AGILE INTERNAL AUDIT (IA)

Similar documents
Getting Comfortable with being Uncomfortable! Using Agile IA to transform your internal audit function. IIA New York - Agile Auditing May 18, 2018

Getting comfortable with being uncomfortable! Using Agile IA to transform your internal audit function. IIA Phoenix December 4, 2018

Getting Comfortable with being Uncomfortable! Using Agile IA to transform your internal audit function

Leveraging Agile with audits. SF IIA Fall Seminar November 30, 2018

Becoming agile A guide to elevating internal audit s performance and value. Part 1: Understanding agile internal audit

Auditing Agile projects Your grandfather s audit won t work here!

Transformation in the Internal Audit Function Neil White October 5, 2017

Becoming agile A guide to elevating Internal Audit s performance and value. Part 2: Putting Agile IA into action

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

DevSecOps Embedded Security Within the Hyper Agile Speed of DevOps

Becoming agile A guide to elevating internal audit s performance and value. Part 1: Understanding agile internal audit

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Modernizing compliance: Moving from value protection to value creation

Becoming agile A guide to elevating internal audit s performance and value. Part 1: Understanding agile internal audit

Adopting automation in internal audit Using robotic process automation and cognitive intelligence to fortify the third line of defense

Certified Team Coach (SA-CTC) Application - SAMPLE

Creating a Risk Intelligent Enterprise: Risk governance

Scrum Alliance Certified Team Coach SM (CTC) Application SAMPLE

A Guide to Critical Success Factors in Agile Delivery

Scrum Product Owner Course 03 - Roles and Responsibilities

Creating a Risk Intelligent Enterprise: Risk sensing

Talent Management and Leadership in the Mid-Market Charting a Course for Change

Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises

Deloitte Shared Services Conference 2018 Agile 101: delivering value using Agile Richard Barsby, Ashley Payne Rolls-Royce, Tom Bevan, Christina

AGILE Realities. Presenters: Chris Koo (Edward Jones) Blake Moyer (Edward Jones) Joan Romine (Boeing)

Scaled agile transformation case study

Collaboratively, we help our customers transform, evolve and become agile

Creating a Risk Intelligent Enterprise: Scenario planning and war-gaming

Operational Risk Management (#DOpsRisk) Solutions suite

BA25-Managing the Agile Product Development Life Cycle

PMI Agile Certified Practitioner (PMI-ACP) Duration: 48 Hours

CS314 Software Engineering Project Management

Best Practices for Enterprise Agile Transformation

Agile Program Management. Success through effective teaming

approach to successful project

This course will explore how your projects can easily and successfully make the transition to an effective Agile environment.

Western Australian Public Sector Reform The technology dimension of amalgamations

Agile Certified Professional

Adding insight to audit Transforming Internal Audit through data analytics

Creating an Agile PMO via Scrum

Scrum Alliance. Certified Scrum Professional-Product Owner Learning Objectives. Introduction

AGILE SOLUTIONS. Agile Basics

BUSINESS INSIGHTS. Making the Transformational Shift to Scrum

BUSINESS INSIGHTS > Making the Transformational Shift to Scrum

Deloitte s High-Impact HR Operating Model: Business HR. Deloitte Consulting LLP

Agile Software Development in a Regulated Environment. Natalie Custer

Scrum Team Roles and Functions

Bridging the Gap Between Governance and Agility. Mario E. Moreira

It can be done. Agile at Scale

Internal Audit. Providing Assurance Over Project Delivery. Chris Nugent Institute of Internal Audit - 11 March 2014

In-House Agile Training Offerings

Internal Audit Services. March 2017

Portfolio Management In An Agile World

AGILE LESSONS FROM THE NEW PMBOK. Presented by Eddie Merla, PMI-ACP, PMP

An Introduction to Scrum

Course Title: Planning and Managing Agile Projects

Physician Leadership Academy Lead the future of health care

Attend Learn Grow Taking Your Career to the Next Level. 4th Annual Professional Development Days! May th, 2018

