Audit Planning: Creating a Flexible Planning Solution
Discovering That Users Needed to Assess Before They Could Plan
The problem
Our sales team couldn't close deals with prospective customers because our new Internal Audit platform lacked planning functionality. Customers expected this capability and weren't ready to purchase without it. The business needed an MVP planning module quickly, but project requirements were vague: allow users to build plans, add audits, and schedule them. With no analytics on either legacy platform, I had no data about how users actually worked.
Timeline:
8 months
My role:
Lead UX/UI Designer
Team:
User researcher, project manager, technical product owner and the development team
Understanding Two Different Planning Approaches
I analysed both legacy platforms to understand what customers were migrating from and identify why neither solution worked effectively. Both platforms used entity-based planning but structured their risk assessments differently.
Platform A: Hierarchical Entity-Process-Risk Structure
Users created planning periods as their foundation, then conducted risk assessments following a hierarchical structure: entities connected to processes, and processes connected to high level risks. The system required individual assessment of every entity-process-risk combination. For larger organisations, this meant assessing 100+ individual combinations, making planning extremely time consuming.
The platform generated a colour coded table view (red for high risk, green for low risk) enabling quick identification of areas requiring audit attention. Users could then create audits for high-risk areas and add them to schedules. However, despite conducting risk assessments, the suggested next audit date was based on cyclical intervals rather than risk levels. The process lacked linear workflow structure and provided no visual representation of scheduled audits over time.
Platform B: Direct Entity-Risk Connection
Users selected universe entities individually and conducted risk assessments directly at entity level, assessing high level risks associated with each entity without an intermediary process layer. After assessment, they created audit plans through either standard planning for resource allocation or rapid planning showing audits in a comprehensive grid format with scheduling information, suggested intervals, required days, and available capacity.
Platform B included a Gantt chart view providing visual timeline overview of the audit programme, displaying scheduled audits, upcoming work, and current status. Users could allocate resources and assign team members directly through this integrated interface. Like Platform A, despite conducting risk assessments, the system suggested audit scheduling based on cyclical intervals rather than risk-based prioritisation.
Key Finding: Both platforms used entity-based planning but Platform A added a process layer between entities and risks whilst Platform B connected entities directly to high level risks. Despite different structures, both relied on outdated cyclical planning methodology for scheduling rather than using risk data to inform audit prioritisation. Both also lacked clear signposting and logical user flow, making planning modules difficult to navigate effectively.
Initial Concept and Critical Discovery
Our senior user researcher coordinated initial interviews with a couple of users from both legacy platforms. Based on these early conversations, I designed a concept combining Platform A's risk-based matrix visualisation with Platform B's comprehensive scheduling capabilities. Using low fidelity wireframes in Balsamiq, I prepared to test this with additional customers during discovery.
Further interviews revealed a more complex picture. All five users we spoke with had abandoned their respective platforms due to complexity and rigidity, migrating to Excel for its flexibility. Some had stopped planning audits entirely. One user criticised Platform B's cyclical planning methodology as "15 years out of date."
More importantly, users required completely different approaches. Some wanted simple scheduling, others needed risk-based methodology, and some preferred cyclical planning. No single workflow would accommodate these diverse needs.
The Inverted Workflow Problem
I created a high fidelity Figma prototype using our design system components and validated the workflow with our product team, particularly leveraging our Project Manager's auditing background. My design concept aimed to solve the 100+ risk assessment problem from Platform A by having users create a plan first, select specific entities they wanted to focus on, then conduct risk assessments only on those selected entities. This would dramatically reduce assessment burden.
The first round of usability testing revealed a fundamental flaw in this logic: the workflow was completely inverted.
Users expected to assess entities or risks first, then create plans based on those assessments. They needed to see the risk landscape before they could know which entities to focus on in their planning. My design required them to decide what to plan before understanding what risks existed. This contradicted how audit planning actually works in practice. You can't decide what to assess without first knowing what's risky.
Deeper Discovery: Understanding Actual Workflows
Recognising critical knowledge gaps, I initiated a second discovery phase where users demonstrated their actual processes using Excel spreadsheets. This revealed two primary methodologies operating at different levels of granularity:
Entity-Based Planning: Users assessed risk at a higher level, evaluating entire entities (departments, locations, business units) for overall risk, then created audit plans for high-risk entities.
Risk-Based Planning: Users assessed risk at a more granular level, examining specific risks across multiple entities, then created audit plans targeting those specific high-risk areas regardless of entity boundaries.
Both approaches required assessment before planning, not planning before assessment. My initial concept had fundamentally misunderstood the audit planning sequence.
The Solution: Flexible Planning Accommodating Both Methodologies
I redesigned the solution to accommodate both entity-based and risk-based planning through a single flexible workflow. After users completed their risk or entity assessments, they could pull selected items into a new audit plan where they could create audits, assign team members, and schedule work.
Scheduler Design
The scheduler featured two complementary views:
Audit List View displayed when audits were planned, providing clear timeline visibility across the entire audit programme.
Team Member View showed team member assignments and work capacity, enabling effective resource allocation and workload management.
I conducted competitive benchmarking for the scheduler, documenting strengths and weaknesses in Miro, then incorporated the most effective patterns into our design.
Validation and Refinement
First Scheduler Testing
Users appreciated seeing planned audits but requested additional information. They wanted to see audit stages, timeline status (late or on time), and recognition that auditors typically work on multiple audits simultaneously rather than sequentially.
Second Prototype
I incorporated this feedback into the revised design, adding audit stage indicators, status tracking, and concurrent audit visualisation.
Final Testing Results
Users responded positively to the simplified workflow and intuitive interface. The solution successfully accommodated diverse planning needs whilst providing significant improvement over legacy platforms. Critically, the corrected workflow sequence (assess first, plan second) aligned with actual audit planning practices.
Outcomes
Design Achievements:
Unified solution accommodating both entity-based and risk-based planning methodologies
Corrected workflow sequence aligning with actual audit planning practices
Flexible scheduling supporting diverse organisational needs
Visual timeline and resource allocation capabilities missing from legacy platforms
Business Impact:
Enabled sales team to begin closing deals with customers requiring planning functionality
Delivered MVP addressing critical product gap blocking customer acquisition
Created foundation for competitive positioning against market leaders
User Impact:
Simplified planning workflow compared to legacy platform complexity
Accommodated different planning methodologies without forcing single approach
Provided visual timeline and resource management capabilities users had been lacking
Key Learnings
The most critical lesson involved recognising when initial concepts fundamentally misunderstand user workflows. Usability testing revealed that my design contradicted how audit planning actually works, requiring complete workflow reversal rather than interface refinement.
The second discovery phase, where users demonstrated their Excel processes, proved essential for understanding actual work patterns. Watching users work revealed methodological diversity that interviews alone hadn't surfaced.
What I'd Change: Invest significantly more time upfront understanding user workflows and reviewing working documents before designing. Include development teams in user sessions for real-time alignment between user needs and technical feasibility.
Next Steps
Future development should focus on achieving feature parity with legacy platforms whilst maintaining the simplified workflow structure. Potential enhancements include intelligent assistance for audit prioritisation and scheduling based on historical patterns and risk assessment data.
Note: Impact measurement is limited by lack of analytics infrastructure on the platform. Quantifying adoption rates, planning efficiency improvements, and feature utilisation will require establishing measurement capabilities currently unavailable.