Embed Size (px)
Citation preview
Citigroup
Using Scrums and Sprints – Adopting Agile for Internal Audit
Lorraine Hogan, Chief Auditor
Global Consumer Banking
APAC and EMEA Internal Audit, Citi
May 2018
Strictly Private and Confidential
#DrivePositiveChange
Agenda
2
1. Practical insights into using scrums and sprints in audits – setting it up and making
it work Item
2. Addressing the challenges of introducing agile into audit planning, execution and
reporting
3. Ensuring quality outcomes in an agile environment
4. Realising the efficiencies of using agile in internal audits
#DrivePositiveChange
Agile Auditing
What is Agile?
• An alternative to traditional project management methodology, typically used in
software development
• A framework within which many processes and techniques can be operated
• Involves incremental time-boxes, known as sprints, within which agreed activities will
be completed
Where does Internal Audit fit into this?
• "Internal audit is a dynamic profession involved in helping organisations achieve
their objectives. It is concerned with evaluating and improving the effectiveness of
risk management, control and governance processes in an organisation.“ [IIA]
• In a world of innovation, the traditional way of operating loses effectiveness
• Agile auditing provides an alternative to the traditional sequential audit process, not
changing ‘what’ we do but ‘how’ we do it
3
#DrivePositiveChange
Agile Auditing
A new way of thinking
The traditional audit approach has been standard and sequential –
In applying an agile approach to audit, the approach is more flexible, responsive to
changes, and based on enhanced engagement with business stakeholders
It allows an iterative approach, with the aim of completing testing, identifying and
agreeing issues and agreeing on draft issue wording within each sprint
The most important aspect of Agile is stakeholder engagement
Increased focus on enhanced and transparent communication with the stakeholder
forms the basis of Agile Auditing
4
Traditional Risk Based Audit
Planning Fieldwork Reporting
#DrivePositiveChange
What is it and how is it different? (continued…)
It changes ‘how’ audits are approached, but not ‘what’ we do
In addition to enhanced stakeholder engagement and greater transparency, adopting an
Agile approach to our audits should result in more timely assurance through reduction in
overall time to reporting
5
Agile Auditing Flexibility
Sprint Review
Sprint Tasks
Retrospective
Sprint Planning
Daily Scrum Sprint Review
Sprint Tasks
Retrospective
Sprint Planning
Daily Scrum
Fieldwork Sprints
Test operational effectiveness of controls, discuss
exceptions, agree draft issue wording and
corrective action plans
Reporting Sprints
Finalize audit report wording after dropping in agreed draft issues.
Complete internal reviews
Audit Reporting
Planning Sprints Identify risks and controls, design
effectiveness testing, discuss exceptions,
agree draft issue wording and corrective
action plans
Sprint Planning and status update: Ongoing Sprint Preparation (Backlog Management)
#DrivePositiveChange
Implementing Agile Auditing
6
Agile Auditing
Adopting an Agile approach to our audits
means all stages in the audit can be set
to predetermined time periods known as
sprints.
• Scrum team is self-governing, and
determines the tasks to be completed
within each sprint
• each sprint should be of equal length
• audit activities and deliverables
(meetings, artifacts, DEA/OET testing,
documentation completion, reporting)
are clearly mapped to specific sprints
• allows for targeted stakeholder
engagement, through inclusion of
relevant activities in specific sprints
Scrum/Stand Up meeting
Short, sharp meetings on a daily basis
(although frequency can differ) lasting
15-30 minutes, and for which it is critical
to keep to time.
• Meeting covers (1) what was done
yesterday; (2) what will be done today;
and (3) roadblocks
• As the sprints progress it is also
important to discuss (4) potential
issues
• members of the audit team and key
business stakeholders are scrum
team members
#DrivePositiveChange
Implementing Agile Auditing
7
Sprint Activities Reviews and
Retrospectives Revise the backlog, revise the approach
Key roles
Product or Outcome
Owner
Scrum Master
Scrum Team Project
Manager
Scrum Team (Audit team)
Scrum Team (Key business stakeholders)
Sprint delivery
Product Backlog
Sprint Backlog
#DrivePositiveChange
Our Pilot
8
Daily stand up scrum sessions (20 mins) What we did What we will be doing today Roadblocks Potential observations Sprint
Planning
Daily scrum
Scrum Board
#DrivePositiveChange
And Now…
9
Training materials, sharing experiences, roll out across the IA function. Every team completing at least one audit using Agile approach in 2018. Virtual scrum board using Microsoft OneNote. Upcoming JIRA trial. Scrum /stand up meetings at different frequencies – may not need to be every day. Mix of video and face to face meetings. Identifying good opportunities for improvement, for example coaching junior audit team members to be more comfortable in speaking and responding to senior stakeholders.
#DrivePositiveChange
Addressing the Challenges
10
The Challenge How to Address
Obtaining buy in and
commitment from capable
stakeholders
Advance communication and getting agreement in advance
Deliver what you say you are going to do
Continuous engagement and managing the intensity
Transparency re other responsibilities and tasks actively managed to maintain focus on sprint completion
Initial steep learning curve Scrum team to operate as one team, training and experience
sharing in advance, regular ‘agile’ touchpoints across teams
Monitor sprint timelines and
manage sprint backlog Separate scrum master and project manager
Transparency within scrum team
Sprint reviews completed at end of each sprint
Co-location of team and
stakeholders vs
geographically decentralised
Co-locate when possible
Use technology – virtual scrum boards, screen sharing, video conferencing when co-location isn’t possible
Try fast fail fast – an agile mindset
#DrivePositiveChange
Realising the Benefits
11
Benefits How to Realise
IA staff development Self governing scrum team – all members get to contribute to decisions
on how to run the sprints
Exposing new development needs which can be addressed
Carefully consider team composition
Ability to quickly adjust to
changes in scope
Regular scrums with all team members, and senior stakeholders,
participating, allows fast response to information as it comes to light
Increased and better
quality team and
stakeholder relationships
Regular scrums with all team members, and senior stakeholders,
participating
Scrum reviews and retrospectives
Better and more
transparent tracking of
progress
Audit story board as a point of reference (physical or virtual), tracking
daily scrum updates and statuses, roadblocks, progress, potential issues
Faster conclusions on
issues and agreement on
the final report
Regular scrums include discussion on potential issues from the moment
exceptions are identified.
Shorter elapsed time for
audit execution
Aim for sprints to include agreement on factual accuracy/draft wording of
issues, provision of corrective action plans
#DrivePositiveChange
In Summary
• The beauty of an agile approach is that it lends itself to trying new ways of working
and allows teams to try fast, fail fast and move on
• In order to address the challenges of implementing an agile approach, focus on
communication and transparency, as well as team composition
• Quality can be improved and efficiencies gained with an agile approach:
o Scoping flexibility can be enhanced through better information sharing and scrum
team inputs
o Scrum team discusses and clears roadblocks
o Exception discussion starts immediately on identification
o Scrum meetings enable sharing of senior stakeholder insights on an ongoing
o Draft issues and corrective action plans are deliverables from each sprint
12
#DrivePositiveChange
Thank you
13
14
2AUsing scrums and sprints – Adopting agile for
internal audit Lorraine Hogan CIA MIIA(Aust)
APAC Regional Internal Audit Director Citigroup