Organizational Change Through Metrics

Agile Transformation In the Digital Age

Agile Essentials Track: Business Services

Certified Enterprise Coach (CEC) Application - SAMPLE

Becoming More Agile: How to Adopt Agile Development Methodology

Business Analyst and Product Owner Where do they meet & conflict? Cherifa Mansoura

Deloitte Leading Practices Solution for Utilities (DLeaPS-U) Empowering innovation at the core

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

Understanding employee engagement after a corporate acquisition A global communications company. EngagePath client spotlight

Extended Enterprise Risk Management

Internal Audit innovation Structured methods to unlock new value

How to Prepare for and Implement a Project Using Scrum

Child Welfare Services New System Project. Requirements Management Plan

Social Analytics in Media & Entertainment The three-minute guide


HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Introducing Enterprise Scrum for Business Agility: Scale Scrum from Single Teams to Whole Organizations

Innovating Performance Management Series Part 1: How Cisco is Activating Team Excellence with Data Stacia Sherman Garr Vice President, Bersin by

Innovating Performance Management Series Part 1: How Cisco is Activating Team Excellence with Data Stacia Sherman Garr Vice President, Bersin by

Johanna Rothman Part II Design and Manage an Agile and Lean Project Chapter 5 Start Your Agile Project Right. Copyright 2017

Agile Scrum Process Checklist

Watson Internet of Things. Agile Development Why requirements matter

Transforming Business Needs into Business Value. Path to Agility May 2013

Appointing, Assessing, and Compensating the Independent Auditor The Role of the Audit Committee

Agile Mindset (1/17/2019 for the Ocean State PMI)

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

Outsourcing transparency evolution

How to Utilize Agile Project Management for GIS Projects. Lana Tylka and Jennifer Prather

E-PROCUREMENT CHANGE MANAGEMENT

Maureen Weverka & Kathy Burnham Mutual of Omaha. November 9, Mutual of Omaha Insurance Company. All Rights Reserved.

Data Standards in Oil & Gas

High-Impact Talent Management in the Mid-Market November 30, 2016

Implementing a corporate legal process outsourcing solution. Key considerations before embarking on the legal service delivery transformation journey

Deloitte Accelerated Value: SaaS innovation for the digital core. Extending the potential of core systems, addressing tomorrow s needs

Embracing Opportunity Demands an Internal Audit Transformation

Quality Assessments what you need to know

Course Title: Agile for Business Analysts

The Customer CAN always be right Realizing Business Agility through Customer Collaboration

Paul Gorans, Agile Competency Lead, IBM GBS Federal Project Management Symposium

Introduction to Agile (Scrum)

Yes! Scrum did wonders beyond IT. Padma Satyamurthy

SEPTEMBER 2018 The Agile Team s Playbook to Doing Agile

Transcription:

AGILE INTERNAL AUDIT (IA) JENNIFER M. SCHWIERZKE MANAGING DIRECTOR UNITED AIRLINES Jennifer is a managing director in the Internal Audit department at United Airlines. She has responsibility for Finance, IT and Project Management. She began her career with United in 2006 and has held various positions of increasing responsibility within finance including Financial Planning & Analysis, Accounting, Cargo Accounting and Financial Reporting. PETE LOW SENIOR MANAGER DELOITTE & TOUCHE LLP Pete is a senior manager within the Deloitte Risk and Financial Advisory 1 practice. He has 22 years of experience providing internal audit, business and IT/Cyber risk advisory services to his clients. Pete has supported the rollout of agile techniques in IA projects and has spoken on other consumer products industry and IT/Cyber risk topics in the past. SALMAN MOHAMMED MANAGER DELOITTE & TOUCHE LLP Salman is a manager within the Deloitte Risk and Financial Advisory 1 practice. Salman serves on the team developing and rolling out Deloitte s Agile IA methodology globally. He is one of the national Agile IA trainers, has facilitated agile visioning labs with clients, and served as a coach on Agile IA pilot projects. 1 As used in this document, Deloitte Risk and Financial Advisory means Deloitte & Touche LLP, which provides audit and risk advisory services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. These entities are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

OBJECTIVES The objectives of this session are to: Provide baseline understanding of agile principles and its application to Internal Audit Share the practical experience of Agile internal auditing at United Airlines, including associated benefits and lessons learned Share additional Agile Internal Audit experiences, providing alternative approaches

TODAY'S JOURNEY What is Agile? How is Agile IA different? One size fits one United s journey Artifacts from pilot projects Brief history Agile manifesto Characteristics of Agile IA Perception vs. reality Traditional audit vs. Agile IA Effective team makeup Agile ceremonies United s challenge United s value proposition United s Agile approach Values / continuous improvement Audit canvas template Story mapping example Kanban board example Point of view example

WHAT IS AGILE?

