SlideShare a Scribd company logo

A Journey Through Agile Auditability

Download as PPTX, PDF
Steve Nunziata
Steve Nunziata

This document summarizes Steve Nunziata's presentation on establishing an agile auditable framework. It discusses the challenges that traditional audit models pose for agile development and presents a 5-step approach to evolving audit processes: 1) validate risks and controls, 2) inventory agile practices, 3) create parameters for practices, 4) determine audit methods, and 5) establish operational parameters. The goal is to better align audits with agile processes through practices like daily stand-ups in order to reduce paperwork by 50% while improving quality. Both benefits and challenges of the approach are reviewed.

Software
1 of 37
Chaos, Consistency, Creativity: A Journey Through Agile Auditability Steve Nunziata, PMP, PMI-ACP, CSM, SAFe SPC Agile Austin Monthly Meeting, October 14th, 2014
About Steve… PMP, ACP, CSM, SAFe SPC EDS, Nike, Adidas, USAA Agile Trainer & Coach New Jersey / Oregon Bassist Extraordinaire Alamo Agilistas / PMI
Background: My Story Zero to Sixty (Days): Chaos to Consistency
So… Why Are We Here? Opportunity: Educate internal auditors to evolve away from formal artifacts and accept Agile tenets of visibility and transparency to demonstrate adherence to defined Quality standards. We will collaborate on an approach to define an Agile Risk & Control framework that can start you on your journey.
How Would You Like:  A 50% - or more – reduction in project ‘paperwork’ to demonstrate adherence to compliance processes? 59 COMPLIANCE ARTIFACTS 30 PROJECT WATERFALL AGILE  A framework for consistent application of Agile practices and ceremonies across a large – and growing – organization?
Remember…Use the Force Remove, you must, Stories from the Backlog, That, within an Iteration, completed, will not be…
Agenda Chaos Failings of Today’s Risk Management Processes Consistency Why Audit Execution Models Need to Evolve Creativity Creating an Agile Auditable Framework
Managing Risk – How Important is it?  The primary goal of a business is to… stay in business.  It is therefore necessary to continually evaluate, monitor, and address threats to retain market share. Otherwise, what would happen?
Managing Risk – The Risk Management Process Risk Identification Risk Assessment Risk Response Risk Review
Managing Risk – ISO 9001 Summary Part 4 – The Company must establish, document, and maintain a Quality Management System (QMS) Part 5 – Management commitment in evidence for the QMS Part 6 – Necessary resources must be determined & provisioned Part 7 – Plan & Develop processes for product realization. The processes must produce documents that can be (1) reviewed for acceptance; and (2) used as proof of conformance Part 8 – All reports of non-conformances, both of the product or the process, shall be reported upon, analyzed and lead to corrective action
Managing Risk – Risk & Control Compliance Framework Risk Controls Control Tests Operational Risks  Incomplete Requirements  Ineffective or Incomplete Reporting & Review Software Solution  Poor User Experience  Poor Project Execution Plan  Formal Requirements Baseline Process  Project Execution Schedule Review  Code Peer Reviews  Evidence of Formal Signoffs  Published Meeting Minutes  Documented Decisions / Logs  Formal results of Audit published for review; opportunities for improvements noted Auditors
Are Risk Management Processes Inherently anti-Agile? Source: http://www.devballs.com/wp-content/uploads/2010/02/agilemanifesto.gif
SDLC & Process Audit Execution Models: Challenges While Agile adoption and evolution has continued unabated over the past several years, traditional process audits have largely been unable to keep pace. Why might this be?
SDLC & Process Audit Execution Models Systems Development Life Cycle – Linear View Req’s Analysis Design Build Test Deploy
SDLC & Process Audit Execution Models Source: http://julianeverett.wordpress.com/ Blue Dotted Line: Agile Red Dotted Line: Waterfall RISK Project Risk Profile – Agile & Waterfall TIME
SDLC & Process Audit Execution Models SDLC Execution – Waterfall, Incremental, & Agile Daily 24 Hours Iteration 2-4 Weeks Release ~3 Months Closure ~9-12 Months
SDLC & Process Audit Execution Models Process Audit vs. SDLC Execution Gap Analysis Closure ~9-12 Months Release ~3 Months Iteration 2-4 Weeks Daily 24 Hours
SDLC & Process Audit Execution Models SDLC and Process Audit Execution: Optimal Quality State Daily Iteration 2-4 Weeks Release ~3 Months Closure
5 Steps to Establishing an Agile Auditable Framework Risk Validation Inventory Agile Practices Create Acceptable Parameters Determine Method of Control Establish Operational Parameters 1 2 3 4 5
5 Steps to Evolving an Agile Auditable Framework Risk Validation Review and Validate the current Risk & Control Framework, ensuring traceability from Risks to Controls to Control Tests. Operational Risk: Risk Control: Control Test: Failure to Manage Project Risks Risk Management Process Evidence of a Periodic Risk Review (Risk Log) Issue Management Process Formal, Complete Issues Log 1
