The world within which we live and work is dynamic and turbulent — even more so now than when the term was first used to describe the impact of new technology. If we rely on an annual risk assessment and plan, we end up auditing what used to be a risk, not what challenges the organization today or tomorrow. In fact, the annual audit plan is typically out-of-date even before it is approved by the audit committee!
The Need for Agile Auditing
In COVID-19 Crisis Highlights the Value of Agile Auditing, Protiviti’s Brian Christensen and Sharon Lindstrom talk about the need for “agile auditing.” Here are some quotes. Note that the first quote uses that same phrase.
- We (internal auditors) have to be able to move at the speed of risk, which, as we’ve seen from the past several weeks, can be lightning fast.
- Auditors should … see themselves less as an assurance provider and more as a proactive partner. In essence, we have to become part of the response team.
- While traditional risks remain, auditors should be ready to quickly change their focus as newer challenges present themselves.
- Even as the COVID-19 crisis continues to rage, auditors need to be thinking about the next step forward, when the marketplace and the economy gradually regain their footing …. But when the economy begins to move into the recovery phase, Agile auditing needs to refashion itself again.
- It is at this point that internal auditors may need to re-think their risk assessment frameworks.
- It is internal audit’s responsibility to evaluate not only the likelihood of new risks during this phase, but to also assess how quickly such challenges may arise and the extent of their duration.
- Looking ahead, Agile auditing will continue to be the best way forward for internal audits, as organizations adjust with a changed market and social environment. It will enable auditors to better align assurance with the dynamic condition of a post-COVID world.
What do I mean by agile auditing?
- Being able to shift rapidly to audit what matters now and in the next period when everything is changing constantly.
- Being able to perform audit engagements at speed. If you think of an agile person, they move with quick steps. Internal audit functions that take weeks or even a month to perform an audit are not agile.
- Being able to stop auditing when there is little value in continuing.
- Being able to accelerate and expand an audit engagement when new and significant issues or opportunities emerge (a.k.a., stop-and-go auditing, as discussed in Auditing that Matters).
- Being able to communicate the results when they are needed by management or the board. If you take even a week to share the nature and extent of issues, you are not agile.
Our environment was and is changing very fast indeed, and where we should put our limited internal audit resources should be changing at the same speed.
This is only possible with the right technology
An initial problem is technology. Everything is born digital but we are a slave to the effectiveness of where it is stored. Indexed. Available. Searchable. Organizations need to have a nimble ability to turn what is perceived as a problem into a solution by adding the right capabilities. That is where InfoDNA comes into helping assess the current state and quickly ‘cross the tech chasm’ to make this a reality.
