INSIGHTS

Agile Methods for GRC and Internal Audit: more efficiency and productivity for the financial industry

A widely used approach in the technological area, with good results, agile methods have gain market share in the financial industry.
Contents

Interest in the methodology happens because it offers more efficiency in processes, with time savings and an estimated increase in productivity of 20% to 30%, essential resources for the transformations taking place in the world and requiring more agility from organizations. Other areas within companies, such as internal audit, governance and internal controls, are beginning to realize the benefits of agile performance.

Transformation and dynamics of the universe of risks that companies are currently involved in demand greater flexibility in the structure of second-line and third-line areas of defense, not only in the assessment, but also in the identification and perception of new emerging risks for the business.

This need for agility meets the agile manifesto that values, mainly, the interactions between individuals, collaboration with the customers and responses to changes. The manifesto is the declaration of essential values ​​and principles for agile development that can be applied in software development, but also permeate all business processes of companies that demand agility.

given the market's growth, with the expansion of fintechs, the method offers advantages for all companies: from large and medium-sized ones, which need to remain competitive in comparison with smaller and virtual companies; the small ones, which cannot opt ​​out of the risk analysis; even fintechs that need to mitigate risks and deliver with quality and efficiency to stay in the market.

Benefits of agile methods in the financial industry

A benefit of the highlighted approach, in the expert's assessment, is the gain in agility in the responses that imply greater risk. Brehmer emphasizes that the method directs efforts where there is a greater need to answer something, which could be a regulatory, technological or operational issue. In addition, Agile provides a collaborative environment for the parties involved and greater engagement of the internal audit team, as this contributes to quick and efficient deliveries.

“Companies have operational, tactical, and strategic processes. Agile methods act on the second line of defense, defensive tactics, which begins to bring more agility to the business and add more value to the strategy. Traditional approaches usually require more time and end up distancing the tactical from the strategic approaches,” he ponders. “This is the great value we have realized. When we look at governance, compliance and internal audit bodies, we see the demand that these structures, which are very technical, add more value to the operation. With agile methods, we define the main risks, which will be prioritized, with a surgical approach that makes it possible to respond more quickly to what really matters, adding more value to the governance process as a whole.”

Smaller Jobs and Daily Analysis

Sawada_Round.png

In Thiago Sawada’s analysis, senior manager of Financial Services at Grant Thornton Brazil, the main idea is to segment the process. “Traditionally, the internal audit work takes place in an end-to-end assessment system, and certain jobs, mainly on new and emerging risks, it is necessary to analyze and focus on specific points to understand the impact of these new risks on existing processes. This focused focus on points of the process guarantees better results in the risk diagnosis.”

With agile methods, after determining the product owner, in charge of the project, and the interface with the stakeholders, the backlog is defined with all the tasks necessary to execute the plan and the priority risks that should be included in the sprints. “We defined small time intervals, for example, from two to four weeks by evaluating the team's total hours in that period and analyzing which part of the backlog we managed to attack. Several deliveries are carried out during this period,” explains Sawada.

“We have broken a gigantic job into small jobs, which go through the entire cycle of defining what should be done, delivering and reviewing the result, going back to the beginning. This is the dynamics of sprints. With a focus on one service, we reduce the waste of hours and clearly and objectively define what delivery should be at the end of the sprints.”

To ensure the assertiveness of the progress of the actions, short daily meetings are held - the stand-up meeting calls, at the beginning of the day, with a follow-up of the work scheduled in the backlogs, analysis of what was actually carried out and definition of the day's activities. This strategy ensures the team's alignment, so that everyone can know exactly their role in the process, and commitment, as progress will be evaluated on a daily basis. The format proved to be quite efficient during the pandemic for managing remote teams.

At the end of the sprints, periodic retrospectives are also carried out, with analysis of the results and verification to prove whether the delivery corresponds to the value defined in the process. This allows the constant review of the path to be followed and, if necessary, carrying out a change of route. The audit person (audit director, manager, CAE, etc.), the product owner, defines whether the results are being achieved.

“With the agile methodology, if you are going to make mistakes, make mistakes quickly and then fix it too. When you have to wait the entire process, months, to validate the result, if there is a mistake, it is necessary to go back from the beginning on step-by-step basis. With small deliveries, already in the first sprints, we have an idea if this is the best path or we should make changes and get the direction straighter.”