5 Steps to Evolving an Agile Auditable Framework Inventory Agile Practices 2  Inventory the Agile Practices supported by the organization. Scrum practices and ceremonies provide a good start.  Match the Agile ceremonies to the list of Risks in the current Risk & Control Framework. Can a Ceremony or Practice provide an acceptable substitute? How / Why?
5 Steps to Evolving an Agile Auditable Framework Inventory Agile Practices  Introduce the Agile Practice as a Control. Could it work? Could it be effective? What would be the value of the current control set – should anything remain, or can they be dismissed? Operational Risk: Risk Control: Control Test: Failure to Manage Project Risks Risk Management Process Evidence of a Periodic Risk Review Agile Daily Standup 2
5 Steps to Evolving an Agile Auditable Framework Create Acceptable Parameters 3  Research Industry standard ‘best practices’ for the ceremonies or practices you plan on using as a Control (mitigation strategy) for the Risk. A great example is Version One’s The Agile Checklist  Create a matrix defining minimally acceptable behaviors, along with anti-patterns, and radiate the desired outcomes in a common area
5 Steps to Evolving an Agile Auditable Framework Create Acceptable Parameters Agile Ceremony: Daily Standup Best Practice Acceptable Partial Unacceptable Occurs 5 Days per Week Occurs 4 Days per Week Occurs 3 Days per Week Occurs <3 Days per Week 3 Core Questions Addressed 3 Core Questions Addressed <3 Core Questions Addressed <3 Core Questions Addressed …Your Organization? …Your Organization? …Your Organization? ….Your Organization? 3
5 Steps to Evolving an Agile Auditable Framework Determine Method of Control 4  Does the new Control Test require someone observe an Agile Ceremony, or is there a consistent formal artifact from an Agile practice that can be viewed?
5 Steps to Evolving an Agile Auditable Framework Establish Operational Parameters 5  Review the total number of Control Tests. How many require observation from an Auditor?  Establish the Audit cycle & reporting time (Weekly? Sprint Level? Release Level? Other..?)  Train and deploy Audit resources  Execute an Audit cycle… and report to Risk Owners  Learn… and continue to evolve!
5 Steps to Evolving… Creativity  Host a Retrospective Ceremony with some of the Agile teams to uncover:  What may be challenging teams in conforming to minimal standards?  What opportunities can they recommend to evolve to controls?  Are the audits providing value in holding roles accountable for their deliverables?  Finally – when minimal standards are easily achieved – it’s time to take the next steps in maturity, and shift the pattern.
5 Steps to Evolving - Going Beyond...  Challenge: can you evolve traditional, formal artifacts into a more Agile framework? How can you continuously improve? Picture Source: http://agile101.wordpress.com/2009/07/27/ agile-risk-management-assessing-risks-step-2-of-4/
Positive Outcomes  Better alignment of Controls and Tests to the project execution model  Real time, actionable feedback & reporting to teams and Risk owners  Scalable for future methodologies & practices  Continual quality assessments; a project can have multiple reviews  Sets a benchmark for Agile maturity across an Organization  ‘Humanizes’ the Audit (not ‘check the box’) – gives teams a voice  Experience – 50% reduction in Controls… while doubling Quality  Leading – NOT lagging – metric; address problems before they manifest  Opportunity for two-way communication and learnings
Challenges  Optimal model is labor intensive  Inherent subjectivity in assessments (‘Auditor Bias’)  Potential for teams to feel ‘over controlled’  Oversight and administration of the process  Communication and support for changes  Determining boundaries of adherence vs. non-adherence, and appropriate remedies  Ever-evolving process; can feel like an ‘arms race’
Common Questions  Does this model Scale?  How much time per week would this require?  Isn’t this just the Scrum Master’s… or (insert role here) – job?  Could we use Pair Programming as a Control?  What is the future of Agile Quality Assurance?
Objectives Met? Source: http://www.devballs.com/wp-content/uploads/2010/02/agilemanifesto.gif
Remember: Auditors are the Board of Health!
Questions?
Thank You!
Information Sources Malik Imran Ullah & Waqar Ali Zaidi, “Quality Assurance Activities in Agile – Philosophy to Practice”. Sep. 2009. Larry Whittington, “ISO9001:2008 Requirements Summary in Plain English”. http://www.whittingtonassociates.com/ Tor Stalhane, Geir Kjetil Hanssen, “The application of ISO 9001 to Agile Software Development”. 2008. Buck Kulkami, “Agile Projects: An Emerging Challenge for IT Auditors”.
Information Sources R. Gopinath, “Guideline: How to Audit and Agile Project?” George Schlitz, “Is your Agile Audit and Compliance Process really Agile?” Christelle Scharff, “Guiding Global Software Development Projects using Scrum and Agile with Quality Assurance”

