Agile Project need Agile Controls and Audit. Christopher Wright BSc(hon), CPFA, CISA, MBCS, MAPM Certified ScrumMaster,

Transcription

1 Agile Project need Agile Controls and Audit Christopher Wright BSc(hon), CPFA, CISA, MBCS, MAPM Certified ScrumMaster,

2 Unresponsive to emerging cyberthreats? Tired of late delivery of projects? Exhausted by winging users? Distracted by tedious auditors? Confused by spiralling delivery costs? Overcome by project paperwork? THEN YOU NEED...

3 THE NEW WONDER DRUG Say goodbye to... SUPER AGILE Project overruns Dissatisfied users Endless project paperwork Governance Overworked project teams Tiresome auditors Always read the label...there may be side effects. May contain nuts.

4 Sounds too good to be true... I had questions: 1. What is AGILE? 2. How do we do AGILE? 3. What are AGILE S risks and controls? 4. Is AGILE audit different? Now I have some answers

5 Agile definition Use of evolutionary, incremental and iterative delivery to converge on an optimal customer solution [inc security] Maximising the business value with right sized, just enough, and just in time processes and documentation The ability to create and respond to change in order to profit in a turbulent global business The ability to re-prioritize use of resources when requirements, technology and knowledge shift A very fast response to sudden market changes and emerging threats, by intensive customer interaction Source : David F Rico, Lean and Agile Systems Engineering : 1. What is AGILE?

6 Agile Manifesto We are uncovering better ways of developing [products] by doing it and helping others do it. Through this work we have come to value: Individuals and interactions over processes and tools Working [products] over comprehensive documentation Customer collaboration over contract negotiations Responding to change over following a plan That is while there is value in the items on the right, we value the items on the left more. Source : Martin Fowler & Jim Highsmith. The Agile Manifesto. Software development, 8, August What is AGILE?

7 Scrum Approach to Agile Product Owner Scrum Master Scrum Team 2. How do we do AGILE?

8 Risks & Benefits As for Waterfall: Will project complete on time? Will it meet business requirements? Will it be on budget? Will it be secure? However... Incremental basis reduces the potential impact Users more involved & test by using a module! Different constraints Plus... Lower risk project will be agile enough? Product could be more fit for purpose? Embed security in NFR s / US s 3. What are AGILE S risks?

9 Poor Management of Agility Risk Is it scalable? Is it secure? R3 Is it standardised? R3.Ourco What are AGILE S risks?

10 Audit 3 tips Be proactive Lose the tie Be creative Don t wait to audit until end of project; Use the force manifesto etc; Prepare well before the audit Keep an open mind Try to fit into the culture Maintain independence but watch the attitude Think like a scrum team Focus on people and product not paperwork 4. Is AGILE audit different?

11 Key Takeaways We can not stop the Agile tide Agile allows us to respond to emerging threats Agile provides some audit and governance benefits Need to use Waterfall and Agile together as appropriate Approach Agile controls in an Agile way Focus on behaviours not Project process Outputs are more important than documentation Use the Agile manifesto etc

12 Do you have any questions?