A Simple Strategy for Agile Auditing

Field: Auditing | Delivery Method: Self Study | CPE Hours: 0.25

A Simple Strategy for Agile Auditing

By Toby DeRoche
Identifying and mitigating emerging risks has become increasingly critical over the past few years. If you are not familiar with the term, emerging risks seem to come out of nowhere, or it could be risks you know about that suddenly blow up into something much bigger than before. Climate change is an example we can all see. The western US has dealt with drought in the past, but now lakes and rivers are drying out completely, something we have never seen before. In the business world, anticipating emerging risks is extremely difficult, and it’s a never-ending task. I have found an effective strategy for addressing emerging risks to adopt an agile mindset that focuses on addressing management’s most urgent risks through frequent risk assessment and true risk-based auditing. In my new book, Agile Audit: Transformation and Beyond, I describe in detail the benefits and implementation process for agile auditing. For now, I want to show you how to adopt an agile approach using a two-part strategy.

Two-Part Strategy for Auditing Emerging Risks

The first part of the strategy is to complete more frequent risk assessments. Realistically, you cannot predict what will be the most important risks to management beyond the next quarter, so stop trying. I have found that a quarterly assessment with real-time updates works best in most cases. To make this work, you cannot stick with face-to-face meetings as the only method you use to gather information. Instead, you need to rely on technology to either gather internal systems data or facilitate risk surveys and self-assessments.
The second part of this strategy is to only audit what matters. This means that your risk assessment should be done at the risk level, not at the entity or process level. Then we can move directly into an audit focusing only on the high-priority risks and the related controls. Looking at full processes may be great for making the organization more efficient, but that is not where we can add the most value. To benefit the company, we need to audit the risks that can damage the organization. We are unlikely to have enough time to spend on low-risk areas just with the hope of efficiency gains.

Start Your Agile Transformation Now

An agile approach to audit planning and execution allows internal auditors to make decisions more frequently to ensure we audit what matters most. Transitioning to an agile approach in internal audit is a natural progression in our evolution as a profession. Many others have made this move already with great success. Now is the right time to consider this modernization for your team too.

Agile Audit Resources: Certificates/Certifications:


To receive CPE for reading this article: "Enroll in Course for FREE" below.


© 2025 Toby DeRoche, and published with author permission. The opinions expressed here are solely those of the author and do not represent the opinions of the cRisk Academy®.


 

Your Instructor


Toby DeRoche
Toby DeRoche

Toby DeRoche is a Certified Internal Auditor (CIA) who holds an MBA with an Internal Audit specialization from Louisiana State University. He is also certified in Control Self-Assessment (CCSA), Risk Management Assurance (CRMA), Internal Control (CICA), Fraud Examination (CFE), and he is a SAFe 5 Agilist (SA).


His professional background includes identification and documentation of weaknesses that result in heightened business risk, while recommending solutions to such situations. Toby began his career in internal audit with Macy's Inc. He then worked as an implementation and training consultant for Wolters Kluwer. As a Solution Consulting Manager at Wolters Kluwer, Toby works with organizations that are looking for software solutions to their audit, risk and compliance needs. Throughout his career, Toby has assisted numerous internal audit departments create, perform, and supervise financial, operational, and compliance audits to evaluate control frameworks, financial systems and operating procedures.


Toby is also an experienced author and presenter, having delivered over 50 continuing education presentations to audit, risk, and fraud professionals.

https://www.insightcpe.com/


Course Curriculum


  A Simple Strategy for Agile Auditing
Available in days
days after you enroll

Frequently Asked Questions


When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.

Get started now!