can influence the organization, so it supports Agile auditing. You will learn about the influence a Grateful Agile Leader can have on the organization's culture and the Agile team. You will also learn what the ideal conditions for Agile auditing are.
Chapter 18: Passing Your Quality Assessment Review (QAR) in an Agile Audit Environment discusses the four areas of most concern regarding your QAR when implementing Agile auditing (independence and objectivity, planning, documentation, and supervision). It also provides an overview of the standards used for the three types of audits covered in this book.
In Chapter 19: Nuggets for Agile Audit Success, you are encouraged to summarize your new or refreshed knowledge from the book and identify your nuggets (which can be anything meaningful to you: an idea, a question, something to research later, something to tell someone else, an aha moment, or even a thought related to the content discussed). This chapter provides 10 nuggets for Agile auditing success.
Appendix A: Glossary of Terms, provides definitions of key words, concepts, and notes provided in this book.
Appendix B: Product Backlog Template, includes the business risks (with likelihood/impact assessments), value proposition, cross‐functional dependencies and relationships to other risks, priority or projected date for the completed audit, resource requirement estimates, and an estimate of the effort to complete the Agile audit.
Appendix C: Agile Audit Example. This example consists of the Agile Audit time‐lapse activities conducted during a one‐week period for an Agile audit of remediation activities for a Security/Access Controls audit finding: Deficiencies in the user provisioning process for terminations.
Bibliography. Our journey as we wrote this book included reading over 100 books, reports, scholarly and trade journals, white papers, articles, interviews, and research papers on Agile, Agile frameworks, and Agile methodologies. The Bibliography includes references to many of the learning and discovery aids we have used in this book. We encourage our readers to seek these references, as well as many more.
Good luck, and let's start your Agile auditing journey.
CHAPTER 1 What Is Agile?
AGILE IS A FRAMEWORK
It felt like a no‐brainer to answer this question, as we set our sights on publishing a book on Agile auditing. Through discovery, we found that Agile has different meanings depending on your view and approach. When you develop and work with Agile, it's vital that you describe what Agile is and what it means.
Authors of other Agile publications describe it as a mindset or a methodology. Agile, for example, in Rick Wright's Agile Auditing: Transforming the Internal Audit Process (Wright 2019), he uses big “A” and little “a” to distinguish between doing Agile and being agile. Used as a noun, Wright refers to the big “A” as doing Agile internal auditing using software development methodologies. Wright's little “a,” used as a verb, describes, in general, process improvement efforts (exclusive of specific methodology) to achieve a nimbler, less wasteful process. Big “A” is essentially the technical aspect of completing an audit. Little “a” is the thinking behind being agile. Being agile is as unique to an organization as your DNA is to you. To do Agile well, you must be agile, so from here on we make no distinction between being Agile and doing Agile. Agile is both a mindset and a framework. We hope that your organization, including your audit team, will demonstrate business agility using Agile methods. Agile organizations identify changes and risks from internal and external sources, respond to those changes promptly and appropriately, deliver value to their customers, and remain sustainable. While this book is a framework providing options to implement Agile auditing, we've also provided various “recipes” with step‐by‐step examples of how to implement the framework. These recipes are as close as we get to prescribing a methodology. Remember, the recipes and the case studies provided in the text are just examples!
Agile is not a methodology itself in any discipline. It is a philosophy, a mindset, or a way of thinking to get stuff done faster based on the interests of identified customers.
It is important to note that Agile is not a methodology itself in any discipline. It is a philosophy, a mindset, or a way of thinking to get stuff done faster based on the interests of identified customers. The roots of Agile as a philosophy originated in software development. It was software developers who combined existing frameworks to create the Agile movement to complete software development projects faster. You can think of Agile as an umbrella term for a set of different frameworks and practices all based on the original software development values and principles. These values are expressed in the “Manifesto for Agile Software Development,” and the 12 principles as fashioned by the Agile Alliance are presented later in this chapter. Another key thought is that Agile methods are people‐oriented rather than process‐oriented. In Agile, people come first and people complete projects. Conversely, conventional project management and software development methods, such as waterfall, are process‐oriented.
Before we continue describing Agile, we want to clarify that there is a time and place for traditional conventional project management methods, such as waterfall. For example, certain mandatory compliance audits with repeated processes year after year might benefit from a waterfall process‐oriented approach. As a matter of fact, although there appears to be a mass adoption of various Agile methodologies in many organizations, there are still many that continue to use conventional methods successfully. We have also seen organizations transition into a hybrid Agile approach that combines aspects of both Agile and waterfall. Our Agile framework was developed specifically to help address common problems that arise when completing all audits using the traditional methodologies (i.e., waterfall).
DEFINITIONS OF AGILE
Agile is an approach to project management based on a set of values and principles. [The Agile approach] breaks projects into smaller, incremental deliverables that go through repeated iterations to focus on customers' needs and interests. It promotes adaptive planning, early delivery, frequent inspections, continuous improvement, and flexibility to respond to change (Catlin 2020).
Agile means quick, easy, and nimble. In business, it's a way of thinking, a way of working that is increasingly part of how many of the most successful companies work (Cazaly 2017).
Agile is the ability to move quickly and easily in response to your environment. To be Agile, you must be alert to your situations, and you must be flexible, nimble, and adaptable (Catlin 2014).
Agile is a lightweight software development method that aims to be more efficient than traditional, plan‐driven development models. Agile seeks to do more with less:
More team‐level decision‐making
Faster development time
Faster response to shifting customer demands
Faster problem solving
More customer satisfaction
Smaller teams
Less expense
Less wasted effort
Fewer features in the end product that either don't work or are never used (Mathis 2013)
As these definitions show, Agile is more than a project management tool, more than a mindset, more than an ability to be nimble and responsive, and more than a method to get things done. Table 1.1 contrasts three different views of Agile (LeMay 2018).
To