Get up to speed on the fundamentals of agile auditing and key benefits in the first of a series of articles on agile by AuditBoard’s Aaron Wright.

With business conditions rapidly transforming and increasing in complexity, internal auditors are struggling to adapt their audit plans and workprograms to keep pace. As auditors, our primary task is to add value to the business by providing assurance over governance, risk, and controls, but it’s impossible to do so effectively if we can’t pivot our focus as needed.

Adopting agile principles into one’s audit practice is a trend sweeping across the internal audit world, yet many auditors are unsure where to get started. A recent AuditBoard poll of over 1,000 internal auditors found that 82% say agile auditing has the potential to add more value to their work compared to the traditional project approach — although 45% reported a lack of knowledge or resources as the most significant obstacle to adopting agile.

For those new to agile, I’ll define the agile auditing fundamentals, key benefits, and how agile methodology enables auditors to adapt quickly to new information and changing conditions.

What Is Agile — and What Is Agile Auditing? 

Agile is a term that’s used to describe a set of principles and methodologies that were initially formed for use in software development, and popularized by the Agile Manifesto for Software Development in 2001. This included four values below and 12 principles that focus on delivering value. The values shown here recognize that while all elements are needed, those in bold should take precedence over those italicized.

  1. Individuals and interactions over processes and tools.
  2. Working software over comprehensive documentation.
  3. Customer collaboration over contract negotiation.
  4. Responding to change over following a plan.

Agile allows project teams to focus on delivering value, and acknowledges that the traditional “heavy” project management methodologies (namely, Waterfall) follow a linear process that often slows teams down. “Agile” in and of itself is not a process framework, but rather a general term describing a collection of “light” project management frameworks — Scrum and Kanban being the most popular.

Since their inception to common knowledge as a result of the manifesto nearly two decades ago, agile methodologies have been adopted in virtually every business sector, including auditing. As auditors, we love nothing more than processes and comprehensive documentation — and while adopting agile ways of working may cause a bit of panic initially, it can provide numerous benefits.

Benefits of Agile Auditing 

Agile auditing helps teams put together results more speedily — without being siloed into one particular team or process — and ensures better stakeholder communication and collaboration. Key benefits include:

  • Less time spent on planning the audit: This could mean shaving a one or two-month-long planning phase down to a week or a few days.
  • Combining all planning, fieldwork, and reporting elements: Agile’s short, time-boxed iterations of work (commonly referred to as ‘sprints’) enable audit teams to incorporate these project phases together, eliminating disparity from one phase to the next.
  • Increased customer interaction: Agile sprints facilitate weekly or even daily customer interaction and engagement. The traditional Waterfall approach makes communication with stakeholders more limited and infrequent.
  • Changing audit focus and updating scope: Agile allows internal audit an opportunity to update the audit scope or even modify the audit’s focus altogether based on newly available information — with appropriate levels of approval, of course.
  • Sharing findings and starting remediation: Through increased customer interaction, final audit report results and findings are shared with stakeholders as they emerge — instead of waiting for the end of the audit closing meeting.
  • Abbreviating the audit plan: This means putting the emphasis on the quarter rather than on the year — and homing in on what’s coming up in the next three months as compared to the next nine to 12 months.

Top 4 Common Challenges that Agile Auditing Can Solve

The successful implementation of agile ways of working can help solve solving many common audit challenges, including:

  1. Developing a valuable and relevant audit plan: Unless your audit plan consists entirely of routine compliance or checklist-based activities, your audit plans presented to the Audit Committee at the start and end of the year may not align. Agile helps internal audit adjust to business conditions as they arise.
  2. Updating audit scope and effectively using resources: Agile provides the ability to update the audit scope as needed. By constantly reevaluating audit scope and priorities, internal audit maximizes resource use. 
  3. Increasing teaming and interaction with customers: Agile empowers your audit client and enables stakeholders to provide relevant feedback and collaborate during testing. By strengthening collaboration, agile helps identify stakeholder issues during the fieldwork — meaning auditees will have already started working on remediation by the final report phase. 
  4. Improving work delivery: Interactive collaboration allows for a larger body of work (known as an Epic) to be broken down into smaller easily digestible ‘user stories’ with three components — an actor, action, and outcome. As teams work iteratively to complete smaller tasks, they are in more frequent communication — and faster communication means faster issue resolution.

Agile is rapidly becoming an essential methodology for audit teams. By improving time requirements and strengthening stakeholder interaction, collaboration, and engagement, it helps internal audit solve common challenges. The key to gaining these benefits is a successful implementation, which I will explore in the next article in this agile auditing series. 


Learn how AuditBoard’s integrated suite of easy-to-use audit, SOX, risk management, and compliance solutions can empower your team.


Aaron Wright
About the author: Aaron Wright is a Director of Audit Solutions at AuditBoard. Before joining AuditBoard, Aaron was an Internal IT Audit Advisor at Cardinal Health, where he managed a risk-based audit plan and led internal audit projects focused on infrastructure, cybersecurity, and applications.