Recommended

Building Quality Culture In Agile Software Development
Building Quality Culture In Agile Software DevelopmentBuilding Quality Culture In Agile Software Development
Building Quality Culture In Agile Software DevelopmentKaali Dass PMP, PhD.
 
Edge presentation cmm_final CMMI CSTE CSQA
Edge presentation cmm_final CMMI CSTE CSQAEdge presentation cmm_final CMMI CSTE CSQA
Edge presentation cmm_final CMMI CSTE CSQAAhmed El-Askalany, CSTE, CSQA, PMP, CQIA, ITIL
 
Developing quality program
Developing quality programDeveloping quality program
Developing quality programAhmed El-Askalany, CSTE, CSQA, PMP, CQIA, ITIL
 
Prosci Enterprise Change Management Boot Camp Info Webinar May 2016
Prosci Enterprise Change Management Boot Camp Info Webinar May 2016Prosci Enterprise Change Management Boot Camp Info Webinar May 2016
Prosci Enterprise Change Management Boot Camp Info Webinar May 2016Catherine Smithson
 
Lean implementation proposal ver 2
Lean implementation proposal ver 2Lean implementation proposal ver 2
Lean implementation proposal ver 2Laurence Yap M.A. (UM) CHRM
 
Agile Center of Excellence : Presented by Rahul Sudame
Agile Center of Excellence : Presented by Rahul Sudame Agile Center of Excellence : Presented by Rahul Sudame
Agile Center of Excellence : Presented by Rahul Sudame oGuild .
 
Organisation change readiness assessment paper
Organisation change readiness assessment paper Organisation change readiness assessment paper
Organisation change readiness assessment paper Strategic Business & IT Services
 
Greencastle readiness assessment webinar 14 aug13
Greencastle readiness assessment webinar 14 aug13Greencastle readiness assessment webinar 14 aug13
Greencastle readiness assessment webinar 14 aug13Greencastle Assocaites Consulting
 

Recommended

Building Quality Culture In Agile Software Development
Building Quality Culture In Agile Software DevelopmentBuilding Quality Culture In Agile Software Development
Building Quality Culture In Agile Software DevelopmentKaali Dass PMP, PhD.
 
Edge presentation cmm_final CMMI CSTE CSQA
Edge presentation cmm_final CMMI CSTE CSQAEdge presentation cmm_final CMMI CSTE CSQA
Edge presentation cmm_final CMMI CSTE CSQAAhmed El-Askalany, CSTE, CSQA, PMP, CQIA, ITIL
 
Developing quality program
Developing quality programDeveloping quality program
Developing quality programAhmed El-Askalany, CSTE, CSQA, PMP, CQIA, ITIL
 
Prosci Enterprise Change Management Boot Camp Info Webinar May 2016
Prosci Enterprise Change Management Boot Camp Info Webinar May 2016Prosci Enterprise Change Management Boot Camp Info Webinar May 2016
Prosci Enterprise Change Management Boot Camp Info Webinar May 2016Catherine Smithson
 
Lean implementation proposal ver 2
Lean implementation proposal ver 2Lean implementation proposal ver 2
Lean implementation proposal ver 2Laurence Yap M.A. (UM) CHRM
 
Agile Center of Excellence : Presented by Rahul Sudame
Agile Center of Excellence : Presented by Rahul Sudame Agile Center of Excellence : Presented by Rahul Sudame
Agile Center of Excellence : Presented by Rahul Sudame oGuild .
 
Organisation change readiness assessment paper
Organisation change readiness assessment paper Organisation change readiness assessment paper
Organisation change readiness assessment paper Strategic Business & IT Services
 
Greencastle readiness assessment webinar 14 aug13
Greencastle readiness assessment webinar 14 aug13Greencastle readiness assessment webinar 14 aug13
Greencastle readiness assessment webinar 14 aug13Greencastle Assocaites Consulting
 
Agile: a fresh perspective
Agile: a fresh perspectiveAgile: a fresh perspective
Agile: a fresh perspectiveILX Group
 
20170804 organizational agility-as-a-competititve-advantage-final
20170804 organizational agility-as-a-competititve-advantage-final20170804 organizational agility-as-a-competititve-advantage-final
20170804 organizational agility-as-a-competititve-advantage-finalSebastian Olbert
 
PMI-ACP - Agile Framework
PMI-ACP - Agile FrameworkPMI-ACP - Agile Framework
PMI-ACP - Agile FrameworkWafi Mohtaseb
 
Maximizing Business Success Through Organizational Agility
Maximizing Business Success Through Organizational AgilityMaximizing Business Success Through Organizational Agility
Maximizing Business Success Through Organizational AgilityNick Born
 
ATH2013- Mohan - Leadership for Lean Teams
ATH2013- Mohan - Leadership for Lean TeamsATH2013- Mohan - Leadership for Lean Teams
ATH2013- Mohan - Leadership for Lean TeamsIndia Scrum Enthusiasts Community
 
Lean for leaders
Lean for leadersLean for leaders
Lean for leadersLean India Summit
 
Future State Operational Transformation Framework
Future State Operational Transformation FrameworkFuture State Operational Transformation Framework
Future State Operational Transformation FrameworkFuture State
 
The Agile Adoption Roadmap (Keynote by Tim Abbott)
The Agile Adoption Roadmap (Keynote by Tim Abbott)The Agile Adoption Roadmap (Keynote by Tim Abbott)
The Agile Adoption Roadmap (Keynote by Tim Abbott)Agile Days Middle East
 
Undersstanding of lean mananagement & processes course content sign
Undersstanding of lean mananagement & processes course content signUndersstanding of lean mananagement & processes course content sign
Undersstanding of lean mananagement & processes course content signTeh Chin Weng
 
Agile Transformation: The Difference Between Success and Failure
Agile Transformation: The Difference Between Success and FailureAgile Transformation: The Difference Between Success and Failure
Agile Transformation: The Difference Between Success and FailureSunil Mundra
 
