More Related Content Similar to Agility meets regulatory compliance (20) More from Dave Sharrock (18) Agility meets regulatory compliance1. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
agility meets regulatory compliance
2. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Why should it be more difficult to apply Scrum where IT
governance & regulatory compliance is enforced?
3. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
what is driving growth in
agility?
4. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Growing Software
Complexity
Software complexity in FORD vehicles
quadrupled in 5 years
0
2.5
5
7.5
10
2005 2006 2007 2008 2009 2010
10
6
4.5
3.4
2.8
2.4
Software lines in FORD vehicles over the past 5 years
x4
5. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Growing Software
Complexity
Compared software complexity growth in
aerospace and automotive
F-22 Raptor
F-35 Joint Strike
Boeing 787 Dreamliner
S-Class Daimler 98.6
6.5
5.7
1.7
x10
6. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Time to Market
Due to globalization effects, and other
economical changes, the time to market over
time decreased significantly
Deepa Chandrasekaran, Gerard J. Tellis - Marshall School of Business, University of Southern California, Los Angeles, California
1915 1939 1972 1976 1983 1994 1998 2000 2002 2004
13.5 years
3
m
onths
7. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
why does that matter?
8. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Change from this...
Defined Process, suited to produce faster with
constant inputs
9. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
... to this
R&D based process suited to uncertain and
changeable environments
10. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
what is governance and
regulatory compliance?
11. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
IT Governance Goals
The primary goals for information
technology governance are to:
1. Assure that investment in IT
generates business value, and
2. Mitigate the risks associated
with IT
12. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Comparing the goals
1
2
3
4
Quality
Productivity
Predictability
Business Value
Business Value
Risk Management
Effectiveness
Exceed requirements
governance agility
13. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Interpreted to be prescriptive
"The system by which the
current and future use of
ICT is directed and
controlled. It involves
evaluating and directing
the plans for the use of
ICT to support the
organisation and
monitoring this use to
achieve plans. It includes
the strategy and policies
for using ICT within an
organisation."
Australian Standard
"… the leadership and
organisational
structures and
processes that ensure
that the organisation’s
IT sustains and extends
the organisation’s
strategies and
objectives"
IT Governance Institute
“The structure,
oversight and
management processes
which ensure the
delivery of the expected
benefits of IT in a
controlled way to help
enhance the long term
sustainable success of
the enterprise.”
ISACA
14. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Achieving agility vs. compliance
Communica)on
Empowerment
Transparency
Adaptability
Itera)ve
&
Incremental
Defined
Process
&
Standards
Plan
›
Analyze
› Develop
› Test
Traceability
Formal
review
and
approval
Configura)on
Management
governance agility
15. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
how to reconcile agile and
governance processes
16. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Scrum process
17. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
0
1
2
3
The wrong way to manage governance
18. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Scrum process
1.
Documenta)on
2.
Interac)ons
19. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Documentation
20. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Is documentation
waste?
“Everything that does
not add value to the
product is waste”
1st
principle
of
lean
development
21. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Is documentation waste?
“If you must produce paperwork that adds little customer
value, there are three rules to remember: Keep it short. Keep
it high level. Do it offline.”
“Safety-critical systems are frequently regulated and are
often required to have written requirements, traceable to
code. In this case, formatting the requirements so that they
can easily be evaluated and checked for completeness may
qualify as a value-adding activity. Look for a table driven or
template driven format that reduces the requirements to a
condensed format that both users and development can
rapidly understand and validate.”
Mary Poppendieck, Lean Software Development
22. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Changing role of specifications
Requirements
Specifica7ons
Design
Code
Tests
Requirements
Specifica)ons
drive
implementa)on
Requirements
document
system
as-‐built
Requirements
Specifica7ons
Epics
User
Stories
Acceptance
Criteria
Design
Code
Validate
/
Update
Define
/
Execute
Tests
governance agility
23. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Changing role of standard operating procedures
Standards
reduce
varia)on
and
allow
untrained
people
to
make
decisions.
WriKen
standards
are
to
be
followed,
not
changed.
A
Standard
defines
goals
for
a
team
to
reach,
and
constraints
to
observe.
An
Agile
Team
will
use
it
as
a
baseline
for
con)nuous
process
improvement.
governance agility
24. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Changing role of document review and approval
This
document
is
now
approved
as
input
for
the
next
development
phase.
This
document
is
now
part
of
a
consistent
product
increment.
The
Defini)on
of
Done
and
Defini)on
of
Ready
allow
sePng
of
minimal
requirements
to
pass
to
the
next
phase.
governance agility
25. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Merging agile and governance needs
1.
Documenta7on
• Document
system
as-‐
built
• Opera)ng
procedures
serve
as
baseline
• DoR,
DoD
serve
as
minimal
requirements
• Document
is
part
of
product
increment
26. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Interactions
27. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
CONCEIVE DESIGN IMPLEMENT DEPLOY
A typical product development process
time-to-market
28. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
CONCEIVE DESIGN IMPLEMENT DEPLOY
value
adding
non-value
adding
Mapping the value stream
time-to-market
29. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
CONCEIVE DESIGN IMPLEMENT DEPLOY
value
adding
non-value
adding
Common non-value adding steps include...
time-to-market
30. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Merging agile and governance needs
2.
Interac7ons
• Role
of
involved
stakeholder
• Defines
minimum
requirements
to
be
met
• Reviews
Requirements
&
User
Stories
• Provides
reviews/
direc)on
within
Sprint
31. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
so what?
32. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Conclusions
• Agility and IT Governance & Regulatory
Compliance share the same objectives
• Differences in HOW they are
implemented drives potential conflict
• Agility and IT Governance can co-exist:
• Definition of Ready and Definition of
Done server as minimal requirements
(replacing Standards)
• Involve IS/Compliance Manager as
involved Stakeholder, providing
reviews/direction within Sprint
• Deliver compliance documentation is
part of product increment
33. agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
Questions? & Answers!
For any further comment and or question,
feel free to contact us info@agile42.com
Further References:
Scrum Alliance: http://www.scrumalliance.org
Control Chaos: http://www.controlchaos.com
Implementing Scrum: http://www.implementingscrum.com
Jeff Sutherland Blog: http://jeffsutherland.com/scrum
Mike Cohn “User Stories”: http://www.mountaingoatsoftware.com
agile42 Website: http://www.agile42.com/