top of page
  • Ali Hasany

Enhancing IT Auditing through Agile Controls and Governance

Agile Auditing is still a new phenomenon and very different and every one is talking about although it is a popular term in IT.


Lets explore one by one...


Top 5 key steps to perform Agile Auditing


1. Agile principles and practices

Before delving into the specifics of agile controls and governance, it's crucial to grasp the fundamental principles and practices of the agile methodology. 


Agile is centred around four values:

  • Prioritising individuals and interactions over processes and tools;

  • Favouring functional software over comprehensive documentation;

  • Emphasising customer collaboration over contract negotiation; and

  • Being responsive to change rather than following an unalterable plan.  


These principles direct agile teams in producing functional software within brief iterations known as sprints, while being adaptable to evolving needs and feedback. 


Agile teams apply different methodologies like Scrum, Kanban, or XP to structure their activities, communication and teamwork.


2. Agile controls and governance

Agile controls and governance guarantee compliance with specific protocols, norms, and expectations for IT projects. Internal and external controls are composed of :

  • Policies and procedures,

  • roles, responsibilities,

  • Risk management,

  • Quality assurance,

  • Security,

  • Compliance and

  • Reporting.


The purpose of agile controls and governance is to promote transparency, accountability, and alignment amongst agile teams and stakeholders, whilst also allowing for flexibility and innovation.  


Agile controls and governance should be customised to the particular context, scope, and aims of every IT project, and should undergo regular review and updating.


3. Agile auditing objectives and scope

As an IT auditor, our primary goal is to guarantee that the agile teams are producing high-quality software that satisfies the stakeholders' requirements and expectations, and that the agile controls and governance are satisfactory and efficient.  


To achieve this objective, it is necessary to establish the extent and requirements of your agile audit, considering the characteristics, size, and intricacies of the IT project, as well as the appropriate standards, regulations, and best practices.


It is also essential to factor in the potential advantages and drawbacks of agile methodology, including enhanced collaboration, accelerated delivery, customer contentment, technical obligations, scope expansion, and security infringements.


4 Agile Audit Approach and Techniques

To conduct an agile audit, you should adopt an agile mindset and approach that aligns with the way agile teams work.


This involves being adaptable, cooperative, and receptive while employing different techniques and tools to gather and scrutinize evidence. 


During the audit, you must attend agile ceremonies to monitor the team's progress, communication, and feedback such as

  • sprint planning,

  • daily stand-up,

  • sprint review, and

  • sprint retrospective.


Agile Auditing Cycle through Sprint Cycle
Agile Auditing

In order to ensure the quality and completeness of software requirements, design, development, and testing, it is beneficial to review agile artifacts such as:


  • user stories,

  • acceptance criteria,

  • product backlog,

  • sprint backlog,

  • burndown chart,

  • and definition of done.

Additionally, it is important to interview agile team members and stakeholders, to better understand their roles, responsibilities, expectations, and satisfaction including:


  • product owner,

  • scrum master,

  • developers,

  • testers,

  • customers, and

  • sponsors.


In addition, evaluating the software quality and value can be achieved by conducting walkthroughs and testing the functionality, performance, usability, security and compliance.


Automated tools like Jira, Trello can be employed to track the team's productivity, progress, issues and metrics.


5. Agile auditing challenges and solutions

Agile auditing can be challenging for IT auditors accustomed to traditional or waterfall IT project management and auditing practices. Common challenges include.


  • Inadequate documentation,

  • Formal controls, and

  • Auditability. 


To overcome these challenges, IT auditors should rely more on conducting observations, interviews, walkthroughs, and testing.


They should also familiarize themselves with agile principles and practices, evaluate agile controls and governance, and adopt a continuous or iterative audit approach. 


Consistency in the use of metrics and units should also be maintained. 


Performing these actions can aid in verifying the software requirements, design, development, and testing; assessing compliance, risk management, quality assurance, and security; and planning, executing, and reporting on their agile audit.


Thanks for reading...

11 views0 comments
bottom of page