Agile auditing in an IT project environment

Our Agile Internal Audit Journey article series began with Agile auditing: transforming internal audit to add greater value, where we discussed the role of internal audit, introduced the history of agile, addressed common misconceptions about agile auditing and set the baseline for the journey ahead. In the second article we explored applying the Agile manifesto and principles to internal audit. Then, we discussed Scrum, Kanban and agile project management methods applied to internal audit. In this article, we will build upon the information covered in the first three articles and explore benefits to performing internal audits of information technology (IT) environments that utilize agile principles and methods. Additionally, we’ll discuss audit considerations that should be assessed when performing system development life cycle (SDLC) reviews of agile IT environments.

The Agile Manifesto has transformed the way we do business and perform software development audits –  for the better. The Agile Manifesto, born out of frustration from IT project management teams, has been enhanced and expanded to apply to almost any business process or function. Agile principles are widely adopted in project teams as an effective tool for software development because they provide a viable alternative to traditional documentation-driven, heavyweight SDLCs. Agile principles have improved development team effectiveness by removing impediments to solution building.

In taking an agile approach to developing software, IT teams are more nimble. They can focus on responding to changing internal and external stakeholder needs while delivering software solutions to the market faster, in smaller increments. From an audit perspective, Agile has introduced advantages to the SCLC that has improved the transparency of tasks being performed and interactions between IT departments and the rest of the business. Controls-driven agile implementations in IT departments have introduced several benefits to internal auditors in performing assessments of project outcomes.