Why a blended approach works
In fast-moving organisations, keeping assurance relevant as priorities and risks evolve is an increasing challenge for internal audit functions.
The answer is not to choose between traditional and agile auditing, but to apply a blended approach that preserves professional rigour whilst improving responsiveness.
Traditional, risk-based audit planning remains the foundation. Internal audit plans should be aligned to organisational objectives and key risks, providing structure, accountability, and visibility to senior leadership and the audit committee.
Agile auditing does not replace this foundation; it enhances how audits are delivered. Agile techniques introduce shorter delivery cycles, closer stakeholder collaboration, and iterative insight sharing. This helps ensure audit work remains aligned as risks, priorities, and operating conditions change.
In practice, this means moving away from a “point-in-time” audit mindset toward a more continuous and adaptive approach to assurance. Early sharing of insights reduces the risk of late surprises, while regular check-ins improve accuracy and relevance. Retrospectives further support continuous improvement within the audit function itself.
Importantly, agility should not dilute audit quality. Clear objectives, sufficient and appropriate evidence, robust documentation, independent review, and well-supported conclusions remain essential to maintaining credibility and meeting professional standards.
A blended model could look like this:
- Use a risk-based audit plan as the strategic anchor, aligned to organisational objectives.
- Apply agile delivery techniques in areas of higher change, complexity, or uncertainty.
- Engage stakeholders regularly throughout the audit lifecycle, not just at the end.
- Share insights incrementally where appropriate, while retaining formal reporting.
- Maintain strong governance, documentation, and quality assurance processes.
- Build in regular retrospectives to continuously improve audit effectiveness.
In a dynamic environment, combining traditional and agile approaches provides a practical and credible way for internal audit to remain aligned to changing risk while continuing to deliver independent, high-quality assurance.
As organisations become more digital and risk cycles accelerate, the ability of internal audit to combine discipline with adaptability will increasingly define its value.