Principles of effective software quality management
Principles of effective software quality managementPrinciples of effective software quality management
Principles of effective software quality managementNeeraj Tripathi
 
Lean Strategy Deployment - Quick Overview
Lean Strategy Deployment - Quick OverviewLean Strategy Deployment - Quick Overview
Lean Strategy Deployment - Quick OverviewEdgar Cardenas Sanchez
 
Agile Continuous improvement
Agile Continuous improvementAgile Continuous improvement
Agile Continuous improvementWafi Mohtaseb
 
The Lean Transformation
The Lean Transformation The Lean Transformation
The Lean Transformation Dave Salzwedel
 
Lay Lean HR applying process
Lay Lean HR applying processLay Lean HR applying process
Lay Lean HR applying processHR Florida State Council, Inc.
 
10 steps to better outcomes by using metrics
10 steps to better outcomes by using metrics10 steps to better outcomes by using metrics
10 steps to better outcomes by using metricsDerek Huether
 
Lean Deployment Models - Perspect Management Consulting
Lean Deployment Models - Perspect Management ConsultingLean Deployment Models - Perspect Management Consulting
Lean Deployment Models - Perspect Management ConsultingColin McAllister, Executive Coach / Management Consultant
 
Lean thinking
Lean thinkingLean thinking
Lean thinkingAnand Subramaniam
 
Wk 7b organizational change
Wk 7b organizational changeWk 7b organizational change
Wk 7b organizational changeShweta Varshney
 
Service delivery governance
Service delivery governanceService delivery governance
Service delivery governanceMasaf Dawood
 
IT Resources for Your Business
IT Resources for Your BusinessIT Resources for Your Business
IT Resources for Your Businessasuarea48
 
Communication Challenges in Distributed Agile Projects
Communication Challenges in Distributed Agile ProjectsCommunication Challenges in Distributed Agile Projects
Communication Challenges in Distributed Agile Projectsguest36325d
 

More Related Content

What's hot

Agile: a fresh perspective
Agile: a fresh perspectiveAgile: a fresh perspective
Agile: a fresh perspectiveILX Group
 
20170804 organizational agility-as-a-competititve-advantage-final
20170804 organizational agility-as-a-competititve-advantage-final20170804 organizational agility-as-a-competititve-advantage-final
20170804 organizational agility-as-a-competititve-advantage-finalSebastian Olbert
 
PMI-ACP - Agile Framework
PMI-ACP - Agile FrameworkPMI-ACP - Agile Framework
PMI-ACP - Agile FrameworkWafi Mohtaseb
 
Maximizing Business Success Through Organizational Agility
Maximizing Business Success Through Organizational AgilityMaximizing Business Success Through Organizational Agility
Maximizing Business Success Through Organizational AgilityNick Born
 
Future State Operational Transformation Framework
Future State Operational Transformation FrameworkFuture State Operational Transformation Framework
Future State Operational Transformation FrameworkFuture State
 
The Agile Adoption Roadmap (Keynote by Tim Abbott)
The Agile Adoption Roadmap (Keynote by Tim Abbott)The Agile Adoption Roadmap (Keynote by Tim Abbott)
The Agile Adoption Roadmap (Keynote by Tim Abbott)Agile Days Middle East
 
Undersstanding of lean mananagement & processes course content sign
Undersstanding of lean mananagement & processes course content signUndersstanding of lean mananagement & processes course content sign
Undersstanding of lean mananagement & processes course content signTeh Chin Weng
 
Agile Transformation: The Difference Between Success and Failure
Agile Transformation: The Difference Between Success and FailureAgile Transformation: The Difference Between Success and Failure
Agile Transformation: The Difference Between Success and FailureSunil Mundra
 
Principles of effective software quality management
Principles of effective software quality managementPrinciples of effective software quality management
Principles of effective software quality managementNeeraj Tripathi
 
Lean Strategy Deployment - Quick Overview
Lean Strategy Deployment - Quick OverviewLean Strategy Deployment - Quick Overview
Lean Strategy Deployment - Quick OverviewEdgar Cardenas Sanchez
 
Agile Continuous improvement
Agile Continuous improvementAgile Continuous improvement
Agile Continuous improvementWafi Mohtaseb
 
The Lean Transformation
The Lean Transformation The Lean Transformation
The Lean Transformation Dave Salzwedel
 
10 steps to better outcomes by using metrics
10 steps to better outcomes by using metrics10 steps to better outcomes by using metrics
10 steps to better outcomes by using metricsDerek Huether
 
Wk 7b organizational change
Wk 7b organizational changeWk 7b organizational change
Wk 7b organizational changeShweta Varshney
 
Service delivery governance
Service delivery governanceService delivery governance
Service delivery governanceMasaf Dawood
 

What's hot (20)

Agile: a fresh perspective
Agile: a fresh perspectiveAgile: a fresh perspective
Agile: a fresh perspective
 
20170804 organizational agility-as-a-competititve-advantage-final
20170804 organizational agility-as-a-competititve-advantage-final20170804 organizational agility-as-a-competititve-advantage-final
20170804 organizational agility-as-a-competititve-advantage-final
 
PMI-ACP - Agile Framework
PMI-ACP - Agile FrameworkPMI-ACP - Agile Framework
PMI-ACP - Agile Framework
 
