1) Introduction - who we are and how did we get here
2) Our philosophy - what we've found to be true for us in our quest on how Agile and GRC go together
3) Common ground - what we see as to be true for many organizations, aligning these professions. Including an interactive conversation on challenges and solutions *you as attendees* see
4) Insights -Top-5 current GRC dilemmas + possible solutions we see in improving the alignment / discovering the common ground
5) Wrap up
Hope to see you all tomorrow! Cheers, Martyn & Anko
3. Introduction
► Martyn Gils
► Agile since 2018 (well not completely)
► IT-auditor
► Risk manager
► Fun fact: pizza mario!
► Anko Tijman
► Agile since 2001
► Agile testing
► Agile coach
► Fun fact: music teacher
► ‘travel guide’
4. About today
► Dozens of agile and/or IT-related professionals
► Goals of today:
► Reveal several insights on the disconnect between Agile and GRC
► Discover how organizations can benefit from a mutual effort of both agile and
GRC professionals.
► Inspire you to improve your knowledge on this area of interest
6. Our vision
► Vision
► Governance, Risk and Compliance (GRC) professionals and Agile teams will be
an integral part of managing and governing organizations, working from a
shared view and mindset on how to be a successful organization
► Mission
► Bring together Agile teams and GRC professionals to find common ground and
co-create valuable solutions and market insights
► What we do
► Facilitate the revealing of this common ground and co-creating practical
solutions in a global community
7. Definitions
► Agile: In software development, agile practices involve discovering
requirements and developing solutions through the collaborative effort of
self-organizing and cross-functional teams and their customer(s)/end user(s)
► Governance is intentionally influencing the behavior of employees to realise
organizational objectives
► Risk is the effect of uncertainty on objectives (WCGW)
► Compliance is following the internal and external rules in place
► Control is the actions you take to obtain reasonable assurance of the
achievement of objectives
https://tinyurl.com/agilegrc01
8. GRC examples
► The auditor
► The risk manager
► The controller
GRC professionals are roles like auditor, controller, security officer, privacy officer,
manager, programme manager, director, etcetera
9. Agile and GRC: the big disconnect
► Agile:
► learning by doing
► shortening feedback loops
► small steps
► client focus
Both professions have different ways of obtaining objectives and dealing
with risks and handling compliance
► GRC:
► learning by analyzing
► BDUF - Big Design Up Front
► audit trails and rules
► command-and-control
11. Common ground
► We are all stakeholders in organizational dilemma’s
► We all have the intention of obtaining organizational goals and objectives
► We all want to satisfy needs of the customer
► We alle value openness and transparency
12. 7 different lenses to look at an organisation
7S-model McKinsey
► Strategy - Purpose and prioritised objectives of the business
► Skills - The organization's core competencies and distinctive capabilities
► Shared values -The culture and how things are done within the organization
► Structure - Division of activities; integration and coordination mechanisms
► Staff - Organization's human resources, demographic, educational and attitudinal
characteristics
► Style - Typical behaviour (leadership) patterns of key groups
► Systems - Formal procedures for influencing behaviour
13. 7S examples
Skills and
assets
► Time
► Money
► Uniqueness
Staff
► Motivation
► Psychological
safety
Shared Values
► Beliefs
► Heroes
► Rituals
Strategy
► Vision
► Prioritisation
► Goal setting
Style
► Distance to workfloor
► Tone at the top
► Micromanagement
Systems
► KPI’s
► Appraisal systems
► Budgets
Structure
► Work structure
► Information str.
► RACI
16. Marketplace insights
“Top-5” current organizational GRC issues:
► Disconnect between management layer and workfloor (agile teams)
► Lack of clarity of roles and responsibilities
► Business vs regulatory requirements hinder the flow of work
► Changing role of leadership is slow
► Transparency / need for information
17. Our insights
Skills
► Human capital
► UX → CX
► Learning
capabilities
Staff
► AgileHR
► Learning
organization
► Psychological
safety
Shared Values
► Relative norms
► Fearless organization
► Transparency
Strategy
► Client focus
► Agility
► Hypothesize
Style
► Creative leadership
► Servant leadership
► MBWA
Systems
► Beyond Budgeting
► Monte Carlo
► OKR
Structure
► Team focus
► Customer value
► Clear
responsibilities
www.agilehrmanifesto.org
18. Possible quick starts
► GRC items on
Product Backlog:
► Meaningful
► Prioritised
► Refined
► During Sprint
planning,
refinements
► GRC during Agile development:
► SME
► Feedback
► Definition of Ready / Done
► GRC during Agile lifecycle:
► Partner
► Dialogues
► Continuous improvement
19. Possible quick starts
“GRC 2.0”
► learning by doing
► shortening feedback loops
► small steps
► client focus
21. My takeaways for ‘tomorrow’ are...
► Silent thinking (1 min)
► Write your answer down in MS Teams Chat (but do NOT push <enter>!)
► Wait for the call…
► ENTER!
22. This session would be (even more)
awesome if...
► Silent thinking (1 min)
► Write down in Chat (but do NOT push <enter>)
► Wait for the call…
► ENTER!
23. Remember: it’s about alignment and
teamwork
► Modern TeamWork - Explained- by the Rabbit and Turtle
https://tinyurl.com/modernteamwork
24. Next...
► Let’s start an Agile GRC Community?!
► Martyn
► https://www.linkedin.com/in/martijn-gils-2500383/
► Anko
► https://www.linkedin.com/in/ankotijman/