Internal audit is in a state of transformation. In many industries, disruptions are bigger, coming faster and require responses that are quicker and more fluid. In this environment, internal audit must also adapt to be more flexible and agile. According to the Institute of Internal Auditors’ 2018 North American Pulse of Internal Audit, transformation of internal audit is the only acceptable solution. Chief Audit Executives (CAEs) need to lead the response to disruption with innovative strategies and an equally flexible approach supported by the right talent. To address change and disruption, CAEs need to position internal audit to not only be responsive to change, but to serve as an internal catalyst, challenging the status quo and proactively identifying and focusing on emerging risks. The bottom line: internal auditors need to be more agile.
While internal audit provides assurance that an organization operates as management intends, the function can also provide valuable insight for improving risk mitigation, controls, business processes and procedures. Evaluating emerging technologies, analyzing opportunities, assessing quality, economy and efficiency, and providing accurate and timely communication represent a fraction of how internal auditors engage on a daily basis. This comprehensive scope of responsibilities provides internal auditors with a broad perspective throughout an organization. That, in turn, positions internal auditors to serve as a valuable resource to executive management and the board of directors in their mission of accomplishing overall organizational strategy, goals and objectives, in addition to strengthening internal controls and governance.
Using the scrum board below (a well-known tool of Agile), you can track Baker Tilly’s progress in sharing a series of thought pieces on understanding Agile and its use in internal audit. This scrum board helps us to visualize where we are, where we are going, possible impediments to success and practical applications within internal audit.
Agile is relatively new as it relates to internal audit. At its core, Agile is the ability to create and respond to change. It is a way of dealing with, and ultimately succeeding in, an uncertain and turbulent environment. Agile finds its roots in software development. The authors (software practitioners) of the Agile Manifesto chose “Agile” as the concept’s label because the word represented the adaptiveness and responsiveness to change that was essential to their approach.  The software practitioners identified four main values, which became known as the “Manifesto.” 
We are uncovering better ways of developing software by doing it and helping others do it.
Through this work we have come to value:
As part of the manifesto, they added, “While there is value in the items on the right, we value the items on the left more.” This explains the bold emphasis embedded within the values above.
Addressing common misconceptions
When applying Agile to internal audit, a common misconception is that there is not value in items on the right of the manifesto statement. To be clear, documentation, planning, use of processes and tools are still valuable and, in most cases, required to support an agile approach. Applying priority to values (such as individuals, interactions, collaboration and responding to change) is what helps transform the internal audit approach and culture within your internal audit department. To effectively convert to an interaction- and collaboration-driven department, you must first change mindsets; then you can change behaviors. You need to redefine the reason you perform the tasks you perform into a value-driven approach. This new mindset drives your actions to leverage the “items on the right” to derive value from the “items on the left.”
Another misconception is that Agile is a method. Agile is not a method; rather, it is a set of principles that, if adopted in a manner that fits your culture, can result in effective changes in mindsets and behaviors. In internal audit, departments can become too focused on “implementing Agile” instead of “operating with agility.”
One of the most important misconceptions is that Agile must be implemented as a specific method, and that you must use the same defined roles and artifacts as exist in Agile for software development. Agile internal auditing is not a “one-size-fits-all” approach. Instead, you can apply the agile mindset in a variety of ways through people, processes and technology in internal audit. Adopt an approach that fits your objectives, culture and stakeholder expectations.
Throughout the journey of exploring agile internal audit, we will be including theoretical and practical applications. The practical applications will include:
Sprint goals, backlogs and your definition of “done” in an audit
Use of Scrum and/or Kanban boards
Implementation of daily “stand-ups” (quick, daily in-person meetings focusing on outcomes and impediments to progress)
Sprint review and sprint retrospectives
Your journey has just begun.
Sneak peek of our next article…
In our next article, we explore the manifesto further as well as the 12 Agile principles and how they apply to internal audit. We will explore a version of the Agile Manifesto that Baker Tilly has updated to focus on internal audit:
We are uncovering better ways of executing internal audits by doing it and helping others do it.
Through this work we have come to value:
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.
 Manifesto for Agile Software Development. https://agilemanifesto.org/
 What Is Agile Software Development? | Agile Alliance. (n.d.). Retrieved from https://www.agilealliance.org/agile101/