Maximizing Business Success Through Organizational Agility
Maximizing Business Success Through Organizational AgilityMaximizing Business Success Through Organizational Agility
Maximizing Business Success Through Organizational Agility
 
ATH2013- Mohan - Leadership for Lean Teams
ATH2013- Mohan - Leadership for Lean TeamsATH2013- Mohan - Leadership for Lean Teams
ATH2013- Mohan - Leadership for Lean Teams
 
Lean for leaders
Lean for leadersLean for leaders
Lean for leaders
 
Future State Operational Transformation Framework
Future State Operational Transformation FrameworkFuture State Operational Transformation Framework
Future State Operational Transformation Framework
 
The Agile Adoption Roadmap (Keynote by Tim Abbott)
The Agile Adoption Roadmap (Keynote by Tim Abbott)The Agile Adoption Roadmap (Keynote by Tim Abbott)
The Agile Adoption Roadmap (Keynote by Tim Abbott)
 
Undersstanding of lean mananagement & processes course content sign
Undersstanding of lean mananagement & processes course content signUndersstanding of lean mananagement & processes course content sign
Undersstanding of lean mananagement & processes course content sign
 
Agile Transformation: The Difference Between Success and Failure
Agile Transformation: The Difference Between Success and FailureAgile Transformation: The Difference Between Success and Failure
Agile Transformation: The Difference Between Success and Failure
 
Principles of effective software quality management
Principles of effective software quality managementPrinciples of effective software quality management
Principles of effective software quality management
 
Lean Strategy Deployment - Quick Overview
Lean Strategy Deployment - Quick OverviewLean Strategy Deployment - Quick Overview
Lean Strategy Deployment - Quick Overview
 
Agile Continuous improvement
Agile Continuous improvementAgile Continuous improvement
Agile Continuous improvement
 
The Lean Transformation
The Lean Transformation The Lean Transformation
The Lean Transformation
 
Lay Lean HR applying process
Lay Lean HR applying processLay Lean HR applying process
Lay Lean HR applying process
 
10 steps to better outcomes by using metrics
10 steps to better outcomes by using metrics10 steps to better outcomes by using metrics
10 steps to better outcomes by using metrics
 
Lean Deployment Models - Perspect Management Consulting
Lean Deployment Models - Perspect Management ConsultingLean Deployment Models - Perspect Management Consulting
Lean Deployment Models - Perspect Management Consulting
 
Lean thinking
Lean thinkingLean thinking
Lean thinking
 
Wk 7b organizational change
Wk 7b organizational changeWk 7b organizational change
Wk 7b organizational change
 
Service delivery governance
Service delivery governanceService delivery governance
Service delivery governance
 

Viewers also liked

IT Resources for Your Business
IT Resources for Your BusinessIT Resources for Your Business
IT Resources for Your Businessasuarea48
 
Communication Challenges in Distributed Agile Projects
Communication Challenges in Distributed Agile ProjectsCommunication Challenges in Distributed Agile Projects
Communication Challenges in Distributed Agile Projectsguest36325d
 
Agile Scrum Quick Reference Card
Agile Scrum Quick Reference CardAgile Scrum Quick Reference Card
Agile Scrum Quick Reference CardTechcanvass
 
Lean/Agile Depth Assessment Checklist A3
Lean/Agile Depth Assessment Checklist A3Lean/Agile Depth Assessment Checklist A3
Lean/Agile Depth Assessment Checklist A3Yuval Yeret
 
The Art of SAFe ART/VS Design - Agile Boston Meetup - Feb 2016
The Art of SAFe ART/VS Design - Agile Boston Meetup - Feb 2016The Art of SAFe ART/VS Design - Agile Boston Meetup - Feb 2016
The Art of SAFe ART/VS Design - Agile Boston Meetup - Feb 2016Yuval Yeret
 
High Quality Software Development with Agile and Scrum
High Quality Software Development with Agile and ScrumHigh Quality Software Development with Agile and Scrum
High Quality Software Development with Agile and ScrumLemi Orhan Ergin
 
Lean Software Development Principles
Lean Software Development PrinciplesLean Software Development Principles
Lean Software Development PrinciplesJohn Vajda
 

Viewers also liked (7)

IT Resources for Your Business
IT Resources for Your BusinessIT Resources for Your Business
IT Resources for Your Business
 
Communication Challenges in Distributed Agile Projects
Communication Challenges in Distributed Agile ProjectsCommunication Challenges in Distributed Agile Projects
Communication Challenges in Distributed Agile Projects
 
Agile Scrum Quick Reference Card
Agile Scrum Quick Reference CardAgile Scrum Quick Reference Card
Agile Scrum Quick Reference Card
 
Lean/Agile Depth Assessment Checklist A3
Lean/Agile Depth Assessment Checklist A3Lean/Agile Depth Assessment Checklist A3
Lean/Agile Depth Assessment Checklist A3
 
The Art of SAFe ART/VS Design - Agile Boston Meetup - Feb 2016
The Art of SAFe ART/VS Design - Agile Boston Meetup - Feb 2016The Art of SAFe ART/VS Design - Agile Boston Meetup - Feb 2016
The Art of SAFe ART/VS Design - Agile Boston Meetup - Feb 2016
 
