Last week I attended a conference of international development professionals discussing adaptive programming (or projects – for those outside the internal development world). For a short readout see: https://dfid.blog.gov.uk/2013/10/21/adaptive-programming/
Adaptive programming is a sort of ‘agile’ project methodology for aid programmes, in others words, a contingent, try as you go, methodology for seeing ‘what works’, in international development.
Unlike IT, international aid is solving genuinely complex problems, or ‘wicked problems’ for which the causes of the failure of development or continued poverty are multifaceted and difficult to pin down. For example, is poor nutrition in a country due to barriers to economic development, lack of basic resources, cultural issues, poor political and state governance, or a complex messy combination of all of these? I would suspect the latter. If so, how can any programme of international aid make a difference to this?
Standard programmes require a clear definition of the problem, clear designed solution, and then systematic, orderly, well controlled, project implementation of the solution.
Just as this is being recognised as not possible in IT programmes (i.e. you cannot predict 100% of the problems in advance) then similarly this is the more so in development programmes. IT’s solution is agile – a reflexive, adaptive, contingent approach to solving the problem, with many learning loops within a non linear process. Adaptive programming (I have interpreted) is the same thing in an international aid context.
So where’s the relevance for internal audit? Well, internal audit in its traditional form is great at assuring standard, linear, projects. You review the process and design of the process – will it deliver a good project? So most organisations would have some familiarity with PRINCE2 (I’ve not seen anyone really apply PRINCE2 by the way). Fabulous – you can send junior staff to look at a book of rules, if the programme is complex, send a more senior auditor (who can take some judgement or view of the rules). Then tick it and report non-compliance.
What about adaptive programming though? A vague project plan, lots of changes, lots of judgements, a lack of evidence (save implementation results). This requires auditors who are happy to work ‘off piste’ and work without a rulebook. So what do they rely on? Common sense? – we know this is in short supply. Also, whose ‘common’ sense is it? When an auditor is unclear what way is ‘up’, how can they audit in this environment? For surely all adaptations can be appropriate?
Well as ever, and consistent with my audit mantra, internal audit needs to move away from being scientific. There is no definitively right and wrong in the real world. Yet I am not ready to sacrifice the idea of things being wrong or unreasonable, totally. For then internal audit becomes nothing more than an impressionistic, artistic, other voice in the organisation. For if all decisions are right, no matter the results, outcomes, resources expended, or risks taken, then your basic rules of governance collapse.
What I mean by this is that governance is about direction and control. The board, or equivalent, and senior management need some framework to do this through. They need a framework to approve and control activity within. Normally this is the risk framework, i.e. the organisational and management risk appetite. This is expressed in many forms, finance delegations, formal risk delegations, key controls and authorisations, policies, legal restrictions etc.
So I, as an internal auditor want a framework, however lacking in granularity and however much adaptive flexibility it has, to be consciously applied in an organisation. The auditing of this framework is adaptive auditing. Yet when a business is introduced to adaptive auditing, that is an audit function that is happy to see adaptability applied in context and does not want to see a rules-based culture imposed, the business struggles to adapt to adaptive audit.
It must be odd for many in management teams for an internal auditor to not only accept a lack of rules-based compliance, but to be wanting to see this model applied in practice. But let’s be clear, adaptive programming and the demands of an adaptive audit, can be challenging. In particular I think agile audit, adaptive programming or any non-rules based method of management, require more control, not less. It requires a clear articulation of the current position at any point in time – that is a justification for the current control environment. It also requires a clearer view of why things are where they are at present, a clearer view of how success will be monitored, and a clearer view of the what would need to change to provoke further control changes.
So this is what I mean by adaptive programming requiring more control not less. It requires as more conscious articulation of the programme. It requires a better audit trail of previous decisions. It requires a more thoughtful justification of the programme.
Similarly adaptive audit is much harder to manage and deal with. Auditors are taking judgements. This therefore requires a higher quality of auditor. More work to co-produce reports (although ultimately they are independent). More work and higher levels of management engagement during an audit to discuss complexity and difficulty. More openness and honesty about risk and ultimately, failure.
So are you and your client organisations ready for adaptive management and adaptive audit? I would say a lot of organisations have a way to go. It fundamentally requires the audit and management relationship to be reset. No longer an adversarial game, but a collaborative effort to face complexity and challenge together. This will require some sanguine understanding of risk and audit by regulators, governing bodies and senior management.
Are most clients I have worked with ready for this grown-up relationship? Some, but not many. It is the line between artistic chaos and socially-scientific control frameworks that is difficult to pitch. This will vary and cannot be always clearly articulated. If we can open ourselves to trying this model though, it would benefit both audit and management teams alike.