Professional Documents
Culture Documents
Agile methods challenge many traditional ways of thinking about STREAMLINED AUDIT ENGAGEMENTS that combine planning,
• Improve delivery of timely assurance and
and completing IT audits. They focus mainly on allowing options fieldwork and reporting phases
beneficial insights for practices and tactics, rather than rigid step-by-step
instructions and strict templates. DIRECT CUSTOMER COLLABORATION in an Agile scrum,
• Strengthen governance giving all key stakeholders a seat at the table
While this can be intimidating at first—and it does require
discipline—having a resourceful attitude and embarking on a FLEXIBLE AUDIT SCOPE, which enables real-time adjustments
flexible Agile pathway can result in more successful and beneficial as new information comes to light
IT audit engagements. This helps IT auditors further solidify their
REAL-TIME AUDIT FINDINGS or control weaknesses that are
role of providing actionable insights and advice to the enterprise.
shared as they are uncovered
OBJECTIVITY Agile audit functions retain their professional ACCEPTANCE OF RISK The collaborative processes leveraged
skepticism and ability to make final decisions. by Agile help ensure disclosure to executive management of any
accepted risk taken by audit customers.
DUE PROFESSIONAL CARE The audit backlog is prioritized more QUALITY ASSURANCE The Agile sprint retrospective helps
often under Agile. Audit management retains its right to conclude audit teams to analyze how each sprint has delivered on
on key matters of each audit engagement. executed processes, audit tools and the definition of done.
Meet regularly. A scrum master will usually organize brief daily meetings to evaluate progress and
‒Dawn Vogel, Director of IT Audit, Nelnet, Inc.
4
quickly identify and resolve roadblocks. These meetings are short and kept to the main points Source: Destination: Agile Auditing
with only the necessary participants. The focus is to enable the scrum master to learn if team
members are being pulled in other directions or if key stakeholders are not cooperating—basically
anything that might affect their ability to deliver results on time and on budget.
5 Hold retrospectives. The end of every sprint should include a meeting facilitated by the scrum
master. Here the team can review completed stories, ask questions, share lessons learned and
identify insights that can be applied to future stories. It also is a good time to recognize the
contributions of the team members and provide encouragement for the next sprint.
DEFINITION OF DONE (DOD) Criteria used to determine if stories have concluded satisfactorily STORIES The smallest work unit in Agile audit; usually a brief description of the desired outcome
and are considered done
TIMEBOX A defined period of time within which a goal or activity should be completed; often on a
DEFINITION OF READY (DOR) Criteria that must be met prior to testing controls tight deadline to keep a project moving forward quickly
• Share findings as they emerge, and use new information to update the audit focus and scope
(with appropriate input and approvals). Audit professionals who are seeking additional learnings to build their
Agile competency have many options including professional courses,
• Plan and work in shorter intervals—weeks and quarters instead of years.
certification programs and online materials from reputable sources.
• Estimating time needed for tasks, e.g., timeboxing, takes experience. Don’t expect to always get it
right on the first go-round.
• Ensure the team leader, or scrum master, is experienced and ideally certified. They will provide the
direction and help keep the teams on track, time and budget.
• When possible, adapt audit processes to the tools and processes used by customers to improve
customer communications, engagement, appreciation and outcomes.
RESOURC ES
1
https://agilemanifesto.org/