Establishing IT governance and compliance practices is essential for organizations that have regulatory or audit requirements. The good news is that you can be agile and still comply with Sarbanes-Oxley, CFR 21, HIPAA, and other regulatory imperatives. Done well, IT controls actually help you improve both productivity and quality. Bob Aiello describes how to implement IT controls in frameworks such as ISACA Cobit and ITIL v3 that many regulatory frameworks require-while maintaining agile practices. Bob's guidance includes specific examples of establishing IT controls: separation of duties, work-item to change-set traceability, physical and functional configuration audits, and more. Bob explains how these practices help government, defense, and corporations scale agile practices where audit and regulatory compliance is a must. In fact, Bob attests to the fact that a disciplined approach to agile can improve the productivity and quality of most all agile development efforts.