I confess to you that I am not very adept at accepting as "good or
appropriate" everything that presents itself as a solution in the field of
management, without a deep study and much reflection on how this new concept
can improve management.
In this article I will deal with the application of agile or agile
methodology in the internal audit activity. How it can help the internal
auditor eliminate waste of time and increase its efficiency without affecting
the quality of delivery.
First, we need to know how this theme came about. In 2001, seventeen professional
software development experts gathered at Snowbird sky resort in the Mountains
of Wasatch, Utah to, as Jeff Sutherland, co-creator of Scrum, says, "discussing
ways to improve his work processes, which was slow, unpredictable and often did
not result in a product that people wanted." From this meeting came MASD – Manifest
for agile software development, which brings together the values and principles
so that there is greater agility in software development.
Briefly, the goal contained in MASD is to ensure the highest degree of customer
service and satisfaction through fast and continuous deliveries.
For this are necessary: Competent and motivated people, good documentation,
clarity of what customers want or need, planning flexibly, cooperation to find
better solution, self-organizing teams, communication at intervals regular and
simplicity.
Note that this manifest works in the field of ideas, and in this way, we
can affirm that Agile is not a methodology, either is a "framework"
or much less a process. Agile is a set of values and principles that allow the
team to make decisions that make their activity more efficient and
effective.
Agile is not a product that you can buy, it is a working style. You work
nimbly or do not work nimbly.
Some tools and practices can be used and adapted to increase agility in the
software development process, such as: Scrum, Crystal Clear, extreme
programming, adaptive software development, and others.
Each one of these tools and/or permit practices will the team work more
quickly. The choice of the tool or practice that the group will apply will
depend on your need and the nature of your activity.
The question now is how can all this be applied in an internal audit job? Or
could we ask if it is possible to use MASD principles and values in an internal
audit work?
The answer is positive for the second question above, internal audit can
rely on the values and principles of MASD to develop its work, not least because the audit activities that
operate in accordance with international professional practices, already seek
to reduce the waste of maximum time, controlling the resources spent and
measuring its performance with the results delivered to the corporation. Now,
to be able to answer the first question, we need to review some concepts that should
be present in an internal audit work.
We know that internal or external audit activity is standardized, there are
rules of good practice that must be observed to the detriment of any other type
of requirement. For this article I will be based on the international framework
for professional internal audit practices - IPPFs, promulgated by the IIA -
International Internal Auditors Institute.
The IPPFs conceptualize that the mission of internal auditing is:
“Increase and protect organizational value, providing risk-based assessment (assurance), advisory and knowledge (insight).”
According to these audit standards, we understand that internal auditing
fulfills its mission by performing, objectively and independently, risk
management assessment works, internal control system and governance, using a
systemic and disciplined process, which allows internal auditing to adds to the
corporation, increasing its ability to achieve its objectives.
This systemic and disciplined process, which is mentioned in the definition
of internal audit, we call “audit work methodology”, which should always be
applied based on the risks of the assessed object or process, and in accordance
with the auditing standards , specifically with the performance standards,
those starting with the number 2000, included in the IPPFs.
Basically, this audit work methodology consists of three basic steps:
Planning, execution and communication.
Each of these steps is subdivided into phases, which can be adapted
depending on the nature of the audit, i.e. operational (performance),
compliance, or regularity and accounting.
Let's look at the audit methodology, its stages and its phases, in the
figure below:
I can say that to be agile in auditing, is to achieve the
objectives of the work, in the shortest possible time, without prejudice to the
compliance with the audit rules, and without prejudice to the quality of the
audit delivery.
Note that this approach is nothing new, in reality this
should be the concern of any auditor who is proficient in the application of
the standards, procedures and audit techniques.
So how can we use the MASD values and principle to make
internal auditing more agile?