BRIEF HISTORY What is Agile? A group of software development methods based on iterative and incremental design and production, where solutions evolve through collaboration between selforganizing, cross-functional teams. Agile is a re-think of the way teams go about completing tasks or larger initiatives Several Agile methods have been around since the 1990s and were united in 2001 by the Agile Manifesto Agile manages complexity, unpredictability and change through visibility, inspection, and adaptation Because Agile provides greater transparency and visibility to progress, it demands greater discipline than traditional approaches Traditional Waterfall Approach Agile Approach Discover Design Test Discover Sprint #1 Test Discover Sprint #2 Develop Test Develop Design Develop Design Copyright 2018 Deloitte Development LLC. All rights reserved.

AGILE MANIFESTO While there is value in the items on the right, Agile process values the items on the left more. Moreover, this manifesto can be applied to any industry. Individuals and interactions Insights Stakeholder collaboration Responding to change over over over over Process and procedures Comprehensive documentation Negotiation Following a plan Copyright 2018 Deloitte Development LLC. All rights reserved.

CHARACTERISTICS OF AGILE IA Increased communication Teamwork and collaboration Adaptability Self-organizing teams Characteristics of Agile IA Frequent deliveries of work Short time-boxed iterations Cross-functional teams Sustainable development Agile is iterative and allows teams to revisit current risks and reprioritize as a continual process for the audit both individual audits and the annual audit planning process. Internal Audit should transform to deliver on a broader set of expectations, providing assurance but also advising and anticipating risks. Allows IA to respond quickly to changing business needs Reduces the time between discovery and delivery of insights Builds the risk-specific insights the customer needs Avoids delivering insights without quality problems Meets business commitments by reprioritizing scope Copyright 2018 Deloitte Development LLC. All rights reserved.

HOW IS AGILE IA DIFFERENT?

PERCEPTION VS. REALITY Agile IA is perceived as In reality, Agile IA Anti-planning Enhances up-front planning Accelerates receipt of information Higher-order portfolio planning Less documentation Requirements are guided by professional standards Allows flexibility to define have to haves vs. want to haves More rework Tools for consistency Iterative delivery in smaller pieces Embeds quality assurance review One-size fits all Integrates delivery framework tailored to audit Applies test, learn, and adapt mentality Copyright 2018 Deloitte Development LLC. All rights reserved.

TRADITIONAL AUDIT VS. AGILE IA Traditional Audit Planning Fieldwork 8? weeks Review Reporting Am I losing money? What is going on? POV POV POV I am now more informed. Agile IA Planning 2 Weeks Sprint 1 Planning 2 Weeks Sprint 2 Planning 2 Weeks Sprint 3 Refocused I can react to and modify my plan based on the interim point of views. Story #1 Story #3 I have collaborated with the right individuals. Story #2 Story #4 Copyright 2018 Deloitte Development LLC. All rights reserved.

EFFECTIVE TEAM MAKE-UP Manage relationships communications with business executive stakeholders Champion the agile process in the department and organization Serve as a project escalation point Socialize and advocate Internal Audit s Agile approach to the business Primarily engages with: Business executives Key stakeholders Product owners Facilitates efforts in: Identifying projects Obtaining project approvals Project Champion Ensure the project team s alignment with business executives and project key stakeholders/point of contacts Set the direction/vision for the team Identify and prioritize the sprint backlog Assist in translating stakeholder needs into value/outcomes Product Owner Primarily engages with: Project champion Business executive Key stakeholders Scrum Master Facilitates efforts in: Audit canvassing Story mapping Definition of ready & done Backlog refinement Coach Conduct testing and validate results Identify, draft, and communicate project observations Develop iterative sprint deliverables Execute on the Product Owner s vision Attend and participate in all ceremonies Copyright 2018 Deloitte Development LLC. All rights reserved. Scrum Team Contribute in periodic stand-up meetings Primarily engages with: Scrum Master Day to day advisor to the team Agent of change for scrum teams Deliver agile knowledge Provide on-the-ground training Help bridge the gap between where the team is to where they could be during agile transition Scrum Master Facilitates team s identification of stories for sprints and breaks down stories Clear impediments and protect team from outside interruptions Drive tactical team-level improvement Manage relationship between the team, product owners and others outside the team Primarily engages with: Product owner Key stakeholders Scrum team Facilitates efforts in: Sprint planning Daily stand-up Sprint closing Sprint retrospective