High Quality Software Development with Agile and Scrum
High Quality Software Development with Agile and ScrumHigh Quality Software Development with Agile and Scrum
High Quality Software Development with Agile and Scrum
 
Lean Software Development Principles
Lean Software Development PrinciplesLean Software Development Principles
Lean Software Development Principles
 

Similar to A Journey Through Agile Auditability

Dealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand AgileDealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand AgileTechWell
 
How to measure the outcome of agile transformation
How to measure the outcome of agile transformationHow to measure the outcome of agile transformation
How to measure the outcome of agile transformationRahul Sudame
 
AgileTestStrategy.pptx
AgileTestStrategy.pptxAgileTestStrategy.pptx
AgileTestStrategy.pptxEdisonTobon3
 
RDrew Six Sigma Overview
RDrew Six Sigma OverviewRDrew Six Sigma Overview
RDrew Six Sigma OverviewRon Drew
 
Quality Management System ISO 9001 Interpretation and Internal Audit
Quality Management System ISO 9001 Interpretation and Internal AuditQuality Management System ISO 9001 Interpretation and Internal Audit
Quality Management System ISO 9001 Interpretation and Internal AuditDinar Surtikarani
 
Agility Transformations - Learn, Plan, Go!
Agility Transformations - Learn, Plan, Go!Agility Transformations - Learn, Plan, Go!
Agility Transformations - Learn, Plan, Go!Monisha Menon
 
Basic Six Sigma Presentation
Basic Six Sigma PresentationBasic Six Sigma Presentation
Basic Six Sigma Presentationvivekissar
 
Manoj Kolhe - Testing in Agile Environment
Manoj Kolhe - Testing in Agile EnvironmentManoj Kolhe - Testing in Agile Environment
Manoj Kolhe - Testing in Agile EnvironmentManoj Kolhe
 
Five Steps to a More Agile Organization
Five Steps to a More Agile OrganizationFive Steps to a More Agile Organization
Five Steps to a More Agile OrganizationLitheSpeed
 
The Agile Readiness Assessment Tool Essay
The Agile Readiness Assessment Tool EssayThe Agile Readiness Assessment Tool Essay
The Agile Readiness Assessment Tool EssayHeidi Owens
 
Agile testing practice
Agile testing practiceAgile testing practice
Agile testing practiceMary Jiang
 
The Good, The Bad, and The Metrics
The Good, The Bad, and The Metrics The Good, The Bad, and The Metrics
The Good, The Bad, and The MetricsTeamQualityPro
 
PMI - ACP (Agile Certified Practitionar) Certification Exam Prep
PMI - ACP (Agile Certified Practitionar) Certification Exam PrepPMI - ACP (Agile Certified Practitionar) Certification Exam Prep
PMI - ACP (Agile Certified Practitionar) Certification Exam PrepPrudentialSolutions
 

Similar to A Journey Through Agile Auditability (20)

Dealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand AgileDealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand Agile
 
How to measure the outcome of agile transformation
How to measure the outcome of agile transformationHow to measure the outcome of agile transformation
How to measure the outcome of agile transformation
 
QA in Agile World
QA in Agile WorldQA in Agile World
QA in Agile World
 
Sanitized tb swstmppp1516july
Sanitized tb swstmppp1516julySanitized tb swstmppp1516july
Sanitized tb swstmppp1516july
 
AgileTestStrategy.pptx
AgileTestStrategy.pptxAgileTestStrategy.pptx
AgileTestStrategy.pptx
 
RDrew Six Sigma Overview
RDrew Six Sigma OverviewRDrew Six Sigma Overview
RDrew Six Sigma Overview
 
Quality Management System ISO 9001 Interpretation and Internal Audit
Quality Management System ISO 9001 Interpretation and Internal AuditQuality Management System ISO 9001 Interpretation and Internal Audit
Quality Management System ISO 9001 Interpretation and Internal Audit
 
U20
U20U20
U20
 
Agility Transformations - Learn, Plan, Go!
Agility Transformations - Learn, Plan, Go!Agility Transformations - Learn, Plan, Go!
Agility Transformations - Learn, Plan, Go!
 
National Postal Forum 2011 - Quality Control In Mail Center Operations
National Postal Forum 2011 - Quality Control In Mail Center OperationsNational Postal Forum 2011 - Quality Control In Mail Center Operations
National Postal Forum 2011 - Quality Control In Mail Center Operations
 
Basic Six Sigma Presentation
Basic Six Sigma PresentationBasic Six Sigma Presentation
Basic Six Sigma Presentation
 
Pmp quality management
Pmp quality managementPmp quality management
Pmp quality management
 
Manoj Kolhe - Testing in Agile Environment
Manoj Kolhe - Testing in Agile EnvironmentManoj Kolhe - Testing in Agile Environment
Manoj Kolhe - Testing in Agile Environment
 
Five Steps to a More Agile Organization
Five Steps to a More Agile OrganizationFive Steps to a More Agile Organization
Five Steps to a More Agile Organization
 
The Agile Readiness Assessment Tool Essay
The Agile Readiness Assessment Tool EssayThe Agile Readiness Assessment Tool Essay
The Agile Readiness Assessment Tool Essay
 
