agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

agility meets regulatory compliance

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Why should it be more difficult to apply Scrum where IT governance & regulatory compliance is enforced?

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

what is driving growth in agility?

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Growing Software Complexity

Software complexity in FORD vehicles quadrupled in 5 years

0

2.5

5

7.5

10

2005 2006 2007 2008 2009 2010

10

6

4.5

3.42.8

2.4

Software lines in FORD vehicles over the past 5 years

x4

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Growing Software Complexity

Compared software complexity growth in aerospace and automotive

F-22 Raptor

F-35 Joint Strike

Boeing 787 Dreamliner

S-Class Daimler 98.6

6.5

5.7

1.7

x10

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Time to MarketDue to globalization effects, and other economical changes, the time to market over time decreased significantly

Deepa Chandrasekaran, Gerard J. Tellis - Marshall School of Business, University of Southern California, Los Angeles, California

1915 1939 1972 1976 1983 1994 1998 2000 2002 2004

13.5 years

3 months

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

why does that matter?

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Change from this...Defined Process, suited to produce faster with constant inputs

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

... to thisR&D based process suited to uncertain and changeable environments

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

what is governance and regulatory compliance?

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

IT Governance Goals

The primary goals for information technology governance are to: 1. Assure that investment in IT generates business value, and 2. Mitigate the risks associated with IT

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Comparing the goals

1234

QualityProductivityPredictabilityBusiness Value

Business ValueRisk Management

Effectiveness

Exceed requirements

governance agility

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Interpreted to be prescriptive

"The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation."

Australian Standard

"… the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives"

IT Governance Institute

“The structure, oversight and management processes which ensure the delivery of the expected benefits of IT in a controlled way to help enhance the long term sustainable success of the enterprise.”

ISACA

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Achieving agility vs. compliance

Communica)on

Empowerment

Transparency

Adaptability

Itera)ve  &  Incremental

Defined  Process  &  Standards

Plan  ›  Analyze  › Develop  › TestTraceability

Formal  review  and  approval

Configura)on  Management

governance agility

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

how to reconcile agile and governance processes

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Scrum process

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

0

1

2

3

The wrong way to manage governance

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Scrum process

1.  Documenta)on

2.  Interac)ons

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Documentation

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Is documentation waste?

“Everything that does not add value to the product is waste”

1st  principle  of  lean  development

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Is documentation waste?

“If you must produce paperwork that adds little customer value, there are three rules to remember: Keep it short. Keep

it high level. Do it offline.”

“Safety-critical systems are frequently regulated and are often required to have written requirements, traceable to

code. In this case, formatting the requirements so that they can easily be evaluated and checked for completeness may qualify as a value-adding activity. Look for a table driven or template driven format that reduces the requirements to a

condensed format that both users and development can rapidly understand and validate.”Mary Poppendieck, Lean Software Development

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Changing role of specifications

RequirementsSpecifica7ons

Design

Code

Tests

Requirements  Specifica)ons  drive  implementa)on

Requirements  document  system  as-­‐built

Requirements  Specifica7ons

Epics

User  StoriesAcceptance  Criteria

Design

Code

Validate  /Update

Define  /Execute

Tests

governance agility

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Changing role of standard operating procedures

Standards  reduce  varia)on  and  allow  untrained  people  to  make  decisions.

WriKen  standards  are  to  be  followed,  not  changed.

A  Standard  defines  goals  for  a  team  to  reach,  and  constraints  to  observe.  

An  Agile  Team  will  use  it  as  a  baseline  for  con)nuous  process  improvement.

governance agility

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Changing role of document review and approval

This  document  is  now  approved  as  input  for  the  next  development  phase.  

This  document  is  now  part  of  a  consistent  product  increment.

The  Defini)on  of  Done  and  Defini)on  of  Ready  allow  sePng  of  minimal  requirements  to  pass  to  

the  next  phase.

governance agility

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Merging agile and governance needs

1.  Documenta7on• Document  system  as-­‐built

• Opera)ng  procedures  serve  as  baseline

• DoR,  DoD  serve  as  minimal  requirements

• Document  is  part  of  product  increment

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Interactions

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

CONCEIVE DESIGN IMPLEMENT DEPLOY

A typical product development process

time-to-market

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

CONCEIVE DESIGN IMPLEMENT DEPLOY

valueadding

non-valueadding

Mapping the value stream

time-to-market

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

CONCEIVE DESIGN IMPLEMENT DEPLOY

valueadding

non-valueadding

Common non-value adding steps include...

time-to-market

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Merging agile and governance needs

2.  Interac7ons• Role  of  involved  stakeholder

• Defines  minimum  requirements  to  be  met

• Reviews  Requirements  &  User  Stories

• Provides  reviews/direc)on  within  Sprint

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

so what?

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Conclusions

• Agility and IT Governance & Regulatory Compliance share the same objectives

• Differences in HOW they are implemented drives potential conflict

• Agility and IT Governance can co-exist:

• Definition of Ready and Definition of Done server as minimal requirements (replacing Standards)

• Involve IS/Compliance Manager as involved Stakeholder, providing reviews/direction within Sprint

• Deliver compliance documentation is part of product increment

agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.

Questions? & Answers!

For any further comment and or question, feel free to contact us info@agile42.com

Further References:

Scrum Alliance: http://www.scrumalliance.orgControl Chaos: http://www.controlchaos.com

Implementing Scrum: http://www.implementingscrum.comJeff Sutherland Blog: http://jeffsutherland.com/scrum

Mike Cohn “User Stories”: http://www.mountaingoatsoftware.comagile42 Website: http://www.agile42.com/