Agile Auditing. Raven Catlin
is the proud mother of an 11‐year‐old aspiring actress, Carmen, two ferrets, two horses, one hedgehog, and an adorable Maltese, Pepper Sugar Spice. In her spare time, she enjoys cooking, island hopping, creating and tending a productive, though at times struggling, vegetable garden (a COVID‐19 inspired hobby), rollerblading, bicycling, horseback riding, world‐traveling, and tapping into her inner child at amusement parks (especially Walt Disney World). Her greatest joys are spending time with her family, making memories, and sharing knowledge with anyone who will listen.
CECILIANA WATKINS
Ceciliana (also known as Cecilia) has over 25 years of knowledge, leading multiple projects and performing a variety of audits from sales and use tax to internal audits including compliance, operational, and performance. Ceciliana's proficiency in internal audit and risk management involves directing, leading, and performing a wide range of audit, consulting, and advisory services. She helped her organization with governance, risk, and compliance by providing value‐added solutions to complex business processes and systems. She retired from state service having last served as the manager for the internal audit division for a state government agency that employed over 4,800 staff. She incorporates her hands‐on experience in risk management and government audit with her life experiences to help clients forge logical solutions to daily problems. She thrives on exploring opportunities to increase process efficiency and constantly looks for innovative and creative strategies to lead others in conducting effective audits better and faster. She is fully dedicated to the principle of continuous improvement, as shown through her obsession with nonfiction books, specifically on auditing and anything related to auditing including risk management and data analytics.
In addition to being the first facilitator to expand the Raven Global Training, LLC, instructor team in 2015, she has also been a faculty member in Boston University's Administrative Sciences department, where she has served as a course facilitator for the online Business Master's program, including the Business Analytics Foundation course.
As the project manager for her agency's enterprise risk management (ERM) initiative, she facilitated creation, development, and implementation of their risk assessment methodologies. Moreover, she successfully reengineered the internal audit program using the Agile auditing approach by identifying, evaluating, and implementing changes to each step in the audit life cycle, standardizing audit templates, and developing and documenting policies and procedures, which culminated in a comprehensive audit manual. The Agile audit reengineering project resulted in greater efficiencies in audit performance, increased productivity, and improved quality and timeliness of audits using a risk‐focused Lean audit approach. This approach also provided the flexibility to adapt each audit as needed. Many mistakes were made through the project. However, the lessons learned have been invaluable to the development of the Agile audit framework.
Ceciliana graduated with her Master of Science in Business Continuity, Security, and Risk Management (receiving the “Excellence in Graduate Studies” honor) from Boston University in May 2016, and her BSBA in Accounting from California Polytechnic State University in 1992. She also holds a Graduate Certificate in Risk Management and Business Continuity from Boston University and a Master's Certificate in Applied Project Management from Villanova University. Ceciliana is a Certified Project Management Professional (PMP), a Certified Internal Auditor (CIA), a Certified Information Systems Auditor (CISA), a Certified Government Audit Professional (CGAP), a Certification in Risk Management Assurance (CRMA), and holds a Certificate as a Scrum Team Member (endorsed by Scrum Inc. and Dr. Jeff Sutherland, co‐creator of Scrum).
Ceciliana is married to the love of her life, Pheary, and lives near Sacramento, California. She enjoys surfing, paddleboarding, reading, cooking, dancing, gardening, and landscaping. She is a salsa master and a Zumba dance aficionada. Ceciliana constantly applies her knowledge of project management, risk management, auditing, and Agile frameworks to her everyday life – take, for example, one of her largest landscaping projects, which was laying over 10,000 pounds of custom‐built concrete pavers in preparation for her terrific child, Helm, and wonderful daughter‐in‐love, Nikkole (yes, “daughter‐in‐love,” as their relationship is much more than what is required by law). This entire project was completed in just under two months using the Agile methodology. The Agile team was a crew of six family members – all part of the wedding party! They made use of a Scrum Board with the headings “Backlog,” “To Do,” “In Process,” “Verified,” and “Done.” Each Team Member signed up for different user stories in the Backlog (tasks), and proceeded to go from To‐Do to Done (Done = Ta‐Dah!). Ceciliana's greatest joys are also spending time with her family, learning new concepts and skills, experimenting with new techniques (including raising chickens and worms), and sharing her newly attained knowledge with everyone she can.
Finally, Ceciliana is the founder and CEO of Team Oriented Solutions, an innovative organization of trained professionals with one dream: Make the world a better place by providing world‐class education, training, facilitation, and coaching services to businesses around the globe.
Introduction
Agile auditing is perfect for all types of audits across any industry. As Agile audit grows in popularity, different Agile audit methodologies develop. From our point of view, Agile auditing is a framework, not a methodology. The Agile audit framework presented in this book can be used to develop your Agile audit methodology (as indicated in the Preface). There are five critical differences in our Agile audit framework that are distinct from other Agile audit methodologies that we read, discussed, and studied.
1 It is a framework, not a methodology. It is intended to provide ideas and guidance for an audit team to quickly deliver value to audit clients and stakeholders. The framework allows audit teams to incorporate other practices and tools into an Agile audit methodology that they create.
2 The framework requires and provides a structure and guidance for more collaboration with audit customers/clients. Audit customers and auditees are Agile team members from day one of the Agile audit. Agile audits cannot move forward without audit customer engagement.
3 The framework focuses on adding value from the audit client's perspective by centering the Agile audit on the value proposition. The value proposition focuses on business objectives and business risks, not audit risks. More specifically, the Agile audit framework encourages adding value by helping audit clients evaluate whether they have put the right actions and controls to mitigate threats and risks to an acceptable level to help them achieve their objectives. This framework helps organizations increase resiliency; it enables auditors to more quickly deliver insights on whether business and management controls are working as intended to reduce risks and help achieve objectives. It provides flexibility to help management and audit clients articulate their objectives and articulate how each process aligns with the organization's strategy. Similarly, if management hasn't determined the risks that may affect their ability to accomplish objectives, the Agile auditing framework helps management and auditors to collaborate in risk identification.
4 The framework uses a risk universe, rather than an audit universe, to determine the upcoming priorities and an Agile audit plan. We discuss the difference between the risk universe and audit universe in Chapter 8: Implementing Agile Auditing: The Audit Planning Process.
5 Each Agile audit is completed in two weeks. Audit planning, audit execution, and final result communications are finished in just two weeks. We recognize that a defined two‐week project cycle deviates from Agile disciplines. We've discovered that this time constraint is the best way to get better at determining how much work each Agile audit team can complete. We also learned that to apply Agile auditing consistently, audit teams must think differently about traditional audit processes and deliverables. The two‐week cycle forces the necessary thinking and related practices.
This Agile audit framework is a drastic, disruptive change for many audit teams. It is a change that the audit profession needs. We recognize unique challenges in adopting the framework. In the spirit of continuous improvement, we accept and consider all challenges