Sprinting Ahead With Agile Auditing Sprinting Ahead With Agile Auditing Sprinting Ahead With Agile Auditing About Jimmy Jimmy Pfleger Manager of Product Solutions jpfleger@auditboard.com Jimmy Pfleger is a Manager of Product Solutions at AuditBoard and has over 11 years of IT Audit, Compliance & Security experience. He started his career at KPMG in the IT Advisory practice where he led external audit and assurance activities for some of the largest companies in the St. Louis area. In addition to managing the IT Internal Audit function at both Caleres and RGA, he also spent time as the Manager of Security Compliance at Express Scripts where he built and managed the SOC2 program. His experience working across the traditional lines of defense within various organizations has given him valuable insight into how companies are truly managing IT risk. Jimmy is also a Certified Information Systems Auditor (CISA) and is Kanban Certified (Agile). Sprinting Ahead With Agile Auditing What is agile auditing? Agenda Primary benefits of agile auditing. What the industry is saying. Unraveling the common misconceptions surrounding agile. Exploring best practices and keys to success. Sprinting Ahead With Agile Auditing Poll Question #1 How would you describe your team’s current position on agile auditing? A. We’ve already fully adopted agile B. We’ve partially implemented agile C. We’re considering agile D. We’re not considering agile Sprinting Ahead With Agile Auditing 01 What is Agile Auditing? Sprinting Ahead With Agile Auditing What Is Agile? ● Agile is used to describe a set of project management principles and methodologies originally popularised for software development lifecycles through “The Manifesto for Agile Software Development” in 2001. ● 17 software developers signed off on 4 values and 12 principles. ● Focused on delivering value over process. ● Known as a “light” development lifecycle compared to the “heavy” incumbent, Waterfall. Sprinting Ahead With Agile Auditing Agile Manifesto: 4 Values Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan Sprinting Ahead With Agile Auditing 02 Benefits of Agile Auditing Sprinting Ahead With Agile Auditing Primary Benefits of Agile Auditing Expedite Audit Planning Abbreviate Audit plan Realign Scope Quickly Combine Planning, Fieldwork, and Reporting Increase Customer Interaction Sharing Findings in Real-Time to Speed-up Remediation Improve Audit Quality Sprinting Ahead With Agile Auditing Poll Question #2 For those teams who have fully or partially adopted agile, what are some of the primary benefits that you’ve noticed? (i.e. more collaboration, speed of audits, better capacity management?) A. Expedite Audit Planning B. Realign Scope Quickly C. Combine Planning, Fieldwork, and Reporting D. Sharing Findings in Real-Time to Speed-up Remediation E. Improve Audit Quality F. Other Traditional Audit vs Agile Audit IMPACTS TO CUSTOMER Traditional Internal Audit ● Customer does not know what is going on until the audit report Agile Internal Audit ● Customer is more informed. ● Customer can provide feedback to the audit team about how they think the project is going. ● Customer can react to and modify their plans of action based on the interim points of views. Sprinting Ahead With Agile Auditing 03 What’s the Industry Saying? Sprinting Ahead With Agile Auditing “The ability for internal audit functions to remain relevant and address the needs of their clients is incumbent upon using new tools and techniques, including the Agile methodology.“ Protiviti Financial Services Industry Practice Sprinting Ahead With Agile Auditing Short audits = happier customers …and doesn’t mean you audit less! Sprinting Ahead With Agile Auditing 04 Perception vs. Reality Sprinting Ahead With Agile Auditing Perception vs. Reality Sprinting Ahead With Agile Auditing 05 7 Steps to Prepare for an Agile Transformation Sprinting Ahead With Agile Auditing Step 1: Shift Mindset to Embrace Change as the New Constant Auditors constantly shift based on new information, which requires open communication and transparency with stakeholders. Sprinting Ahead With Agile Auditing Step 2: Designate Your Agile Team Members Thinking of the transition as a project that needs a project manager will help to keep the change on track. Sprinting Ahead With Agile Auditing Poll Question #3 How many teams have leveraged additional company resources (i.e. Agile SMEs) to get their Agile Auditing program off the ground and running? A. Yes - We work with other project