AGILE CEREMONIES Agile Team Roles Project Champion Product Owner Scrum Master Scrum Member Agile Ceremonies Sprint Planning Daily Standup Sprint Review Retrospective Product Log Refinement Agile Artifacts Product Backlog Sprint Backlog Impediment List Burndown Chart Incremental Product Copyright 2018 Deloitte Development LLC. All rights reserved.

ONE SIZE FITS ONE UNITEDʼS JOURNEY

UNITED S CHALLENGE How do we enrich business partner collaboration and decrease long cycle times in completing audits to allow for more relevant/timely insights, greater business value, enhanced partnering to get to the right solutions, and improve the utilization and development of our Internal Audit resources?

UNITED S VALUE PROPOSITION

UNITED S APPROACH Agile tomorrow Prioritization Table stake risk development Engagement of senior leader(s) Audit canvas Consider analytics On-going reporting Continuous communication Draft observations Simplified workpapers Develop POV mindset to reported findings What is really different? Clearer outcomes (i.e., use of audit canvas) Early and continuous engagement with stakeholders Right documentation, less words, more ongoing communication Time and effort focused on the right things (i.e., value-driven insights) Timely redeployment based on risk Better result Empowered/engaged auditors How we started Completed Agile IA Boot Camp training with pilot project teams Piloted two Agile IA projects concurrently Leveraged Deloitte personnel as coaches to agile teams Each pilot project spanned approximately seven weeks encompassing three, twoweek sprints

PILOT PROJECTS RETROSPECTIVE VALUE CONTINUOUS IMPROVEMENT Timely and relevant solution development Transparency and accountability through self-serving teams Fit for purpose / clear direction through shorter feedback loop Committed sponsorship / emphasis to transform Transformations are successful with top-down leadership and teams will look to their leaders for adoption Dedicated resources Scrum teams should be able to dedicate at least 80% of their time to agile projects Stakeholder commitment Select stakeholders that are open to change and will be able to dedicate time to more collaboration upfront for pilot projects Empowered teams hurdling challenges Outcome-driven mindset aligned to risk and efficiency Iterative risk assessment accounting for changing needs Value a collaborative culture Agile relies on cross-functional teams that make decisions through collaboration Effectively convey Agile messaging Use terminology that stakeholders can relate to when rolling out agile audits to not overwhelm them Effective prioritization / adherence to time-box Successful auditors are those that know when to continue deep diving and when to stop

ARTIFACTS FROM PILOT PROJECTS

AUDIT CANVAS TEMPLATE 1 About the Business How does the business area align with the corporate strategy? What are the business s objectives? What are the risks to the business achieving its objectives? 5 Key Stakeholders Who is most concerned about the value of the project? Cross-functional: Who will be most impacted? Internal Audit Market Leader. 7 Project Scope What is needed to achieve the project objectives? What are the concludeable areas for the project? 2 Project Drivers Why is this project important to the business? Why is it on the audit plan? Drivers from the risk assessment? What is the value-add (relevance) to the enterprise? 3 Value Proposition What is the value of doing an Agile internal audit in this area? 4 Cross-Functional Impact Key IT systems/reports supporting and/or monitoring the business process? Compliance considerations? Financial reporting/impact? 6 Metrics/KPIs Key metrics used by the business to measure achievement of its objectives? What are the measures of success for the audit? Audit timeline and target dates?/number of findings?/business acceptance of findings? 8 Risk & Control Log Business risks and controls Identify and prioritize the sprint backlog Define project sprint timeframe? 9 CORE Project Team Key business owner: Finance/Operations/IT/Compliance/ International (as applicable): (RACI) Responsible, Influencer, Decision Maker, Need to be Informed Copyright 2018 Deloitte Development LLC. All rights reserved.

