An Internal Audit toolchain

If you have worked in audit for a while at one time or another you have probably cursed a piece of software for losing all your work, being a nightmare to train staff on or just plain inefficient.

A toolchain is a concept used in software development to describe a set of tools that are linked together to aid in a specific objective.

The DevOps approach to delivering and maintaining software uses the toolchain concept to describe how they combine a series of tools that link together to form a ‘pipeline’ to write, deploy, and support software in a consistent and efficient manner.

An example of a DevOps Toolchain

When working with teams using this approach I can’t help but think how inspired it is. There are a myriad of different implementations of the toolchain using combinations of different tools. Individuals, teams, and companies have their preferred tools and configurations and each tailors the toolchain to fit their way of working. By combining specialist tools into a modular framework users can get the features they want without having to commit to a monolithic solution and the various feature tradeoffs that arise when trying to select a ‘one size fits all solution’

GRC and audit system vendors generally swing towards the “Our system is all singing all dancing and can do everything you need”. You will even see vendors suggesting that a single system can be the perfect solution for Compliance, Risk, Audit, IT Governance, Financial Controls, etc. all at once.

As result, large investments in monolithic tools can be an implementation nightmare or result in only a small amount of the much-vaunted functionality being actually used by audit teams with the gaps being filled in by the ever-present excel spreadsheet.

So……

Why not a toolchain for internal audit..

The IA Toolchain v 0.1

This is an attempt at thinking about some examples of tools that could be in a ‘perfect’ (at least for me) set of tools to provide a‘World Class’ internal audit service.

I have looked to include widely available tools and opensource alternatives that may be already in use or are at least available as SaaS to reduce implementation difficulties. Depending on the skillset of the team, the complexity of the organisation and remit of the IA function different tools in this set will be more useful than others.

I am going to try and explain my thinking and do some proof of concepts for some of these in future posts.

NEXT: The Audit Product Roadmap- The IA Toolchain #2 — Managing your product roadmap