Agile testing practice
Agile testing practiceAgile testing practice
Agile testing practice
 
Agile transformation by Gnanasambandham anbazhagan
Agile transformation by Gnanasambandham anbazhaganAgile transformation by Gnanasambandham anbazhagan
Agile transformation by Gnanasambandham anbazhagan
 
Scrum at Scale
Scrum at ScaleScrum at Scale
Scrum at Scale
 
The Good, The Bad, and The Metrics
The Good, The Bad, and The Metrics The Good, The Bad, and The Metrics
The Good, The Bad, and The Metrics
 
PMI - ACP (Agile Certified Practitionar) Certification Exam Prep
PMI - ACP (Agile Certified Practitionar) Certification Exam PrepPMI - ACP (Agile Certified Practitionar) Certification Exam Prep
PMI - ACP (Agile Certified Practitionar) Certification Exam Prep
 

Recently uploaded

Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 

Recently uploaded (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 

A Journey Through Agile Auditability

  • 1. Chaos, Consistency, Creativity: A Journey Through Agile Auditability Steve Nunziata, PMP, PMI-ACP, CSM, SAFe SPC Agile Austin Monthly Meeting, October 14th, 2014
  • 2. About Steve… PMP, ACP, CSM, SAFe SPC EDS, Nike, Adidas, USAA Agile Trainer & Coach New Jersey / Oregon Bassist Extraordinaire Alamo Agilistas / PMI
  • 3. Background: My Story Zero to Sixty (Days): Chaos to Consistency
  • 4. So… Why Are We Here? Opportunity: Educate internal auditors to evolve away from formal artifacts and accept Agile tenets of visibility and transparency to demonstrate adherence to defined Quality standards. We will collaborate on an approach to define an Agile Risk & Control framework that can start you on your journey.
  • 5. How Would You Like:  A 50% - or more – reduction in project ‘paperwork’ to demonstrate adherence to compliance processes? 59 COMPLIANCE ARTIFACTS 30 PROJECT WATERFALL AGILE  A framework for consistent application of Agile practices and ceremonies across a large – and growing – organization?
  • 6. Remember…Use the Force Remove, you must, Stories from the Backlog, That, within an Iteration, completed, will not be…
  • 7. Agenda Chaos Failings of Today’s Risk Management Processes Consistency Why Audit Execution Models Need to Evolve Creativity Creating an Agile Auditable Framework
  • 8. Managing Risk – How Important is it?  The primary goal of a business is to… stay in business.  It is therefore necessary to continually evaluate, monitor, and address threats to retain market share. Otherwise, what would happen?
  • 9. Managing Risk – The Risk Management Process Risk Identification Risk Assessment Risk Response Risk Review
  • 10. Managing Risk – ISO 9001 Summary Part 4 – The Company must establish, document, and maintain a Quality Management System (QMS) Part 5 – Management commitment in evidence for the QMS Part 6 – Necessary resources must be determined & provisioned Part 7 – Plan & Develop processes for product realization. The processes must produce documents that can be (1) reviewed for acceptance; and (2) used as proof of conformance Part 8 – All reports of non-conformances, both of the product or the process, shall be reported upon, analyzed and lead to corrective action
  • 11. Managing Risk – Risk & Control Compliance Framework Risk Controls Control Tests Operational Risks  Incomplete Requirements  Ineffective or Incomplete Reporting & Review Software Solution  Poor User Experience  Poor Project Execution Plan  Formal Requirements Baseline Process  Project Execution Schedule Review  Code Peer Reviews  Evidence of Formal Signoffs  Published Meeting Minutes  Documented Decisions / Logs  Formal results of Audit published for review; opportunities for improvements noted Auditors
  • 12. Are Risk Management Processes Inherently anti-Agile? Source: http://www.devballs.com/wp-content/uploads/2010/02/agilemanifesto.gif
  • 13. SDLC & Process Audit Execution Models: Challenges While Agile adoption and evolution has continued unabated over the past several years, traditional process audits have largely been unable to keep pace. Why might this be?
  • 14. SDLC & Process Audit Execution Models Systems Development Life Cycle – Linear View Req’s Analysis Design Build Test Deploy
  • 15. SDLC & Process Audit Execution Models Source: http://julianeverett.wordpress.com/ Blue Dotted Line: Agile Red Dotted Line: Waterfall RISK Project Risk Profile – Agile & Waterfall TIME
  • 16. SDLC & Process Audit Execution Models SDLC Execution – Waterfall, Incremental, & Agile Daily 24 Hours Iteration 2-4 Weeks Release ~3 Months Closure ~9-12 Months
  • 17. SDLC & Process Audit Execution Models Process Audit vs. SDLC Execution Gap Analysis Closure ~9-12 Months Release ~3 Months Iteration 2-4 Weeks Daily 24 Hours
  • 18. SDLC & Process Audit Execution Models SDLC and Process Audit Execution: Optimal Quality State Daily Iteration 2-4 Weeks Release ~3 Months Closure
  • 19. 5 Steps to Establishing an Agile Auditable Framework Risk Validation Inventory Agile Practices Create Acceptable Parameters Determine Method of Control Establish Operational Parameters 1 2 3 4 5
  • 20. 5 Steps to Evolving an Agile Auditable Framework Risk Validation Review and Validate the current Risk & Control Framework, ensuring traceability from Risks to Controls to Control Tests. Operational Risk: Risk Control: Control Test: Failure to Manage Project Risks Risk Management Process Evidence of a Periodic Risk Review (Risk Log) Issue Management Process Formal, Complete Issues Log 1
  • 21. 5 Steps to Evolving an Agile Auditable Framework Inventory Agile Practices 2  Inventory the Agile Practices supported by the organization. Scrum practices and ceremonies provide a good start.  Match the Agile ceremonies to the list of Risks in the current Risk & Control Framework. Can a Ceremony or Practice provide an acceptable substitute? How / Why?
  • 22. 5 Steps to Evolving an Agile Auditable Framework Inventory Agile Practices  Introduce the Agile Practice as a Control. Could it work? Could it be effective? What would be the value of the current control set – should anything remain, or can they be dismissed? Operational Risk: Risk Control: Control Test: Failure to Manage Project Risks Risk Management Process Evidence of a Periodic Risk Review Agile Daily Standup 2
  • 23. 5 Steps to Evolving an Agile Auditable Framework Create Acceptable Parameters 3  Research Industry standard ‘best practices’ for the ceremonies or practices you plan on using as a Control (mitigation strategy) for the Risk. A great example is Version One’s The Agile Checklist  Create a matrix defining minimally acceptable behaviors, along with anti-patterns, and radiate the desired outcomes in a common area
  • 24. 5 Steps to Evolving an Agile Auditable Framework Create Acceptable Parameters Agile Ceremony: Daily Standup Best Practice Acceptable Partial Unacceptable Occurs 5 Days per Week Occurs 4 Days per Week Occurs 3 Days per Week Occurs <3 Days per Week 3 Core Questions Addressed 3 Core Questions Addressed <3 Core Questions Addressed <3 Core Questions Addressed …Your Organization? …Your Organization? …Your Organization? ….Your Organization? 3
  • 25. 5 Steps to Evolving an Agile Auditable Framework Determine Method of Control 4  Does the new Control Test require someone observe an Agile Ceremony, or is there a consistent formal artifact from an Agile practice that can be viewed?
  • 26. 5 Steps to Evolving an Agile Auditable Framework Establish Operational Parameters 5  Review the total number of Control Tests. How many require observation from an Auditor?  Establish the Audit cycle & reporting time (Weekly? Sprint Level? Release Level? Other..?)  Train and deploy Audit resources  Execute an Audit cycle… and report to Risk Owners  Learn… and continue to evolve!
  • 27. 5 Steps to Evolving… Creativity  Host a Retrospective Ceremony with some of the Agile teams to uncover:  What may be challenging teams in conforming to minimal standards?  What opportunities can they recommend to evolve to controls?  Are the audits providing value in holding roles accountable for their deliverables?  Finally – when minimal standards are easily achieved – it’s time to take the next steps in maturity, and shift the pattern.
  • 28. 5 Steps to Evolving - Going Beyond...  Challenge: can you evolve traditional, formal artifacts into a more Agile framework? How can you continuously improve? Picture Source: http://agile101.wordpress.com/2009/07/27/ agile-risk-management-assessing-risks-step-2-of-4/
  • 29. Positive Outcomes  Better alignment of Controls and Tests to the project execution model  Real time, actionable feedback & reporting to teams and Risk owners  Scalable for future methodologies & practices  Continual quality assessments; a project can have multiple reviews  Sets a benchmark for Agile maturity across an Organization  ‘Humanizes’ the Audit (not ‘check the box’) – gives teams a voice  Experience – 50% reduction in Controls… while doubling Quality  Leading – NOT lagging – metric; address problems before they manifest  Opportunity for two-way communication and learnings
  • 30. Challenges  Optimal model is labor intensive  Inherent subjectivity in assessments (‘Auditor Bias’)  Potential for teams to feel ‘over controlled’  Oversight and administration of the process  Communication and support for changes  Determining boundaries of adherence vs. non-adherence, and appropriate remedies  Ever-evolving process; can feel like an ‘arms race’
  • 31. Common Questions  Does this model Scale?  How much time per week would this require?  Isn’t this just the Scrum Master’s… or (insert role here) – job?  Could we use Pair Programming as a Control?  What is the future of Agile Quality Assurance?
  • 32. Objectives Met? Source: http://www.devballs.com/wp-content/uploads/2010/02/agilemanifesto.gif
  • 33. Remember: Auditors are the Board of Health!
  • 36. Information Sources Malik Imran Ullah & Waqar Ali Zaidi, “Quality Assurance Activities in Agile – Philosophy to Practice”. Sep. 2009. Larry Whittington, “ISO9001:2008 Requirements Summary in Plain English”. http://www.whittingtonassociates.com/ Tor Stalhane, Geir Kjetil Hanssen, “The application of ISO 9001 to Agile Software Development”. 2008. Buck Kulkami, “Agile Projects: An Emerging Challenge for IT Auditors”.
  • 37. Information Sources R. Gopinath, “Guideline: How to Audit and Agile Project?” George Schlitz, “Is your Agile Audit and Compliance Process really Agile?” Christelle Scharff, “Guiding Global Software Development Projects using Scrum and Agile with Quality Assurance”