management leaders to help us with our Agile Auditing program. B. No - We do not know what resources are available internally still. Sprinting Ahead With Agile Auditing Step 3: Evaluate Current Tools for Gaps Change direction based on shifts in the risk environment – Your audit technology should also support your agile way of working. Sprinting Ahead With Agile Auditing Step 4: Prepare Your Team With Specific Agile Policies & Procedures and Training Each agile transformation is unique, so it’s essential to document your agile processes as you go through the changes and make decisions. Sprinting Ahead With Agile Auditing Agile Terminology ● Backlog - The single source of truth for all items that a team works on. Everything ultimately gets completed in the project will be on the backlog. However, the existence of an item on the backlog doesn’t mean that the work will get done. ● Epic - An epic is a large body of work that can be broken down into several smaller user stories (i.e. an individual audit) ● User Story - A functional increment of work (i.e. a control test) ● Sprint - A short, fixed, time-boxed period or iteration wherein work is completed ● Standup Meeting - Also known as a “daily standup”, this is a daily 10-15 minute meeting in which the core team shares information to align daily goals to the overall strategy ● Capacity - The amount of work that can be completed within a given timeframe and is based on the number of hours a person or team has available to complete that work. ● Prioritization - The act of deciding in what order the team will work on the requirements of the project Sprinting Ahead With Agile Auditing Step 5: Implement Modern Technology to Improve Audit Efficiencies Automation can help you become more agile by providing deeper insights into a risk area before you begin testing. Sprinting Ahead With Agile Auditing Step 6: Tie Audits to Business Priorities to Audit the Right Risks at the Right Time The audits should relate to risks impeding management from achieving their strategic goals. Sprinting Ahead With Agile Auditing Step 7: Be Agile With Your Agile Transformation! Use your agile mindset in this exercise by testing concepts in sprints, modifying these based on results, and testing again. Sprinting Ahead With Agile Auditing Poll Question #4 On average, how long do your audits take? A. 1 month or less B. 1 to 2 months C. 2 to 3 months D. 3+ months Sprinting Ahead With Agile Auditing 06 Next Steps Sprinting Ahead With Agile Auditing One-page document outlining the project plan, created by audit team and stakeholders. Planning Project: Canvas ● ● ● ● ● ● Project Background ○ Business objectives, strategy, risks ○ Project alignment to business objectives ○ Where did project come from (e.g., risk assessment, self-requested, etc.) ○ How will internal audit deliver value? Stakeholders and Impact ○ Cross-functional impact ○ IT systems, financial reporting, compliance impact Measures of Success Project Scope Risk and Control Matrix Project Team ○ Make the client a “member of the audit team” Sprinting Ahead With Agile Auditing Agile Transformation Preparation Checklist ● Get ready to be more flexible. ● Become cross functional — both within IA and beyond. ● Empower internal auditors and stakeholders. ● Choose a specific framework to adopt. ● Develop your department’s specific agile manifesto. ● Train your team. Sprinting Ahead With Agile Auditing Questions & Answers The Modern Connected Risk Platform Elevate your audit, risk, and compliance teams with the intelligent, collaborative, connected risk management platform. Risk Management Centralized Integrate and elevate every element of your risk management program. Compliance Management Unified Accelerate cross-framework compliance, including SOC, ISO, NIST, PCI, and more. ESG & Sustainability Operationalized Streamline ESG program management and ensure audit-ready data. IT Risk Management Transformed Understand your threat landscape, quantify risks, and improve cyber resilience. Internal Audit Streamlined Drive greater strategic impact and productivity at every step of your audit program. SOX Management Simplified Tackle SOX compliance and controls management with ease and precision. Vendor Risk Management Modernized Visualize, assess, and mitigate the third-party IT risks facing your organization. Sprinting Ahead With Agile Auditing Thank you. If you qualified for a CPE, you will receive your certificate by email by the end of the day. Questions? Email webinars@auditboard.com.