STORY MAPPING EXAMPLE Concludeable area: Identify misuse of adhoc pricing Concludeable area: Determine effectiveness of selected dispute resolution processes Feature Epic User stories Concludeable area: Prove/disprove certain drivers of cargo sale disputes Dispute analysis by station/sales agent Dispute analysis by customers Effectiveness of current traps Data analytics Process review Details left blank for illustrative example Story breakout Story breakout example User story: A user story is the basic unit of work representing some business value that can be delivered within a Sprint. It should have enough detail to enable the project team to make planning decisions and should be used to describe requirements for different personas As a cargo accounting manager I want to identify process gaps at the stations with the highest numbers of data capture So that I can understand and address the root cause of the disputes that result. As a cargo accounting manager I want the audit team to run analytics tests to inform me of total dispute data by origin station and identify the stations with highest $/volume of disputes (based on reason code) So that I can select a sample that appear to have systemic errors and facilitate a root cause analysis. As an audit team member I want to confirm all the relevant data has been mined from its respective systems, cleansed and prepared So that I can analyze the data to identify the stations with the highest volume of disputes caused by data capture errors

KANBAN BOARD EXAMPLE A Kanban board is often used to visualize the progress of an audit scrum team, but does not remove the need for audit scrum roles, ceremonies or process.

POINT OF VIEW TEMPLATE Project POV: This is the space for the project-level POV; which is determined at the start of the project, updated throughout and finalized at the end based on project learnings. The project-level POV should connect with the strategic objectives. 4 Rating Fill in color Sprint POV 3 1 2 3 Sprint POV 4 What did we learn based on the hypothesis? How does what you learned influence the project-level POV? What did we learn based on the hypothesis? How does what you learned influence the project-level POV? Sprint POV 2 What did we learn based on the hypothesis? How does what you learned influence the project-level POV? Sprint POV 1 What did we learn based on the hypothesis? How does what you learned influence the projectlevel POV? Summary observations, impact, and management action plans (MAPs) Observation Impact MAP Rating Summary sentence of the issue (including applicable control breakdown) based on the results of the review Summary sentence of the issue (including applicable control breakdown) based on the results of the review Summary sentence of the issue (including applicable control breakdown) based on the results of the review Summary sentence of realistic impact/risk if the issue noted persists. Summary sentence of realistic impact/risk if the issue noted persists. Summary sentence of realistic impact/risk if the issue noted persists. Summary sentence capturing the essence of management s planned action. Sept 2017 Summary sentence capturing the essence of management s planned action. Oct 2017 Summary sentence capturing the essence of management s planned action. Nov 2017 Identify applicable strategic objective Connect the POV to strategic objective Rating: High Moderate Copyright 2018 Deloitte Development LLC. All rights reserved.

THIS PRESENTATION CONTAINS GENERAL INFORMATION ONLY AND DELOITTE AND UNITED ARE NOT, BY MEANS OF THIS PRESENTATION, RENDERING ACCOUNTING, BUSINESS, FINANCIAL, INVESTMENT, LEGAL, TAX, OR OTHER PROFESSIONAL ADVICE OR SERVICES. THIS PRESENTATION IS NOT A SUBSTITUTE FOR SUCH PROFESSIONAL ADVICE OR SERVICES, NOR SHOULD IT BE USED AS A BASIS FOR ANY DECISION OR ACTION THAT MAY AFFECT YOUR BUSINESS. BEFORE MAKING ANY DECISION OR TAKING ANY ACTION THAT MAY AFFECT YOUR BUSINESS, YOU SHOULD CONSULT A QUALIFIED PROFESSIONAL ADVISOR. DELOITTE AND UNITED SHALL NOT BE RESPONSIBLE FOR ANY LOSS SUSTAINED BY ANY PERSON WHO RELIES ON THIS PRESENTATION.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback