Agile 2013: Pat Reed and I discussing Scrum and Compliance

  • 534 views
Uploaded on

To become a mainstream methodology, Agile had to overcome many potential obstacles. The first was geography…One of today’s most daunting obstacles is compliance, often bringing heavyweight …

To become a mainstream methodology, Agile had to overcome many potential obstacles. The first was geography…One of today’s most daunting obstacles is compliance, often bringing heavyweight documentation, required procedures that are very waterfall-ish, complex approval work flows, and complicated approval processes begins Compliance Is A Hurdle, Not A Barrier, To Agile a Forrester Research paper published in July 2011.

This presentation will walk attendees through the problem of why organizations trying to manage a software development life cycle or PMO in a heavily regulated industry are fraught with challenges (e.g. externally mandated documentation levels, limiting the requirements and scope of the Product Owner, morale of employees). The presenters will discuss the fact that many of the external compliance standards (FASB, MAS, FSOC) are vague, and worse yet not written with the software development team in mind. In fact one of the risks is the interpretation of policy or external compliance standard remains on the business or with an executive (through personal / fiduciary guarantees). For example, authors of US Federal legislation (e.g. Dodd Frank Act) do not specifically consider software development when writing laws and are often ignorant to the downstream effects of said legislation for a development team based in Russia or India. When asked for clarifications the FSOC does not know enough about software development to provide clear and concise answers and the amount of documentation in the said legislation can be (a) in the thousands of pages and (b) within living documents.

