Limited functionality available
Explore the latest Financial Services Internal Audit (IA) suggested areas of focus for 2021: www.deloitte.co.uk/planningpriorities2021
Organisations continue to face unprecedented times of change, risk and operational disruption as the impact of COVID-19 continues. Business responses to the pandemic and its associated economic impact have accelerated and accentuated an existing need for Internal Audit to be able to pivot and respond at pace to ever more complex and dynamic risk environments.
Whilst many functions showed impressive speed and flexibility during the initial months of the pandemic, this was often through an ‘all hands on deck’ period of, at times, quite stressful and labour intensive working. As Internal Audit looks to 2021 and beyond, functions should take the opportunity to challenge whether their current ways of working are sufficiently resilient to respond sustainably and with appropriate impact to future stakeholder needs.
Agile Internal Audit (IA) has been successful in helping functions adapt to, and navigate complexity in a continuingly volatile, uncertain and ambiguous environment. An agile approach allows the function to appropriately plan by regularly re-assessing and focussing on stakeholder needs, accelerate audit cycles, drive timely insights and reduce wasted effort – in this sense it has the power to transform how we think and work, and ultimately, the impact that IA can have on an organisation. Over recent months, functions who have implemented Agile IA have noted that they have been able to quickly, and sustainably rise to the current challenges.
The feedback and benefits seen when functions adopt Agile IA include:
Agile IA is a way of working based on iterative development where audit requirements and solutions evolve through collaborative, self-organising teams who are focussed on delivering the most important business value and continual improvement; ultimately creating better, faster, happier and more resilient functions.
The risk landscape is volatile and dynamic
IA needs to be prepared to respond to a continually changing and complex risk environment. At its core, Agile IA is a way of approaching work and audit planning based on iterative risk assessment and value to be delivered, being focussed on collaboratively agreed greatest risks to an organisation.
Organisations are stretched
With competing priorities, IA must find better ways to engage management. Using Deloitte’s Agile IA framework during audit planning, IA collaborate early and listen to feedback from key stakeholders to understand new or elevated risks in order to assess how to best support through provision of targeted assurance on the areas of greatest risk, with use of an Audit Canvas providing a powerful tool to identify areas of value for all stakeholders.
Importantly, adopting an agile approach does not necessitate greater time commitment from stakeholders. Focussed Agile IA events facilitate regular (but less intensive) interactions with stakeholders with communications designed around the things that really matter. Therefore in our experience stakeholders are very enthusiastic about agile audit approaches due to the fact they have increased involvement and engagement with the process, as well as reduced time to value benefit.
Speed of insight is critical
IA must provide timely quality insight to stakeholders before the landscape changes.
Agile audits are typically delivered in sprints of one to two weeks, with scope and tasks prioritised by value. Agile IA teams have adopted the discipline of frequent, targeted communications, both within the team and with stakeholders. A daily Stand Up event has proven to be very useful at identifying and resolving ‘blockers’ (potential delays) to progress and Sprint Review meetings at the end of each sprint create a setting for early feedback to audit stakeholders and course correction, allowing teams to hone in on what really matters and assess the value of further work.
A sprint Point of View (POV) communicates valuable insights to key stakeholders much sooner and more regularly than traditional, often long and time consuming reporting phases. Given the regular POV reporting and agreement with stakeholders on issues as the audit progresses, audit reporting becomes smoother and more efficient. In addition, as a result of improved collaboration with stakeholders, teams that make use of agile principles have reported improved stakeholder engagement and therefore better responsiveness, resulting in the business taking action to close audit issues sooner, and therefore more quickly strengthening the control environment of the organisation.
Remote working raises new challenges for team motivation and support
It is vital that IA leaders ensure that teams stay connected in an increasingly remote working environment. Regular team communication, such as the use of daily stand ups during sprint delivery and team sprint retrospectives, promotes closer working relationships and enables rapid identification and solution of challenges that might otherwise stifle progress, as well as encouraging a culture of continuous improvement.
Agile’s focus on stable teams also creates psychological safety and trust; producing resilient, self-organising teams who feel more connected and accountable to each other. They are used to working without being managed and function well in ambiguity, which is particularly important when remote working can lead to challenges in maintaining productivity and team wellbeing. Use of Kanban boards (a workflow visualisation tool) allows teams to self-manage their workflow as the team (and stakeholders) can see work in progress. It also enables transparency of workload between team members, helping to identify instances where team members may require support and thereby fostering a more collaborative team working environment.
Those functions who have embraced Agile have reported significant improvements in people engagement, wellbeing and morale.
Increasing demands on Internal Audit to innovate in order to provide greater and more timely value
In 2020, stakeholder needs in response to the COVID-19 situation presented IA with new opportunities to add more value around assurance, improve the advice they provided and increase their anticipation of risk. Many functions are considering where they need to make changes to their approaches and operating models to enable them to thrive in 2021 and beyond.
Functions who have implemented Agile IA to support audit delivery are seeing how Agile ways of working equip them with the mindset and the mechanism to deliver broader functional change. Large scale transformations can seem daunting, particularly in the context of multiple competing priorities. Applying Agile at a functional level enables the safe and efficient delivery of change by helping IA prioritise initiatives by value, deliver them over short sprint cycles and iterate and learn through continuous improvement.
Communication and collaboration are key to delivering value to stakeholders, with flexibility in response to evolving business needs an absolute must for IA. Agile IA is a way of working that has a built-in ability to pivot to rapidly changing circumstances, with strong communication and collaboration protocols established within the team as well as with leadership and key stakeholders. In 2021 functions should continue to focus on improving ways of working at all levels of their operations to help them elevate their delivery of assurance, insight and value.
Owen is a Director in Deloitte’s Financial Services Internal Audit practice with 17 years’ experience of providing assurance and advisory services to organisations across the financial services and corporate sectors. Owen has a particular focus on internal audit innovation and transformation and over recent years has worked closely with functions adopting agile ways of working. He also leads a number of co-sourced and out-sourced assignments across the UK with a particular focus on retail banking and wealth management organisations.
Hayley is a Senior Manager within our Financial Services Internal Audit practice with over 14 years experience. Hayley leads on providing outsourced and co-sourced internal audit arrangements as well as controls advisory services to financial services organisations across the North. Hayley is also a core member of the firm’s national Agile internal audit working group, providing technical training on Agile internal audit approaches.