SWAP Internal Audit Services has 25 public sector partners, plus local authority and charity customers who we support with various types of audit work – so we have many masters, all of whom need different things. The main issues around disruption, however, are similar.
When I became CEO in 2019, I visited each of our partners to discuss how we could improve our services. For example, I wanted to implement more agile techniques and more dynamic reporting, so we could work faster, more flexibly and more responsively.
We also invested in technology. We were using Office 365 and Teams before the pandemic began – however, some our customers were not. This put us in a good position to benefit once everyone else started working remotely.
Our biggest challenge is how to develop our use of agile, dynamic reporting, Power BI dashboards, etc, for all our partners and customers. We’ve had to undertake training and help people to understand the need for change.
All our reports are now just one page. They’re short and snappy and present management with the key risks and the mitigations we’ve agreed in a digital format. Some managers were nervous, but they’re appreciating the clear message and easy-to-use format.
We’re now focusing on introducing agile techniques to our audits, using scrums and sprints, so by the time we finish we’ve already agreed findings and actions. Works in progress (WIPs) are still an issue and we’re trying to reduce these.
One barrier is that audits have always been measured in days and some managers worry about whether they will still get their quota. I’m asking people to think in terms of cost of delivery and value, rather than days. It’s about efficiency and quality, not how long it takes to do an audit. We need to focus on the important issues when, where and as they arise, so that everyone gets support when they need it most.
It comes down to our role as a trusted adviser – are they happy with the service they get?
Planning and scoping audits is crucial. I don’t like annual plans because they’re always guestimates. It’s vital to scope and work out what you need for a high-quality audit and then adjust resources. It’s about shifting mindsets. We now operate a rolling plan because it can frighten people if there is no plan.
We also need flexible software. Our existing solution couldn’t support agile audits, so we went back to our supplier and explained our problem. They’ve given us a blank database, so that we can start from scratch and work in sprints. We’re aiming for less “noise” and more power to decide what we need for each audit – for example, do we want to use Power BI and how can we best report findings to the audit committee? Can we drill down to see progress from the audit work completed to management actions taken? There’s no point using agile techniques if your software drags you back to traditional reporting.
Our market will face extremely tight budgets in coming years, and we need to prepare now. Most of the practices we’ve implemented in the pandemic are now business as usual. We’ve saved about 400 audit days just by reducing travel time and working remotely. It’s helped us to be far more efficient.
We have to be resilient to ensure we can change focus quickly. We’ve created a new data analytics team and a counter-fraud team and we’ve introduced a new charging model, so that we can present customers with a list of services they can choose from.
The key question must always be “how does our work address the main concerns of the organisation?” It’s about spotting opportunities as well as implementing controls. We’re on a journey and we’re not there yet, but we’re making progress.