Financial Services Internal Audit – Planning Priorities 2021

Why adopt Agile now, what’s new? 

Agile Internal Audit (IA) has been successful in helping functions adapt to, and navigate complexity in a continuingly volatile, uncertain and ambiguous environment.  An agile approach allows the function to appropriately plan by regularly re-assessing and focussing on stakeholder needs, accelerate audit cycles, drive timely insights and reduce wasted effort – in this sense it has the power to transform how we think and work, and ultimately, the impact that IA can have on an organisation.  Over recent months, functions who have implemented Agile IA have noted that they have been able to quickly, and sustainably rise to the current challenges. 

The feedback and benefits seen when functions adopt Agile IA include:

• Better impact, quality, performance and decision making as agile teams are used to re-prioritising work based on new and emerging risks and ensuring a collaborative understanding of value and what really matters;
• Faster team delivery, reporting, response to changing risks, and closure of control issues through the use of audit sprint cycles and more stable teams;
• Happier stakeholders and teams due to greater transparency, team empowerment and more sustainable ways of working; and
• Safer and more receptive environments for the delivery of other changes aimed at driving continuous improvement in IA – for example, the use and embedding of analytics, digitisation of IA processes, resourcing, planning, reporting, leadership structures and behaviours.

What does Agile Internal Audit really mean?

Agile IA is a way of working based on iterative development where audit requirements and solutions evolve through collaborative, self-organising teams who are focussed on delivering the most important business value and continual improvement; ultimately creating better, faster, happier and more resilient functions.

How can agile help Internal Audit functions navigate both current and future challenges? 

The risk landscape is volatile and dynamic
IA needs to be prepared to respond to a continually changing and complex risk environment.  At its core, Agile IA is a way of approaching work and audit planning based on iterative risk assessment and value to be delivered, being focussed on collaboratively agreed greatest risks to an organisation.  

Organisations are stretched
With competing priorities, IA must find better ways to engage management.  Using Deloitte’s Agile IA framework during audit planning, IA collaborate early and listen to feedback from key stakeholders to understand new or elevated risks in order to assess how to best support through provision of targeted assurance on the areas of greatest risk, with use of an Audit Canvas providing a powerful tool to identify areas of value for all stakeholders.  

Importantly, adopting an agile approach does not necessitate greater time commitment from stakeholders.  Focussed Agile IA events facilitate regular (but less intensive) interactions with stakeholders with communications designed around the things that really matter.  Therefore in our experience stakeholders are very enthusiastic about agile audit approaches due to the fact they have increased involvement and engagement with the process, as well as reduced time to value benefit.

Speed of insight is critical
IA must provide timely quality insight to stakeholders before the landscape changes.

Agile audits are typically delivered in sprints of one to two weeks, with scope and tasks prioritised by value.  Agile IA teams have adopted the discipline of frequent, targeted communications, both within the team and with stakeholders.  A daily Stand Up event has proven to be very useful at identifying and resolving ‘blockers’ (potential delays) to progress and Sprint Review meetings at the end of each sprint create a setting for early feedback to audit stakeholders and course correction, allowing teams to hone in on what really matters and assess the value of further work.

A sprint Point of View (POV) communicates valuable insights to key stakeholders much sooner and more regularly than traditional, often long and time consuming reporting phases.  Given the regular POV reporting and agreement with stakeholders on issues as the audit progresses, audit reporting becomes smoother and more efficient.  In addition, as a result of improved collaboration with stakeholders, teams that make use of agile principles have reported improved stakeholder engagement and therefore better responsiveness, resulting in the business taking action to close audit issues sooner, and therefore more quickly strengthening the control environment of the organisation.

Remote working raises new challenges for team motivation and support
It is vital that IA leaders ensure that teams stay connected in an increasingly remote working environment.  Regular team communication, such as the use of daily stand ups during sprint delivery and team sprint retrospectives, promotes closer working relationships and enables rapid identification and solution of challenges that might otherwise stifle progress, as well as encouraging a culture of continuous improvement.  

Agile’s focus on stable teams also creates psychological safety and trust; producing resilient, self-organising teams who feel more connected and accountable to each other.  They are used to working without being managed and function well in ambiguity, which is particularly important when remote working can lead to challenges in maintaining productivity and team wellbeing.  Use of Kanban boards (a workflow visualisation tool) allows teams to self-manage their workflow as the team (and stakeholders) can see work in progress.  It also enables transparency of workload between team members, helping to identify instances where team members may require support and thereby fostering a more collaborative team working environment.  

Those functions who have embraced Agile have reported significant improvements in people engagement, wellbeing and morale.

Increasing demands on Internal Audit to innovate in order to provide greater and more timely value
In 2020, stakeholder needs in response to the COVID-19 situation presented IA with new opportunities to add more value around assurance, improve the advice they provided and increase their anticipation of risk.  Many functions are considering where they need to make changes to their approaches and operating models to enable them to thrive in 2021 and beyond.

Functions who have implemented Agile IA to support audit delivery are seeing how Agile ways of working equip them with the mindset and the mechanism to deliver broader functional change.  Large scale transformations can seem daunting, particularly in the context of multiple competing priorities.  Applying Agile at a functional level enables the safe and efficient delivery of change by helping IA prioritise initiatives by value, deliver them over short sprint cycles and iterate and learn through continuous improvement. 
 

What next?

Communication and collaboration are key to delivering value to stakeholders, with flexibility in response to evolving business needs an absolute must for IA.  Agile IA is a way of working that has a built-in ability to pivot to rapidly changing circumstances, with strong communication and collaboration protocols established within the team as well as with leadership and key stakeholders.  In 2021 functions should continue to focus on improving ways of working at all levels of their operations to help them elevate their delivery of assurance, insight and value.
 

Other Resources

Becoming Agile: Elevate Internal Audit Performance and Value

Building Resilience in Internal Audit