In Part 1, we outlined our thoughts regarding traditional audit methodologies and documentation requirements, and said that those are being adapted by IA functions that want to remain relevant. We also mentioned our experience with a project that adopted a prototyping approach, rather than the traditional waterfall-style (the latter is roughly how audits are currently structured - e.g. plan, scope, execute, report).
Let's now look briefly at how the prototyping approach changed our delivery outcomes, the project admin/tracking mechanism and then some initial thoughts on application to IA.
We had 12 weeks to deliver a proof of concept. Here is how the project progressed:
With a traditional waterfall approach, all requirements are gathered first and the other activities follow in sequence, with limited ability to effectively adjust as the project progresses. The first draft deliverable would be available sometime after week 7, when testing commenced, with the final set of deliverables produced at the end of the project.
Something like this:
The program team that we were working with suggested an alternate approach, involving six 2-week sprints. This meant that we would deliver some functionality during each fortnight, then add more functionality for the next sprint, iteratively.
So the project looked more like this (imagine a further equivalent 6 weeks at the end):
How did this enable us to deliver more than we would have?
What about project admin/tracking?
The program team selected Trello - there are many alternates, but it's the concept that we liked. No heavy project management software with detailed Gantt charts, etc.
Having been forced to use traditional project management tools on other projects, with limited benefit and significant overhead, this was a welcome change and worked for us.
It looked something like this:
Application to Internal Audit?
The benefits of such an approach have been discussed at length, so we won't go into that, but can this be applied to an internal audit?
We think that the iterative approach, combined with a lightweight enabling tool, can enhance IA's delivery of value, by:
Will this work for your Internal Audits? Do you already do this?