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
534
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
8
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Making Scrum Stick in Regulated Industries Laszlo Szalvay & Pat Reed 6 August 2013 Nashville,TN Room: Bayou C Some Rights Reserved http://ScrumAndCompliance.com/
  • 2. “It’s kind of fun to do the impossible” Agile Community of Practice
  • 3. #aboutus Laszlo Szalvay Vice President | SolutionsIQ +1.425.519.6643 Office | +1.971.506.7862 Mobile
  • 4. Compliance is Top of Mind To become a mainstream methodology, Agile had to overcome many potential obstacles. The first was geography…One of today’s most daunting obstacles is compliance, often bringing heavyweight documentation, required procedures that are very waterfall-ish, complex approval workflows, and complicated approval processes. July 2011 Forrester Research, Inc. “Compliance Is A Hurdle, Not A Barrier, To Agile” Tom Grant, PhD
  • 5. Quotes from Regulated Industries Agile is not just a method or a process, it’s a way of being. You don’t do Agile. You are Agile. The FBI has arranged to load their ScrumMaster to other teams to get them trained. Increased Transparency has kept stakeholders in sync. Further, stakeholders would modify their expectations, based on the increased visibility of the process. Jack Israel, CTO FBI With no significant bugs reported…operation nearly flawless – a stunning and an unpredicted success. What are the implications for failing IT programs across government? Roger Baker, CIO VA
  • 6. Agenda 1. Market Overview 2. Problem Statement 3. Case Study 4. Hands on Exercise 5. BYO Org Patterns 6. Closing http://bit.ly/SWAwlH
  • 7. market trends 0% 5% 10% 15% 20% 25% 30% 35% 40% Regulated Unregulated Source: Forrester/Dr. Dobb’s Global Developer Technographics® Survey, Q3 2010
  • 8. #ProblemStatement
  • 9. • Ever changing • More scrutiny due to Sept 2008 crash and general ‘anger’ at Wall Street (e.g. Occupy Movement) • Many faces, although for financial vertical Singapore is emerging as a leader (strategic) • Not familiar with internal corporate vernacular, culture, or even software development Compliance is complex
  • 10. • Singapore sees compliance as a strategic differentiator and Singaporeans have taken a very taken a very hard position within the banking industry. As such, they are now seen as the international standard. • Complex set of cross-border rules that can be contradictory, incomplete, or vague • Have seen this in other industries (e.g. Postal) • Customs is where the most senior people from DHL, FedEx, UPS sit Compliance has emerging leaders
  • 11. Visual Problem Statement • 6 cross functional teams of 8 people (split between NJ, Silicon Valley and Kiev) • 2 Backlogs • 6 Product Owners, 1 Uber - PO (based in London) • 2 Compliance Officer (based in Singapore and NYC) • 2 external compliance mandates (overlapping jurisdictions, e,g, MAS and FSOC) Uber PO Compliance Officers Dev Teams
  • 12. #CaseStudy
  • 13. #CaseStudy Before Agile can scale, an Agile accounting standard needs to be developed to enable CFO’s to understand and leverage one of the most quantifiable and compelling benefits of Agile software development.
  • 14. Mandatory SOP 98-1 and ASC 350-40 Guidelines – Prescribe how all organizations must capitalize or expense internal IT projects based on project stage and type of work – 3 Stages: • Preliminary Stage – Costs must be expensed • Application Development Stage – Most costs should be capitalized • Post Implementation Stage – Costs must be expensed – Capitalization begins when (a) the preliminary project stage is completed and (b) management, with the relevant authority, implicitly or explicitly authorizes and commits to funding a computer software project with high probability of success and software will be used to perform the function intended – Capitalization ends no later than the point at which a computer software project is substantially complete and ready for its intended use
  • 15. What’s The Problem? • To ensure compliance, we must estimate, allocate, track and report labor costs to internal IT projects based on project work done in three specific phases: Preliminary, Development and Post Implementation • Waterfall projects can readily adapt their labor and project costing to the guidelines using the following framework: Preliminary - - - - - - - - Development - - - - - - - - - - - - - Post Implementation - -
  • 16. Expense vs. Capital Release • Feature 1 • Feature 2 • Feature 3 Release N: Theme Iteration 1 Iteration 2 Iteration 3 Iteration … • Story 1 • Story 2 • Story 3 • Story 4 • Story 5 • Story 6 • Story 7 • Story 8 • Story 9 • Story 10 R Backlog Backlog • Story 1 • Story 2 • Story 3 • Story … • Story 11 • Story 12 • Story … Customer Evaluations Quickstart Inception Deck Treatment Inception: Design Storming Expense Capital
  • 17. Confidential - Do Not Distribute or Copy Agile Capitalization Expense Only Capital and Expense Quick Start Treatment & Pre- project tasks Design Storming It 0 It 1Project Stages Cost allocation Preliminary Project Application Development WhatHow • The Preliminary Project Stage: “What“ (Ends In Inception at the beginning of Design Storming) • The Development Stage: “How “ (Starts with Design Storming) • The Post Implementation Stage: “When” (Begins 72 hours after the last production implementation, when final user acceptance testing and Level 2 support or maintenance handoff is complete) Releases Final set of stories deployed. Expense 72 Hrs Inception Post Implementation Costs can be Capitalized once the “Approval to Start” has been secured and end at the completion of the Application Development stage when the asset is in production for customer use. Capitalization Begins Capitalization Ends … … Release It 2 ReleaseRelease Release Release Release It nIt 3 It 4
  • 18. #HandsOnExercise
  • 19. Hands On Exercise: Navigating an Amorphous Compliance Issue Global Justice XML Data Model CFR21 Software Compliance Financial Automotive
  • 20. Please read scenarios and discuss (12 mins) Exercise: Navigate Amorphous Compliance Issue
  • 21. Feedback (6 mins) Exercise: Navigate Amorphous Compliance Issue
  • 22. #BuildYourOwnOrgPatterns
  • 23. Option One (a) Bring in external compliance issues through work items in the backlog Risks: Most external compliance mandates result in changes to workflow not work items
  • 24. Option Two (a) Automate Changes using workflow automation tools and Team picks up changes passively. Risks: Give up on the notion of Team Learning (this can be seen by the team as anti-agile)
  • 25. Option Three Use the Retrospective Meeting to introduce evolutionary changes to process. In this case, use the retro to introduce new compliance requirements into workflow and the backlog. (A) “Mandate changes” from the Uber PO and Compliance Officer Risks: What team self-organization?
  • 26. Option Four: Use the Retrospective Meeting to introduce evolutionary changes to process. In this case, use the retro to introduce new compliance requirements into workflow and the backlog. (B) Let the teams roll out their own, using potentially disastrous self discovery / learning exercises Risks Huge financial losses Knight Capital’s stock dropped more than 24% Monday to close at $3.07 following the announcement of the deal [rescue package]. The new investment will severely cut into the value of existing shareholders’ stakes. http://cnnmon.ie/XKAhqZ
  • 27. Combo Approach Option Five: (a) Designate Compliance SME on each team, born from Q/A who coordinates around workflow with the CCO office (b) Introduce governance standards that are rolled out at the program level which are digested / constructed / deconstructed in the retro meeting meaning evolutionary changes to existing workflow and process Risks Need to grow many compliance SMEs Language barriers can be an issue
  • 28. #OpenJam Join Us Wednesday and Thursday during OpenJam at 8:30am to Build Your Own Organizational Patterns Join http://ScrumAndCompliance.com/ & submit your Organizational Patterns
  • 29. #ThankYou! Pat Reed preed@ihoriz.com 800 542-8184 x102 Mobile: 650 515-2989
  • 30. What facilitator needs to bring • Print offs (BYOrg Patterns & Examples)