Agile Auditing

Is your audit experiencing the same pain points of exceeding time budgets, not auditing new emerging risks, and poor communication with process owners? Agile auditing can help make these difficulties a thing of the past!

The Old Way of Auditing

In today’s world, the risks and needs of a business are constantly changing. New risks emerge, unforeseen regulations are enacted, and new cybersecurity threats arise unexpectedly. Under the traditional construction of an annual audit plan, these new risks are almost impossible to plan for accordingly. Despite this fact, many internal audit teams fall into the same process of creating an audit plan, budgeting for “unplanned audits”, and hoping those new risks do not emerge to a point that exceeds the budget.

More advanced audit shops are moving to an agile auditing approach to address the “emerging risk problem”. The benefits offered by agile auditing include increased flexibility, employee empowerment, increased communication, and better communication between the audit team and the process owners.

Agile Auditing: What Is It?

You may have heard the term “agile” mentioned before in business, most likely describing software development. Recently audit teams have been adopting the agile model. What does it mean to be agile? It means being flexible to reach the current needs of the ever-changing environment.

The traditional annual audit approach involves the creation of an annual audit plan and work to complete the audits listed on the audit plan. With agile auditing, the audit universe is constantly updated to address emerging risks. The updates are primarily driven through communication with senior management. Having an open line of communication allows the audit team the insight to know the current risks to the organization. This communication also helps to build trust and relationships between audit and management. With this new trust, audit is more likely to add value to the organization.

After an audit is completed, the audit areas in the audit universe are evaluated, with the highest risk audit area being audited next. This allows the internal audit team to prioritize its work on the organization’s highest risk. In most cases, an internal audit team does not commit to an audit that will be not completed before the end of the quarter.

Creating an Agile Audit Plan

An agile audit plan starts like a traditional audit plan by prioritizing auditable risks. But that’s where the similarities end. Instead of committing a team to a year, or longer, audit plan, an agile audit plan builds a shorter audit plan. An agile audit plan picks the most critical risks and does not commit to audits that will be completed beyond the current quarter. At the end of each quarter, the auditable areas are prioritized again, and audits are planned for the next quarter. With quarterly Audit Committee meetings CAE’s can better communicate the current risks to their Audit Committees using agile auditing.

Applying Agile Audit Techniques

Being agile doesn’t stop at the audit plan, audit techniques should also be agile. With a traditional audit, there are budgeted hours, with large sections of planning, fieldwork, wrap-up and reporting. If anything unexpected occurs, the hours budget is exceeded which delays the start of the next audits on the audit plan.

With agile auditing, the individual pieces of the audit are structured in 1-2-week activities (sprints). Each activity is planned, executed, reviewed, and reported to management with a short presentation on a regular basis. When the audit concludes, a summary of information previously presented to management is compiled into a report reflecting the results of the sprint audits and conclusions in a summary format. This helps to minimize surprises at the end of the audit and helps to enhance the working relationship between audit and management

While this increased reporting may sound time intensive, the use of audit software can significantly decrease the time spent on creating these presentations. Agile auditing works hand in hand with internal audit tools, such as Workiva. These tools help to manage the risks of the organization, facilitate a collaborative effort, and assist in streamlining the reporting process to management.

Implementing Agile Auditing

Changing to an agile audit plan and techniques will bring value to management, the audit team, and the organization. Whether you’re using agile auditing, a traditional auditing process, or somewhere in between, now is the time to look at how your organization monitors emerging risks.

To learn more or inquire about how Clearview Group can help your organization, please reach out to:

Scott Freinberg, Director, Risk Advisory at or

Kris Pratte, Director, Risk Advisory Practice at or

More in Risk & IT Risk Advisory