improve™ 2.0 — The Agile Risk Operating Model
From a diagram to a complete, assessable operating model — built to grow. A closed flywheel on an AI assurance engine, bounded by governance guardrails and measured by the value it delivers.
improve™ 2.0 is Signify Solution's enhanced operating model for agile, AI-augmented assurance. It takes internal audit from a fixed annual plan to a continuous, value-led flywheel — a closed loop running on an AI assurance engine, bounded by governance guardrails and measured by the value it delivers. What follows is the full anatomy: the principles that steer it, the phases and tasks that run it, the rails that keep it safe, a maturity model to place yourself on, and the roles and cadence that make it real.
Principles
The behaviours every decision in the flywheel is steered by.
Tech-driven
Data, automation and AI do the heavy lifting so people focus on judgement.
Value-centric
Every cycle is prioritised by genuine business value and real risk impact.
Growth Mindset
With teeth — a capability model that builds T-shaped, data- and AI-literate auditors.
Phases & tasks
Consolidated from eight tasks to six — value discovery merged into one backlog, monitoring lifted into the core engine, and the two old wrap-up steps fused into a single retrospective that closes the loop.
Value Backlog
A living, prioritised backlog of value propositions and value-stream insights — owned by IA — replacing the fixed annual plan.
AI clusters risk signals and surfaces candidate value items.Risk Sensing
Real-time, dynamic risk and horizon scanning, connected to ERM and the second line, continuously refreshing the backlog.
AI scans data, controls and external signals for emerging risk.Sprint Iterations
Time-boxed sprints with defined outcomes, pulling the next highest-value items from the backlog.
AI agentic testing and evidence review accelerate fieldwork.Improvements Register
A living record of issues, opportunities and control enhancements captured as the work happens.
AI drafts findings and links them to the right controls.Continuous Insight
Always-on dashboards and audience-ready insight, alongside periodic board reporting and an annual opinion.
AI generates dashboards and narrative on demand.Retrospective
One review-and-learn ceremony that closes each cycle and feeds lessons straight back into the Value Backlog.
AI mines patterns across cycles to sharpen the backlog.AI Assurance Engine
An AI- and data-driven engine running continuous control monitoring and testing beneath every phase — with a human always in the loop.
AI this IS the AI engine; it powers and validates every task on the wheel.Governance guardrails
Agility is bounded, not unbounded. The loop can spin as fast as it likes — but only inside these four rails, the questions every Chief Audit Executive and Audit Committee will ask first.
Independence & Objectivity
IA owns the backlog and the opinion. Collaboration with the business informs the work — it never lets management own the plan.
Risk-Universe Coverage
Value-led prioritisation sits on top of guaranteed coverage of mandatory, regulatory and top enterprise risks. Nothing required gets crowded out.
Quality & Conformance
Iterative work still meets workpaper, evidence and QAIP standards — including a human validating every AI-assisted conclusion — ready for external scrutiny.
Board Assurance
Continuous dashboards are complemented by periodic reporting, escalation of significant issues, and an annual internal audit opinion to the committee.
Maturity model
A function doesn't switch on agile overnight. improve is the path from a reactive annual plan to an adaptive, AI-augmented function — and a way to assess where you are today.
Reactive
Fixed annual plan, point-in-time testing, manual evidence, retrospective reporting.
Hybrid
Agile pilots and some continuous monitoring; value focus and tooling emerging.
Agile
The improve loop runs end-to-end: value-led, continuous, and closed.
Adaptive
An AI assurance engine predicts and prioritises; the function self-improves.
| Capability | Reactive | Hybrid | Agile | Adaptive |
|---|---|---|---|---|
| Planning & Value | Annual plan | Plan + ad-hoc | Living backlog | AI-curated backlog |
| Monitoring & Risk | Annual assessment | Periodic refresh | Continuous sensing | Predictive sensing |
| AI & Tooling | Manual | Point tools | Integrated automation | Agentic AI engine |
| Reporting & Assurance | Static reports | Some dashboards | Continuous + opinion | Real-time, AI-generated |
| Talent & Governance | Siloed skills | Upskilling | T-shaped pods + QAIP | AI-literate, self-optimising |
Most functions today straddle Level 2 · Hybrid; the five-year target for improve is Level 3 · Agile and beyond.
Roles & cadence
An operating model needs owners and a rhythm. These are the agile-audit roles — and the heartbeat that keeps the loop turning.
Built for the next five years
Five forces that decide whether agile assurance still works in 2030 — wired into the model, not bolted on.
Audit WITH AI
Agentic continuous testing, evidence review and drafting accelerate the engine and every sprint.
Assurance OVER AI
Model, agent and AI-governance risk become a permanent — and fast-growing — domain in the backlog.
Connected assurance
Wired into ERM and the second line so risk is sensed dynamically and work is never duplicated.
Talent & capability
Growth Mindset with teeth: T-shaped auditors, AI literacy, and a product-owner for the backlog.
Standards-aligned
Mapped to the IIA's 2024 Global Internal Audit Standards — conformant, not experimental.