Agile Auditing in Government

In today's fast-paced and ever-changing environment, traditional auditing methods may not always be sufficient to address the dynamic needs of stakeholders and the complexities of modern projects. This is where Agile Oversight comes into play, offering a flexible, responsive, and efficient approach to government and internal auditing.

What is Agile Oversight?

Agile oversight is the mindset a government audit office will adopt to focus on stakeholder needs, accelerate oversight cycles, drive timely insights, reduce wasted effort, and generate less documentation. Agile prompts overseers and stakeholders to determine, upfront, the value to be delivered by an oversight product.

Core Characteristics of Agile Oversight

1. Adaptability and Flexibility: Agile Oversight allows auditors to quickly adapt to changing circumstances and emerging risks. This is achieved through iterative audit cycles, where auditors continuously reassess and adjust their procedures based on new information.

2. Stakeholder Engagement: Regular interactions with stakeholders are a cornerstone of Agile Oversight. By involving stakeholders throughout the audit process, auditors can better understand their needs and expectations, leading to higher satisfaction and more relevant audit outcomes.

3. Iterative Process: Instead of following a linear, sequential approach, Agile Oversight employs short, iterative cycles known as sprints. Each sprint focuses on delivering specific, incremental audit deliverables, allowing for continuous improvement and timely insights.

4. Early Identification of Issues: The iterative nature of Agile Oversight enables early testing and feedback, allowing auditors to identify and address issues promptly. This proactive approach helps mitigate risks before they escalate into significant problems.

Types of Agile Work Products

1. Urgent Risk Identification: Outlines risk areas for management consideration based on prior audit work or data analytics. This type of report is often in the form of a management advisory report or memorandum, issued during the audit process prior to the final audit report. The primary objective of an agile audit report for urgent risk identification is to deliver timely insights. Instead of waiting until the completion of the entire audit, this report is issued during the audit process when critical risks are identified that require immediate attention.

2. Information Sharing: Shares information with stakeholders more quickly during a broad scope review. It is commonly presented in the form of a status report or informational memorandum. An agile audit report for information sharing is characterized by clear and concise communication. It presents the relevant information in a straightforward and easily understandable manner, avoiding technical jargon or complex language. The report aims to ensure that stakeholders, including the auditee agency and other interested parties, can grasp the key information and insights without unnecessary complexity.

3. Interim Assessment: Provides a status or snapshot on agency or program activities or funding. This type of report is particularly useful for sharing information quickly with stakeholders during a broad scope review, a targeted assessment of a large program, or a series of reviews. It is commonly presented in the form of a management alert, memorandum, or a management advisory report. The primary objective of an agile audit report for interim assessment is to provide timely communication of preliminary findings. Instead of waiting until the completion of the entire audit, this report is issued during the audit process to keep stakeholders informed of progress and emerging insights. The report ensures that stakeholders have access to up-to-date information and can begin taking action or making informed decisions sooner.

4. Summarizing Lessons Learned: Outlines lessons learned for agency consideration based on prior audit work. This type of report is designed to capture and communicate key lessons learned for consideration by the auditee agency. It is commonly presented in the form of a white paper, capstone report, management advisory, or memorandum. The primary objective of an agile audit report for summarizing lessons learned is to consolidate knowledge and insights gained from previous audit work.

What Standards are Required When Performing Agile Oversight?

The standards, if any, your office is required to follow is dependent on the authorizing statues of your organization. Some may be required to follow Government Auditing Standards (e.g., the Yellow Book or GAGAS) but most probably do not have to as long as you are not referring to your work as an audit. There are also less intensive standards that you can follow like CIGIE’s Quality Standards for Inspections and Evaluations (e.g., the Blue Book) that some State OIGs have started to utilize and the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing (e.g., the Red Book).

For all agile products, it is recommended that the product include a standards policy statement indicating the standards (if any) under which the report was issued and that the work adheres to the professional standards of independence, due professional care, and quality assurance, following procedures to ensure the accuracy of the information presented. If you choose not to follow any formal standards (e.g., GAGAS, Silver Book, Blue Book, Red Book) it is recommended that you cite your authorizing legislation as the standard in which you performed your work. This approach provides flexibility while maintaining the integrity and reliability of the work produced.

Want to learn more about agile work products?

During our upcoming course on agile oversight, participants will learn how to overcome the challenges of performing agile audits under GAGAS using interactive exercises with classmates. Participants will be provided with job aides that are crucial in efficiently producing agile oversight products. Check out our course, Agile Oversight During Times of Crises!