and Integrated Auditing with Agile Auditing, you will review different risk definitions. You will learn how to stop creating kitchen‐sink audits. You will learn about risk‐based auditing and will explore our extreme risk‐based auditing approach. Further, you will realize that Agile auditing does not preclude one from completing integrated audits.
In Chapter 16: Building the Auditor Toolbelt and Self‐Managing Agile Audit Teams, you will learn the importance of building an auditor toolbelt and filling it with the different skills to become an Agile audit. Also, you will see how using Scrum values can help create a self‐managing Agile auditing team.
Chapter 17: Preparing Your Organization for Agile Auditing/Creating the Agile Culture explores how behaviors, norms, and perceptions can influence the organization, so it supports Agile auditing. You will learn about the influence a Grateful Agile Leader can have on the organization's culture and the Agile team. You will also learn what the ideal conditions for Agile auditing are.
Chapter 18: Passing Your Quality Assessment Review (QAR) in an Agile Audit Environment discusses the four areas of most concern regarding your QAR when implementing Agile auditing (independence and objectivity, planning, documentation, and supervision). It also provides an overview of the standards used for the three types of audits covered in this book.
In Chapter 19: Nuggets for Agile Audit Success, you are encouraged to summarize your new or refreshed knowledge from the book and identify your nuggets (which can be anything meaningful to you: an idea, a question, something to research later, something to tell someone else, an aha moment, or even a thought related to the content discussed). This chapter provides 10 nuggets for Agile auditing success.
Appendix A: Glossary of Terms, provides definitions of key words, concepts, and notes provided in this book.
Appendix B: Product Backlog Template, includes the business risks (with likelihood/impact assessments), value proposition, cross‐functional dependencies and relationships to other risks, priority or projected date for the completed audit, resource requirement estimates, and an estimate of the effort to complete the Agile audit.
Appendix C: Agile Audit Example. This example consists of the Agile Audit time‐lapse activities conducted during a one‐week period for an Agile audit of remediation activities for a Security/Access Controls audit finding: Deficiencies in the user provisioning process for terminations.
Bibliography. Our journey as we wrote this book included reading over 100 books, reports, scholarly and trade journals, white papers, articles, interviews, and research papers on Agile, Agile frameworks, and Agile methodologies. The Bibliography includes references to many of the learning and discovery aids we have used in this book. We encourage our readers to seek these references, as well as many more.
Good luck, and let's start your Agile auditing journey.
CHAPTER 1 What Is Agile?
AGILE IS A FRAMEWORK
It felt like a no‐brainer to answer this question, as we set our sights on publishing a book on Agile auditing. Through discovery, we found that Agile has different meanings depending on your view and approach. When you develop and work with Agile, it's vital that you describe what Agile is and what it means.
Authors of other Agile publications describe it as a mindset or a methodology. Agile, for example, in Rick Wright's Agile Auditing: Transforming the Internal Audit Process (Wright 2019), he uses big “A” and little “a” to distinguish between doing Agile and being agile. Used as a noun, Wright refers to the big “A” as doing Agile internal auditing using software development methodologies. Wright's little “a,” used as a verb, describes, in general, process improvement efforts (exclusive of specific methodology) to achieve a nimbler, less wasteful process. Big “A” is essentially the technical aspect of completing an audit. Little “a” is the thinking behind being agile. Being agile is as unique to an organization as your DNA is to you. To do Agile well, you must be agile, so from here on we make no distinction between being Agile and doing Agile. Agile is both a mindset and a framework. We hope that your organization, including your audit team, will demonstrate business agility using Agile methods. Agile organizations identify changes and risks from internal and external sources, respond to those changes promptly and appropriately, deliver value to their customers, and remain sustainable. While this book is a framework providing options to implement Agile auditing, we've also provided various “recipes” with step‐by‐step examples of how to implement the framework. These recipes are as close as we get to prescribing a methodology. Remember, the recipes and the case studies provided in the text are just examples!
Agile is not a methodology itself in any discipline. It is a philosophy, a mindset, or a way of thinking to get stuff done faster based on the interests of identified customers.
It is important to note that Agile is not a methodology itself in any discipline. It is a philosophy, a mindset, or a way of thinking to get stuff done faster based on the interests of identified customers. The roots of Agile as a philosophy originated in software development. It was software developers who combined existing frameworks to create the Agile movement to complete software development projects faster. You can think of Agile as an umbrella term for a set of different frameworks and practices all based on the original software development values and principles. These values are expressed in the “Manifesto for Agile Software Development,” and the 12 principles as fashioned by the Agile Alliance are presented later in this chapter. Another key thought is that Agile methods are people‐oriented rather than process‐oriented. In Agile, people come first and people complete projects. Conversely, conventional project management and software development methods, such as waterfall, are process‐oriented.
Before we continue describing Agile, we want to clarify that there is a time and place for traditional conventional project management methods, such as waterfall. For example, certain mandatory compliance audits with repeated processes year after year might benefit from a waterfall process‐oriented approach. As a matter of fact, although there appears to be a mass adoption of various Agile methodologies in many organizations, there are still many that continue to use conventional methods successfully. We have also seen organizations transition into a hybrid Agile approach that combines aspects of both Agile and waterfall. Our Agile framework was developed specifically to help address common problems that arise when completing all audits using the traditional methodologies (i.e., waterfall).
DEFINITIONS OF AGILE
Agile is an approach to project management based on a set of values and principles. [The Agile approach] breaks projects into smaller, incremental deliverables that go through repeated iterations to focus on customers' needs and interests. It promotes adaptive planning, early delivery, frequent inspections, continuous improvement, and flexibility to respond to change (Catlin 2020).
Agile means quick, easy, and nimble. In business, it's a way of thinking, a way of working that is increasingly part of how many of the most successful companies work (Cazaly 2017).
Agile is the ability to move quickly and easily in response to your environment. To be Agile, you must be alert to your situations, and you must be flexible, nimble, and adaptable (Catlin 2014).
