Agile Audit Execution with Scrum Framework

This presentation showcases how agile audit execution transforms traditional fieldwork into a faster, more collaborative, and insight-driven process. The presentation highlights how to use Scrum for sprint planning, daily standups, sprint reviews, and retrospectives to help audit teams stay focused on the risks that matter most while maintaining momentum throughout the engagement. By shifting from rigid audit plans to a dynamic backlog, agile auditing enables real-time adaptability as business priorities change. The session emphasizes transparency, frequent communication with stakeholders, and earlier delivery of meaningful insights rather than waiting until the final report. Designed for modern internal audit functions, this approach positions audit as a proactive, value-adding partner that delivers timely assurance and actionable results.

• Understand how agile principles and Scrum apply specifically to internal audit fieldwork and how they differ from traditional audit execution models
• Learn how to structure and manage an audit backlog that is risk-focused and aligned to business priorities
• Apply sprint planning techniques to scope audit work effectively and deliver value incrementally
• Use daily standups to improve communication, remove roadblocks, and keep audit work on track
• Conduct effective sprint reviews and retrospectives to share insights early and continuously improve audit performance
• Define and apply a clear “Definition of Done” to ensure audit work is complete, consistent, and action-oriented

• Agile audit fieldwork fundamentals and the shift from traditional audit execution to risk-based sprints
• Sprint planning techniques for defining scope, priorities, and audit objectives
• Managing the audit backlog and decentralizing day-to-day decision making
• Daily standups and communication practices that keep audits on track and remove blockers
• Sprint reviews and interim results discussions to deliver insights earlier to stakeholders
• Retrospectives, definition of done, and audit plan standups to drive continuous improvement and consistency across audit teams

• Chief Audit Executive (CAE)
• Internal Audit Director or Senior Audit Manager
• IT Audit Manager or IT Audit Lead
• Internal Auditor or Senior Internal Auditor
• Audit Project Manager or Audit Program Manager
• Risk Assurance or Governance, Risk, and Compliance (GRC) Professional

Toby DeRoche is a bestselling business writer, governance professional, and entrepreneur with an academic foundation in English Literature, an MBA, and more than two decades of audit, risk, and compliance experience.

As a practicing auditor, Toby brings real-world experiences to every presentation. My approach always incorporates both theory and practical application, so your group leaves with actionable information. Toby has delivered well over 1,000 hours of professional development to internal audit, risk management, and fraud practitioners in corporate, government, and non-profit organizations.

As a writer, he has produced more than 250 thought-leadership articles for industry leaders across the United States, Canada, and Europe. Toby has authored 16 whitepapers and four books, among them Agile Audit: Transformation and Beyond, Only Audit What Matters (an Amazon bestseller), Modernize Your Audit Department, and Not Yet: A Warming Tale About My Neighborhood. He also contributed two chapters to the 28th edition of ISACA’s CISA Review Manual as an IT subject matter expert. His forthcoming book, Cybersecurity by Design, is scheduled for release in December 2026.

Education
•    Master of Business Administration with an Internal Audit Concentration
•    Bachelor of Arts in English Literature 

Credentials

•    Certified Internal Auditor (CIA)
•    Certified Information Systems Auditor (CISA)
•    Certified in Control Self-Assessment (CCSA)
•    Certified Risk Management Assurance (CRMA)
•    Certified Fraud Examiner (CFE)
•    Certified Agile Audit Professional (cAAP)
•    Certified in Cybersecurity (CC)