Professional Documents
Culture Documents
Audit Methodology
into Agile IA
3
Polling Question 1
A. Eastern time
B. Central Time
C. Mountain Time
D. Pacific Coast Time
E. Other
4
John Pagac, CPA, CIA
Managing Director | Risk Advisory Services
John Pagac is a managing director in BDO’s Risk Advisory Services
practice. He has more than 25 years of professional experience,
including the last 10 years serving in management roles in
professional services and industry delivering internal audit,
compliance, and consulting services and solutions to large pubic and
private international companies.
He has significant experience in performing and delivering Internal
Audit Services (including value added operational assessments and
establishing internal audit functions), Enterprise Risk Management
(ERM), Internal Controls Over Financial Reporting (ICOFR) and
Sarbanes-Oxley (SOX) testing including initial implementation/
readiness assessments, and corporate governance.
PROFESSIONAL AFFILIATIONS John’s clients have included a variety of global middle market and
Certified Public Accountant, State Of Michigan
The Institute of Internal Auditors (IIA), Board Fortune 500 companies across a broad range of industries including
Member, Detroit Chapter automotive, retail, manufacturing & distribution, transportation, and
medical devices.
Prior to joining BDO, John was previously with a Big Four public
EDUCATION accounting firm, providing internal audit services to several large global
B.S., Accounting, Michigan State University
companies which included assisting 5 companies in establishing an
internal audit function. In addition, he also served as the Internal Audit
Director for a global aftermarket auto supplier.
5
Anamika Roy, CA, CIA, CISA, SFC, SMAC
Manager | Risk Advisory Services
Anamika has led numerous internal audit and assurance engagements for
large multinational companies, delivering value-added Risk Advisory
services including, Sarbanes Oxley Compliance, SOC Reporting,
Enterprise-Wide Risk Assessments, developing ERM and IT Risk
Assessment frameworks, Cybersecurity, GDPR readiness assessments as
well as execution of internal audit plans.
6
Today’s Learning Objectives
7
Key Topics We Will Be Discussing
8
Polling Question 2
9
Agile Auditing | Definition & Value
Proposition
10
What is Agile Software Development
The authors of the Agile Manifesto chose “Agile” as the label for this
whole idea because it represented the adaptiveness and response to
change which was so important to their approach.
11
Agile Manifesto
Working
Build projects software as a
around teams primary
measure of
progress
Satisfy the
customer Welcome
through early changing
and continuous requirements
delivery
12
How is Agile relevant for IA
13
Agile Auditing | Value Proposition
14
Benefits to IA Audit Function
Ability to
manage
Focus audit changing
efforts to priorities
delivering Higher team and identify
business engagement roadblocks
value sooner
15
Polling Question 3
16
Agile Auditing | Overview of the Scrum
Methodology & Execution
17
Concept: Traditional v. Agile Auditing
18
Scrum
Scrum (n): A framework within which people can address
complex adaptive problems, while productively and creatively
delivering products of the highest possible value.
Scrum Principles
Empirical Process Control
Self Organization
Collaboration
Value based Prioritization
Time-boxing
Iterative Development
*Source: Scrumguides.org/scrum-guide.html and the SBOK Guide
19
Agile Audit Workflow - Execution
20
Traditional v. Agile – Inventory Example
Planning
Report Test
Fieldwork
Review
DOD
Plan
Reporting
TRADITIONAL AGILE
Timeline: 8 weeks or more Timeline: Run 1-2 weeks with daily updates focusing
on results. Repeat process.
Approach:
Review of inventory holistically (e.g., Receiving, Approach:
E&O, Adjustments, etc.) at a plant as part of Prior to fieldwork meet with stakeholder after
rotational basis and follow a static APG agreed upon KPI(s) trigged review
Focus is on policies and procedures/financial – Root cause / hypothesis of what may have
adherence caused it. Customized APG and approach.
Team composition: All financial, may include someone Team composition: Diverse team - SMP plant, cost
with plant experience. acct, financial
21
Polling Question 4
22
Scrum Attributes
23
The Audit Team | Scrum Roles
Stakeholders /
Project Sponsors
24
The Audit Team | Transparency
25
The Audit Team | Metrics
Scrum Boards
Burn-Down Charts
Burn Up Charts
Velocity Charts
26
Audit Impediments and how to address them
27
Considerations for using Agile
Enhanced
Fit for All?
Planning
Light
Documentation
Data Analytics
28
Agile Auditing | Challenges & Pitfalls
29
Pitfalls / Challenges
Support from
sponsors &
Correctly
Stakeholders
apply agile
concepts
Organizational Adhere to
culture change Preventing time boxes
burnout
Dedicated
Resources
30
Lessons Learned
31
Polling Question 5
32
Scrum it Up!
33
Scrum it Up!
What is How do I
How do I Coach?
the best deal with
scale Agile
approach to distributed
Adoption?
Agile Audit audit
Adoption? teams in
Agile?
34
Polling Question 6
A. Yes
B. No
35
Questions
36
Now Available!
37
Available for download
38