"Applying agile methodology to internal audit may be novel, but technology and business functions have been using agile successfully for more than 20 years. ... We became intrigued by that long-term success and thought, ‘Why can’t we do that?’"
- Jeffrey Jarczyk, Executive Vice President and Chief Auditor
Fidelity describes its mission as inspiring “better futures” and delivering “better outcomes for the customers and businesses” it serves. With assets under administration of US$7.4 trillion, including managed assets of US$2.7 trillion (as of March 31, 2019), Fidelity helps an estimated 30 million people invest their savings and 22,000 businesses manage employee benefit programs. The company also provides more than 13,500 financial advisory firms with investment and technology solutions they rely on to invest their clients’ money. Privately held for more than 70 years, Fidelity employs more than 40,000 associates.
"The internal audit function’s interest in pursuing agile auditing resulted in the formation of an Agile Auditing Center of Excellence (COE) within the group’s structure, which is purposefully designed to support the transformation."
Fidelity Executive Vice President and Chief Auditor Jeffrey Jarczyk leads a 155-employee-strong internal audit function that has developed an innovative blend of structural, procedural and technological mechanisms designed to continually improve future auditing activities while assisting the business in making good on its mission of bettering the futures of its many customers. He points to the company’s heritage, privately held status and long-term focus as valuable differentiators.
“The notion of doing right by the customer through our long-term orientation permeates the entire organization,” Jarczyk says. The mindset certainly flourishes in the internal audit function. Despite earning a leading-edge reputation thanks to their early adoption of data analytics and other next-generation auditing techniques, Jarczyk and his team continually scan the horizon for new opportunities to innovate. “Our thinking,” he says, “is that if we’re going to continue to be relevant to the business while maintaining a leading position as an internal audit function, we need to have some people whose job it is to scan the marketplace and look for emerging technologies that we can bring to bear on our work.”
As is the case in most other companies, keeping internal audit relevant can be challenging given the rest of the organization’s ongoing innovation and transformation activities. Fidelity has been a leader in the financial services business and is constantly seeking to innovate in terms of products and services and its internal operations and technologies. Several years ago, the company started expanding its adoption of agile methodology, and now agile practices are being rolled out and refined across a growing number of business units throughout the organization. While the internal audit function deploys a wide range of next-generation auditing technologies and approaches, Jarczyk and his senior auditors spotted a prime opportunity to “draft behind” its business partners’ adoption of agile.
Scanning the Horizon
The internal audit function’s interest in pursuing agile auditing resulted in the formation of an Agile Auditing Center of Excellence (COE) within the group’s structure, which is purposefully designed to support the transformation and is staffed with a combination of tenured agile coaches and veteran auditors with deep organizational knowledge.
Jarczyk reports functionally to the chair of Fidelity’s audit committee; administratively, he reports to the head of Fidelity Enterprise Risk Management, a group that oversees security, risk and compliance-related functions throughout the company. The internal audit function is organized into four business-audit groups that align with the company’s primary business lines and its information technology (IT) function’s activities.
A fifth audit group, the Innovation and Enablement team, is responsible for the agile audit COE, audit operations, centralized planning, management reporting, and the function’s recruiting and development activities. This group, led by Audit Vice President, Innovation and Enablement, Christine Meuse, also drives audit innovation. An innovation team within the group is charged with “looking at the horizon, anticipating how we can stay on the leading edge and helping to decide where we want to go next,” Meuse explains. “Right now, we’re looking at some design-thinking principles that dovetail nicely with our agile auditing approach. We’re also partnering with internal and external parties in the AI and machine learning space.”
The innovation team also helped identify opportunities to automate more of the testing of the organization’s information security perimeter as the company shifts more applications and systems to the public cloud.
While advanced technology and methodologies are manifestations of the innovation Jarczyk and Meuse want to foster in their function, the two executives also point to their long-running college program as a crucial enabler of innovation. The team has had an internship and co-op program for 15 years and has established strong partnerships with colleges and universities. Meuse says that the digitally native interns and college hires help “instill an innovative mindset across our department.”
A Straightforward Sales Pitch
In 2017, several thousand employees across many different business groups in Fidelity’s Personal Investing business line began using agile based on the model originally deployed at Spotify. The internal audit function’s Innovation Team had been considering applying agile, and the business adoption of the methodology clinched it.
“Applying agile methodology to internal audit may be novel,” Jarczyk notes, “but technology and business functions have been using agile successfully for more than 20 years. ... We became intrigued by that long-term success and thought, ‘Why can’t we do that?’”
