The Financial Services (FinServ) sector constantly changes with expanding organizational risk profiles, tighter regulations, and rising stakeholder expectations, creating a demanding assurance landscape for internal audit teams. Adding to the challenge, traditional internal audit processes and outdated technology limit real-time visibility into risks and stifle flexibility needed to address changes.
To meet these challenges, many internal audit teams are implementing elements of agile auditing as a proven, effective approach that provides the necessary flexibility. This article will examine several difficulties faced by financial services audit teams and describe how they can use agile auditing to overcome those challenges.
Challenge 1: Keeping Pace with a Changing Regulatory Environment
In an evolving regulatory environment, the risk of noncompliance necessitates a continuous audit approach to maintain compliance while reducing business disruption. Keeping up with regulatory change impacts retail community banks complying with the FDIC Improvement Act (FDICIA), bank holding companies complying with the Comprehensive Capital Analysis and Review (CCAR) and Dodd-Frank Stress Testing (DFAST), and securities broker-dealers reporting to the Financial Industry Regulatory Authority (FINRA). Traditional audit methods lock in audit plans a year in advance, making it cumbersome to pivot when new or updated regulations are passed.
Staying current in a rapidly changing regulatory landscape requires a different approach. Internal auditors who adopt an agile mindset assume that changes are inevitable, and the resulting audit plan embraces the dynamic nature of regulatory change. With an agile audit approach, audit teams stay current on changes to all risks impacting their organization, including regulatory risk. They revisit their risk assessment more frequently to incorporate new and changing regulations. The audit plan is then updated based on the current view of the regulatory environment.
Challenge 2: Using a Restrictive Audit Process Methodology
Conventional audit processes and methodology may not allow rapid iterations to keep up with the dynamic risk and regulatory environment. Traditional audit methodologies in Financial Services are based on a 1-3 year audit cycle that focuses on entity coverage. Success is then measured based on audit plan completion. The traditional approach limits the audit team’s ability to react to changes mid-cycle. Even changing the audit plan is subjected to audit committee review, which leads to more delay.
Many financial audit teams adopt an agile mindset to keep pace with changes through a shorter audit lifecycle. By reducing the audit lifecycle to a quarter, the team can build and execute the audit plan based on current information without seeking approval for changes. An agile audit team is empowered to make decisions in real-time to ensure the audit plan captures emerging and escalating risks.
Challenge 3: Relying on Dated Tools and Technology
Another challenge internal auditors must overcome is the use of dated or homegrown audit tools and technology. These tools and technology were designed for a traditional audit life cycle with annual audit plans that generally remain unchanged for the year. Internally developed or traditional audit software often lacks the flexibility to support agile auditing. The software may force you to choose between risk-based and coverage-based audits, even though these likely occur simultaneously, especially in agile auditing. These tools and technology also are limited in their capabilities and not conducive to integrating with organization’s sophisticated ecosystems.
To overcome this challenge, audit leaders must know the available technology and how the solutions vary. Agility also includes the ability to pivot to more effective technology when it becomes available, so audit teams should include a technology maturity plan in their department’s strategy. The maturity plan anticipates the need for technological advancement in audit solutions, analytical tools, process automation, and other supporting systems and integrations.
Planning the Way Forward
Internal auditors in Financial Services organizations should create a departmental plan that addresses all three challenges with agile auditing. First, adopt an agile mindset that embraces change, allowing auditors to react to the most urgent risks without the restrictions of the traditional audit model. Get auditees and stakeholders more involved upfront and keep them apprised of issues or deficiencies during fieldwork instead of waiting until the reporting phase. Next, apply an agile audit approach to respond to the changing risk landscape before your team falls behind. Finally, implement the right technology that enables the flexibility to perform projects in agile or traditional methodologies.
Audit departments are shifting to agile auditing and embracing the flexibility of an agile mindset faster than ever. Internal auditors in financial services who have already moved to agile audit are more aligned to key business risks and able to pivot in reaction to emerging risk trends and new regulations. To learn more about transitioning from traditional to agile audit, download AuditBoard’s ebook, Conquering Heightened Risk Exposure in Financial Services: 7 Steps to Transform With Agile.
Scott Madenburg, CIA, CISA, CRMA, is Market Advisor, SOX & Internal Audit at AuditBoard. Prior to AuditBoard, Scott was Head of Audit at Mobilitie LLC, with nearly two decades experience in operational, IT, and financial auditing, as well as SOX compliance. Connect with Scott on LinkedIn.
Mike Rissmiller is an Enterprise Account Executive at AuditBoard working with our financial services clients. A former Federal Reserve analyst and examiner, Mike started off his career focusing on bank capital and liquidity reporting before transitioning to industry audit as an Audit Manager for State Street Corporation. Connect with Mike on LinkedIn.