Risk management professionals must embrace a new way of working by applying the principles of Agile. Applying Agile principles in assurance generates high-quality, focused value faster, using short sprints over the course of the year to alleviate the burden of a stringent audit plan.
Investing in compliance solutions should also be on the 2021 agenda to better drive operative and cost-effective compliance activities. The ability to build and deploy an integrated and complete governance, risk and compliance (GRC) suite with continuous monitoring and testing capabilities will be in high demand to complement the rapid shift toward Agile assurance.
The Set Piece of Agile Assurance
In 2020, some risk management and internal audit professionals tried to embrace a more agile way of working, but the COVID-19 pandemic disrupted that plan for many. As such, the need for an agile internal audit and risk management function is a critical success factor in 2021. This will enable management to respond to a demanding compliance requirement quickly and with high-quality delivery.
Risk management agility can be defined as the ability to keep up in the digital age by responding to market changes and emerging opportunities with creative ways to deliver intelligent and compliant solutions, while partnering with business and IT stakeholders. Any agile internal audit and compliance function offers massive benefits to the organization. Instead of rigid audit plans, Agile assurance seeks to create a running list of value propositions throughout a given period. The goal of Agile assurance is to create a collaborative process with the business stakeholders to produce insights and value fast, to develop repeatable autonomous compliance solutions for the business and to allow risk management professionals to work on challenging tasks that also benefit their professional development.
The Agile framework you adopt should be structured with the following 3 elements in mind:
- Phases—These are the major sequences of events that group similar tasks together (e.g., planning and monitoring, execution and wrap-up, reporting). The key to Agile is that these segments are dynamic; internal audit and compliance functions constantly move from one segment to another during a given period.
- Tasks—These are the sets of core activities, tools or deliverables that need to be maintained within a segment. Tasks will transform a risk management function to a new, targeted and value-driven way of working (e.g., creating audit value streams, defining assurance sprints, developing packed reporting and identifying lessons learned).
- Principles—These are the high-level measures upon which an agile internal audit and compliance function should be evaluated. The 3 principles of Agile include the following:
- Tech-driven
- Value-centric
- Growth mindset
Going Agile allows adopters to break free from outdated ways of thinking, enabling them to constantly look for ways to improve current situations, add value and learn from failures. Successful implementation of Agile principles in internal audit and risk compliance functions depends on leaders creating a thoughtful way to tailor the agile design principles to support specific objectives.
Mostafa Elghazaly, CISA, CISM, CGEIT, CRISC, CDPSE
Is the founder of Signify Solution LLC and the creator of the improve framework, the first Agile framework for risk management functions to help compliance leaders transform to agile. He can be reached via email at mostafa@signifysolution.com and LinkedIn.