Syncing Your Policies with Evolving Regulations

MOVING UP THE MATURITY CURVE WITH AGILE AUDITING

At a recent MetricStream webinar, our internal audit expert pointed out that agile internal auditing is ultimately a mindset. It’s about being flexible and responsive to changes in both internal and external environments.

Agile IA focuses on faster audit cycles, timelier reporting, less waste, and greater business value. In fact, it pushes auditors and stakeholders to determine upfront the value that will be delivered by a particular audit project. It also helps prioritize audits based on their importance and urgency—which is critical in today’s fast-evolving environment. Since agile auditing requires IA teams to do more in a shorter time frame, a lot of discipline and rigor is involved—right from audit planning and resource allocation, to field work and reporting. Compared to traditional audits, agile auditing is quicker and more iterative.

Documentation requirements are fewer. And instead of a predefined plan set in stone, agile audit plans are usually flexible. They’re broken down into multiple shorter cycles that make them more agile and responsive to change.

MOVING AT THE SPEED OF RISK

Why is agility in auditing so important now? Because the world has changed. Risks that were top-priority just a few months ago may not be as relevant anymore. If auditors want to help their organizations thrive, they have to be more agile and move at the speed of risk. An EY survey found that almost half (46%) of IA functions around the globe are reprioritizing their internal audit plans to address new risks that have been identified as a result of the pandemic.

Since an agile audit has shorter and more iterative cycles, auditors can be flexible about incorporating new risks and auditable areas throughout the year. They can also keep pace with emerging risks and assurance needs by regularly reviewing and reprioritizing their audit plan. The idea is to focus on what really matters at the moment. For instance, how might remote working models during the pandemic impact organizational governance? Are an organization’s contingency plans in line with industry best practices? Are employees trained on the cybersecurity risks of working from home?

Are remote access controls built to scale? Is there a clear communication plan for customers? These are all areas where IA practitioners can provide valuable and timely insights with the help of agile auditing

THE FUTURE OF AGILE AUDITING WITH TECHNOLOGY

In a post-pandemic world, technology is no longer simply a nice-to-have, but an imperative. Especially in a distributed workforce, internal auditors need technology to collaborate better with stakeholders, access information quickly—and enable agile auditing.

MetricStream Internal Audit Management facilitates a dynamic, risk-based approach to agile audit planning where new risks can be continually added to the plan as priorities shift. The product accelerates internal auditing with streamlined, automated processes. It also helps optimize resource allocation, so that auditors can do more with limited resources. Real-time reporting and analytics tools process massive volumes of data quickly, so that auditors can speed up reporting, and enable business leaders to make decisions faster. But this is just the beginning. With artificial intelligence, robotic process automation, and advanced analytics, IA practitioners will be able to continuously monitor and easily detect risks even while working remotely. They will be able to collaborate more seamlessly across the lines of defense, and automatically integrate data on risks and issues from multiple diverse sources.

They will also be able to anticipate risks, and predict disruptions more effectively. All these capabilities, in turn, will enable them to demonstrate better agility as they help their organizations tide over the pandemic.