First, it is
important that there is a team, as it will not work without a “team”, since
being agile requires the performance of activities simultaneously and not in a
cascade, as in the case of using the SCRUM methodology
Well, since we
are talking about SCRUM, I think this is a methodology that fits for internal
audit work. This term comes from an article published in 1986 in Harvard
Business Review by two professors, Hirotaka Takeuchi and Ikujiro Nonaka, who
verified that the best teams acted as if they were on a rugby team doing a
scrum, where the team advances in unity and the ball is passed between the
team, as it advances. In 1993 Jeff Sutherland and Ken Schwaber perfected their
application.
Another tool
that can be used is the Kanban system, a system of Japanese management theory,
which simplistically controls the progress of a process through cards. It can
be used as a tool to control sprints, also known as “time windows”.
"Sprint" in the English language means "going full speed for a
short period of time".
In a practical
and simple way, the eight points below, summarize my suggestion for applying
the values and principles of MASD in the audit activity, using scrum and
kanban:
1
- Define an auditor in charge, who will have a complete view of the work and act as a facilitator, helping the team to eliminate anything that might slow the work down. Remember that he is also responsible for overseeing and reviewing the team’s working roles,
- For the selection of the team, the skills and competencies necessary to evaluate the audited process or object must be taken into account, in addition to that, they must be proficient professionals in the application of the auditing techniques and procedures in accordance with the auditing standards. The team must have a complete view of the process to be performed, including on the delivery of the audit,
- To exemplify, we will take as a base the planning stage for applying the scrum. This stage is formed by 4 distinct phases, but that somehow, part of them, can be performed concurrently. Let's see the phases:
a. planning memo,
b. Mapping
c. construction of matrix,
d. elaboration of the work program.
Remembering that only after the work program is finalized and approved can we proceed to the execution stage
- In this planning stage, my suggestion is to work with two sprints, the first being for the preparation of the planning memorandum, process mapping and construction of the risk matrix. The second sprint will work on the control matrix, the alignment matrix and the audit program.
- Each sprint can have a duration of 1 or 2 weeks and the team must hold quick daily meetings (situational meetings) so that the team knows the progress of the work, and if necessary, adjust any item that may be demanding more time than the estimated. At this point it is very important to plan and estimate time in a feasible way, not a fiction.
- The work must be visible to everyone, and one way to do this is to create a table with three columns: "To do", "Doing" and "Done". Use cards or post-it for the activities that must be performed, moving them as the work is being performed.
- In daily meetings, team members must answer three basic questions:
a. What was done to help the team complete the sprint?
b. What will be done today to help the team complete the sprint?
c. Is there an obstacle that is preventing the team from completing the
sprint?
This meeting helps the team to know exactly where the work is, creating the
opportunity to help each other, since the team is autonomous to make the
necessary decisions to comply with the sprint on the agreed date, with its
delivery in quality. required.
These points,
mainly, from item 3 to item 8, must be performed for all stages of the work
(planning, execution and communication), sequentially and without exception. of
course, this process can, or better, be adapted to improve the execution of the
activities of each stage.
Like any other
management activity, continuous improvement is an integral part of the audit
activity, whether applying MASD values and principles, or not.
And it could not
be otherwise because this process to increase the agility of audit activities,
is a cycle, and as such, it must be improved through feedbacks. A good way to
work this feedback process is with the use of the Deming cycle, also known as
the PDCA cycle, where every cycle completed, improvements must be made to
improve the audit activities.
In terms of the
working role, in addition to those already in place for the application of the
audit methodology, one must be added that will assist the audit team in
carrying out a cash management, a document that will provide an objective view
of the sprint situation in daily meetings.
Let's look at a
suggested working role to control each of the sprints:
I do not intend this article to be a final position,
quite the contrary, my expectation is that it will offer you the chance to
reflect on how to make the internal audit activity agile, without
mystification, in a simple and objective way.
Be happy!
Eduardo Pardini & Wendel Calil
0 comentários:
Postar um comentário