Agile way.
 How Does Agile Audit Works

1. Cross-functional teams — Each sprint team should be equipped with all of the skill sets (IT, compliance, operational, etc.) required to complete the
assigned tasks.
Close collaboration and continuous communication within the sprint team break down traditional silo walls, increasing efficiency and allowing the
team to work with a sharper focus.
This also strengthens relationships and builds trust between internal auditors and their business partners.
2. Continuous integration — Elements of the project from different groups should be pulled together on an ongoing basis to prevent any single
element of the project from becoming a silo. Usually, this concept is associated with larger and more complex audit initiatives or projects.
3. Project information dashboard — Project information dashboards make project information available to the team and stakeholders on a real-time
basis.
They provide transparency to the project scope, status and results, and they facilitate collaboration within the team through information sharing.
Agile principles focus on face-to-face or co-located interaction but have been necessarily augmented with technology, as teams are more frequently
structured in a distributed manner.

14
Performing an Agile Internal Audit

The Agile audit process can be divided into the following three main phases:

Planning and preliminary research

Determine audit object under the responsibility of the Product Owner, based on audit backlog, stakeholder input, and key elements — Planning
and preliminary research to include the relevant aspects in the audit — Pre-defining the added value / purpose of the audit in the Definition of
Ready

Audit execution
Distribution of work to be performed, based on different sprints which have to be performed. Depending on the sprint results
determine what the next steps of the audit are — Stand-ups with auditee to discuss progress and new insights

Completion and evaluation

Formally completing sprint activities and tasks through Audit Product, which is shared with auditee and
stakeholders — Audit Product contains objective, scope, conclusion, recommendations and action plans

15
Case Studies

Industry / Business Process Risks & Challenges How Can be Best Done Thru Agile Audit

 Take small audit sprint of nearest consignments to be received

• Large no. of SKUs to be imported with FCL
FMCG / Retail – Import  Check only specific risks of planning – Container wise CBM planning
• Each SKUs have different CBM
 Audit team and logistic teams having knowledge of CBM / Consignment
Logistic Function • High Lead time in import
plan
• Delay in planning would miss the hit time of goods
 Raise issues of under utilization and planning gaps
 Instead of taking whole Sales Order management cycle, focus on selected
• Risk of supplies more than the credit limits
samples of customers having open SO but credit limits exhausted
Sales Functions • Adhoc credit assessment getting into repetitive practices
 Carry the audit along with SCM team to check on despatch glitches leading
• Possibility of business loss
to loss of sales / delay in supplies
• Customer dissatisfaction due to delay in issue of policies or  Take limited audit sprint and see if there is particular issue (function / team
Insurance – Premium to repetitive request for seeking information / KYC issues) which is leading to iterations
Policy • Cross functional gaps – Marketing team, Underwriter and  Close interactions with process owners will lead to quick audit output to
Operations team departments and possibility to take quick corrective measures
• Increase repayment defaults
• Potentials of higher business opportunities with clients not  Through use of IT applications, detect the trends in sales and cash flows
BFSI / Govt. Sector known at right time  Govt. dept. have adopted Agile way working instead reacting at the end of
• Knowing the early trends of well planned & channelized year
frauds for Regulatory / Govt. watchdog agencies

16
Do’s and Don’ts in Agile Internal Audit
Do‗s
 Continuously take the objective of the audit into account
to determine if the results provide sufficient evidence to
achieve this objective
 Focus on the result: complete a sprint and (re)consider the
next steps (are all steps relevant?)
 Use a flexible schedule: continue with prioritization of
audit areas, problems and risks together with the
stakeholders.
 Provide regular updates on the progress of the audit and
adjust the audit if necessary.
17
Don'ts
r Perform an audit at once on a complete function or
process with all controls in scope
r Focus on the audit process: complete the full test
procedures instead of starting reporting.
r Use a fixed detailed schedule for a long period without
updating it.
r Do not schedule meetings between the IA team and the
auditee to discuss and reconcile progress and adjust as
necessary.
Challenges – Agile Internal Audit
1. Organizational culture change
2. Support from sponsors &
Stakeholders
3. Preventing burnout
4. Correctly apply agile concepts
5. Adhere to time boxes
6. Dedicated Resources
1. Adopting everything — Trying to adopt all aspects of Agile is counter productive and goes against the core principles of Agile
methodologies. When applying Agile, it is best to pick and choose the practices that are most appropriate for that particular
organization. Every organization will be different.
2. Top-down approach — It is similarly counterproductive for audit executives to try to dictate change, from the top down and
all at once. Agile is, at its core, a flexible framework to be explored by teams and applied as circumstances require, in a phased
manner, from the bottom up, to promote innovation and collaboration.
3. Abandoning core internal audit principles — Adopting Agile does not eliminate the need to meet internal audit standards
or regulatory requirements related to providing assurance, quality of execution or reporting.
Rather, implementing Agile components in a manner conducive to internal audit principles allows organizations to realize the
benefits without compromising those principles while enhancing quality and adding value. Defining methodology and intended
outcome on the front end of an audit will help ensure that all of the core internal audit principles are continuously followed.
4. Maintaining coverage — Flexibility within Agile requires increased transparency and ability to track coverage decisions. It
may also require teams to rethink their coverage approach. Special care should be taken to ensure that this does not result in
reduced risk coverage or documentation.
5. Skill sets — This is really focused on how to optimally structure teams so that all necessary skill sets are available on each
team. As mentioned in the discussion of supporting elements above, ensuring that all of the individuals involved in a cross-
functional team have the skill sets necessary to accomplish the team‗s tasks will ensure efficiency and remove traditional silos.
18
At last, why Agile Internal Audit for IAFs?

Focus on continuous
Shorter audit cycles and
prioritization of focus areas and
faster delivery of (sub)
thereby providing relevant
product.
insight.

More interaction between the

audit team and the auditee which
Increased audit quality.
improves the management of
expectations.

19
Thank
You

20