A Simple Strategy for Agile Auditing

Field: Auditing | Delivery Method: Self Study | CPE Hours: 0.25

A Simple Strategy for Agile Auditing

By Toby DeRoche
Identifying and mitigating emerging risks has become increasingly critical over the past few years. If you are not familiar with the term, emerging risks seem to come out of nowhere, or it could be risks you know about that suddenly blow up into something much bigger than before. Climate change is an example we can all see. The western US has dealt with drought in the past, but now lakes and rivers are drying out completely, something we have never seen before. In the business world, anticipating emerging risks is extremely difficult, and it’s a never-ending task. I have found an effective strategy for addressing emerging risks to adopt an agile mindset that focuses on addressing management’s most urgent risks through frequent risk assessment and true risk-based auditing. In my new book, Agile Audit: Transformation and Beyond, I describe in detail the benefits and implementation process for agile auditing. For now, I want to show you how to adopt an agile approach using a two-part strategy.

Two-Part Strategy for Auditing Emerging Risks

The first part of the strategy is to complete more frequent risk assessments. Realistically, you cannot predict what will be the most important risks to management beyond the next quarter, so stop trying. I have found that a quarterly assessment with real-time updates works best in most cases. To make this work, you cannot stick with face-to-face meetings as the only method you use to gather information. Instead, you need to rely on technology to either gather internal systems data or facilitate risk surveys and self-assessments.
The second part of this strategy is to only audit what matters. This means that your risk assessment should be done at the risk level, not at the entity or process level. Then we can move directly into an audit focusing only on the high-priority risks and the related controls. Looking at full processes may be great for making the organization more efficient, but that is not where we can add the most value. To benefit the company, we need to audit the risks that can damage the organization. We are unlikely to have enough time to spend on low-risk areas just with the hope of efficiency gains.

Start Your Agile Transformation Now

An agile approach to audit planning and execution allows internal auditors to make decisions more frequently to ensure we audit what matters most. Transitioning to an agile approach in internal audit is a natural progression in our evolution as a profession. Many others have made this move already with great success. Now is the right time to consider this modernization for your team too.

Agile Audit Resources: Certificates/Certifications:


To receive CPE for reading this article: "Enroll in Course for FREE" below.


© 2025 Toby DeRoche, and published with author permission. The opinions expressed here are solely those of the author and do not represent the opinions of the cRisk Academy®.


 

Your Instructor


Toby DeRoche
Toby DeRoche

Toby DeRoche is a bestselling business writer, highly credentialed governance professional, and entrepreneur. Toby has combined his background in English Literature, an MBA, and over 20 years of business experience by authoring more than 250 business thought leadership blogs for industry leaders across the U.S., Canada, and Europe, several of which have been featured in Forbes Business. He has also written 16 whitepapers and four books, including Agile Audit: Transformation and Beyond, Only Audit What Matters (an Amazon bestseller), Modernize Your Audit Department, and Not Yet: A Warming Tale About My Neighborhood, and he contributed two chapters to the 28th edition of ISACA's CISA Review Manual as an IT control subject matter expert.


Certifications:

  • Certified Internal Auditor (CIA)
  • Certified Information Systems Auditor (CISA)
  • Certified in Cybersecurity (CC)
  • Certified Agile Auditor Professional (cAAP)
  • Certified Agile Auditor Professional - Scrum Master (cAAP-SM)
  • Certified Fraud Examiner (CFE)
  • Certified in Risk Management Assurance (CRMA)
  • Certified in Control Self-Assessment (CCSA)


In 2019, he founded Insight CPE, a company focused on continuing education for audit, risk, and fraud professionals. Through this platform, he has delivered over 130 custom training programs and presentations, including the CyberControl System and the Certified Agile Audit Professional.


Today, Toby continues to write, consult, and coach, primarily working with organizations to enhance their governance and cybersecurity practices, combining strategic insight with practical solutions. Outside of work, Toby enjoys spending time with his wife and son, whether enjoying the outdoors or watching movies together.

https://www.insightcpe.com/


Course Curriculum


  A Simple Strategy for Agile Auditing
Available in days
days after you enroll

Frequently Asked Questions


When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.

Get started now!