Companies must rethink audit methods if they want to keep pace with rapid digital transformation and growing cyber risks.
This was the word from Ureka Rangasamy, chief audit executive at Eskom, speaking at the ITWeb GRC 2025 event in Bryanston, Johannesburg last week.
She said agile auditing, an approach adopted from software development, is helping internal auditors become more responsive, collaborative and effective in managing risk. The approach breaks audits into shorter, iterative “sprints”, with teams sharing early insights instead of waiting until the end of a project.
“In traditional auditing, the process typically involves planning, sending proposals or engagement letters to clients, and then conducting the fieldwork. Clients usually see the auditors again towards the end [of the project],” she explained. “Today, three months is not a long time. With agile auditing, you still carry out the planned fieldwork and reporting, but for a particular phase [in the project], you issue a report at that stage so the client can adjust their risk. Then you move on to the next phase, where you will also do your follow-up to see whether the client has implemented your recommendations.”
Rangasamy explained that Eskom began experimenting with agile auditing in the early 2000s. “A few colleagues and I, who were also recruited from IT, noticed that the audit department’s methods just weren't cutting it. There was a big gap in how they were resonating with the IT clients,” she said.
Eskom has since applied agile auditing to large projects, including enterprise resource planning roll-outs, Rangasamy noted. The method has helped prevent costly errors and improve compliance by allowing audit teams to work alongside project staff during implementation.
According to Rangasamy, agile auditing does not replace traditional methods but complements them, especially in complex or uncertain projects. The approach requires auditors to adopt a different mindset, one that values flexibility, open communication and continuous learning.
She also discussed how artificial intelligence (AI) could shape the future of auditing. While AI can speed up analysis and reporting, she cautioned that human oversight remains essential to ensure accuracy and ethical use.
“I think we're going to move away from generative AI to agentic AI. This will help auditors, but it will also place a greater onus on IT auditors to implement robust checks and balances. While the rise of AI-driven cyber crime introduces new risks, that shouldn't stop us. Instead, it presents an opportunity for growth,” she concluded.
Share