"The team has had an internship and co-op program for 15 years and has established strong partnerships with colleges and universities."
The function’s agile auditing pitch to business partners was straightforward: We can conduct the same auditing work in less time. In exchange for reducing time and related disruptions, internal audit made several asks of business partners who participated in the initial round of agile audits. “We let them know the process would be more intense on their side,” recalls Jarczyk, who also explained that agile auditors would need information and data requests to be fulfilled in a more timely manner than they had in the past and that the team would want senior leaders from each business area to be available every two weeks to discuss a status report. “In exchange for that commitment,” Jarczyk continues, “we said: ‘We’ll get out of your hair sooner; it’ll be a completely transparent process, and there won’t be any surprises by the time we get to the reporting because you’ll have been along for the journey.’” The team piloted the approach with five teams to test the methodology and gather customer feedback.
In accordance with one of the foundational elements of agile methodology, Fidelity’s auditors work together on a team of five to six associates over a designated period (in this case, for nine months) to improve their work and collaboration continually. The work consists of a succession of two-week sprints, each of which is immediately followed by an information-sharing session with leaders of the business group being audited. The insights generated during those give-and-take sessions are applied to improve the direction and quality of each subsequent two-week sprint. While internal audit remains accountable for the opinions and perspectives expressed in the final reports it issues, those findings contain no surprises for the business partners being subjected to the audit because they’ve been involved all along. “It’s just a much more collaborative way of getting there,” says Jarczyk, “and that’s been a huge plus.”
"The benefits sound impressive, but the learnings gained from the agile audits conducted are equally valuable, Jarczyk and Meuse emphasize, because they point the way to many more improvements and additional benefits."
After completing the pilots, internal audit leaders assessed the work, discussed what was learned and then asked, “Do we feel like this is something that we really want to lean into and scale across the department?” The resounding answer was yes, Meuse reports. “And we certainly found things that we needed to improve on and iterate, which is what agile is all about — learning and iteration.”
Keep Calm and Stay Agile
Through four successive waves beginning in the third quarter of 2018, the audit team extended the agile methodology across the entire function by the end of the first quarter of 2019. “We now have the entire department working in an agile way,” Jarczyk says.
The benefits sound impressive, but the learnings gained from the agile audits conducted are equally valuable, Jarczyk and Meuse emphasize, because they point the way to many more improvements and additional benefits. “We continue to learn and adapt our approach based on feedback from our associates, coaches and stakeholders, which is consistent with the principles of agile, and expect to continue to evolve the process for the foreseeable future,” Meuse says. They note that key tenets of the transformation, such as servant leadership and success as a team versus the individual, are mindset shifts that take time to fully take hold and maximize the benefits of this way of working.
Under the agile approach, the duration of individual audits has decreased substantially, according to Jarczyk. He and Meuse also report that the more collaborative and client-centric nature of more frequent agile auditing interactions have elevated trust between the business and internal audit to a new level. The acquisition of agile auditing skills has also delivered career development benefits throughout the function. “It’s an opportunity to re-energize our auditors, who can now practice the craft in a completely different way,” Jarczyk notes, while adding that the experience has had its share of bumps, as most major change efforts do. “I’m not saying that this has been easy and that we don’t still have a lot of work to do, but the net result has been positive, both for our clients and associates.”
Some of that work includes identifying new key performance indicators (KPIs) because metrics associated with traditional auditing approaches, such as productivity and report volumes, are less relevant to agile auditing success. “In addition to adjusting how we measure overall department output and productivity, we know that we need a new set of metrics that reflect the fact that agile is highly team-specific in nature,” Meuse says. “Each team will be measuring its own goodness, so to speak, in terms of how it improves the way members work together. Each team wants to evaluate how it is increasing the velocity of that improvement over time.”
"As new KPIs are developed, performance management parameters and links to rewards will need to be changed in kind. Jarczyk has recalibrated how he values the contributions of the agile coaches he brought on board."
As new KPIs are developed, performance management parameters and links to rewards will need to be changed in kind. Jarczyk has recalibrated how he values the contributions of the agile coaches he brought on board. “In hindsight,” he notes, “we probably should have doubled the number of coaches we hired because they play such a pivotal role in helping people transition to this new way of working.” During the heat of that transition, the function distributed “Keep Calm and Stay Agile” buttons to internal auditors to acknowledge the discomfort involved in the major change while conveying that this temporary discomfort is a sign that the transition to agile auditing is working.
That turned out to be the case, and then some. Fidelity and its internal audit team remain absolutely committed to staying agile and reaping the growing benefits of doing so.
Click here to access the full list of profiles.