• Cart
Log in

Log in

home page banner blank


Voices from the Field


DARE TO BE DIFFERENT: TIPS FOR CONDUCTING AGILE AUDITS

What were our critical success factors?

Multiple factors contributed to the success of this new audit approach:

  • The audit team had access to the required skills and knowledge.
  • There was constant communication with senior audit management and constant communication within the project team.
  • There was strong leadership.
  • There were regular feedback processes.
  • We used a sustained, iterative approach to continuous improvement.

Having the right team was the first critical element to the success of this approach; we had an experienced team that believed that this new approach could be successful. At no point did anyone on the team say that the deadlines were impossible or that the work could not be done. Because most of the team used were consultants, we did not run into a bias for or against trying a new process or resistance to trying something new. Everyone brought a can-do attitude to the project and worked to the necessary deadlines to get the project done.

Also critical due to the fast pace of the audits and the audit topics changing every three months was the requirement to have diverse skills and experience available. Because topics changed every quarter, a large pool of resources was necessary to provide expertise in subjects such as project management, information technology security, networks, financial management, and change management. We were fortunate to have good internal knowledge and leadership. We were able to quickly access supplemental technical knowledge, leadership, and other staff on contract as needed through the cyclical quarterly audits.

Constant communication within the team and with the project lead and manager allowed the project to stay on track. Weekly communication with senior audit management allowed for quick course corrections and rapid escalations to resolve any delays. This also ensured the team was up to date on risks and program updates within the department. This constant communication was key to the agile approach to audit identification and continual risk assessment across the large transformation programs.

Leadership was also a key success factor. It was critical to have sponsors at the executive level who bought into rapid, agile assurance and who could influence the audit committee and senior departmental management. Strong leadership was also necessary to keep the project teams motivated through tight deadlines and challenging topics.

We used regular feedback from stakeholders to make improvements with each quarterly audit. We used:

  • feedback from the Departmental Audit Committee to make improvements to reporting,
  • informal feedback from auditees to make changes to management action plans and follow-up processes, and
  • a formal annual client feedback survey to obtain structured feedback on the process as a whole.

The most critical factor in our success was a commitment to continuous improvement. As with any new process, things do not always go smoothly. After preparing a draft report, the team would meet to go over the lessons learned from the previous quarter, list five things than went well, and list five things that could be improved and actions needed to address these areas for improvement for the next quarterly audit. The team tracked these improvements and took action immediately. Improvements included a new audit folder structure, improved sampling templates and processes and internal approval processes, quicker escalations, and better communication.

What challenges did we have?

The two main challenges in implementing our new methodology were providing additional context in the reports to the Departmental Audit Committee and managing the volume of recommendations generated by our reports.

While the Departmental Audit Committee continued to be supportive of the methodology and outcomes of the audits, members often asked for more information and context on the significance of the findings. It was challenging to balance the need for additional details with the streamlined dashboard. It took many iterations of the findings assessment document that accompanied the dashboard report to come up with a solution that met stakeholders’ needs.

The second challenge was managing the volume of recommendations generated. With each audit generating on average four to five recommendations every quarter, following up on management action plans for an additional 20 recommendations per year strained both departmental resources and internal audit resources. It soon became apparent that additional resources were needed to support follow-up activities.

How can you apply a similar methodology in your organization?

This approach was ultimately successful because of the commitment of the project team and audit management, and the buy-in from our stakeholders. The speed of transformation in the department required rapid, agile assurance work by senior management in both audit services and the whole department. The new audit approach was better aligned with Shared Services Canada’s fast-paced project and rapidly changing environment than the traditional assurance audit model.

While the agile approach was first developed in the software industry and was then adapted for auditing IT projects, the use of agile auditing is by no means restricted to the IT sector. The agile approach can be used by any audit office looking to accelerate audit cycles, drive timely insights, reduce documentation and make the audit process generally more efficient.

To determine whether they could adopt an agile approach, auditors should ask themselves the following questions:

  • Are there large, rapid-paced projects or programs going on in your organization?
  • Are you ready, willing, and able to do things differently?
  • Do you have access to the necessary resources, both financial and human?
  • Do you have support from senior management?

It should be noted that the agile approach presented here does not have to be adopted wholesale. Changes could be made gradually and some aspects may not be feasible in different contexts. However, some aspects of the approach should and could be used by any audit team. For example, working with professional practices to streamline tools and communicating expectations around timelines is simply good project management. Similarly, having the right skills and experience on your team and defining an appropriate scope to achieve your audit objectives are basic requirements of the Institute of Internal Auditors’ standards.

Conclusion

Shared Services Canada’s transformation programs were simply too big and the speed of change too rapid to use a traditional audit approach. This agile audit approach allowed the audit team to provide timely assurance to critical high-risk areas in the department’s transformation agenda.

The approach also helped improve both these rapid agile audits and the traditional audits going on at Shared Services Canada by challenging our processes and preconceived ideas of how audits could be delivered.

By immediately implementing quarterly lessons learned, we quickly changed these audits from a labour-intensive, unsustainable approach to a streamlined repeatable process—one that could pivot with the evolution of the transformation programs and the rapid changes within the department. Strong leadership, embracing change, and a real commitment to continuous improvement through lessons learned were crucial for the successful delivery of this ambitious audit agenda.

 

Page 2 of 2

 


DISCLAIMER: The opinions expressed in this article are those of the author and do not necessarily reflect the views of the Foundation.

 

See more Voices from the Field