Executives, Risk Managers, Auditors and Regulators view Agile as a new risk to the organization. In their view, traditional waterfall methods had several checks and balances that gave them comfort as it relates to software quality and code integrity, while they question whether similar controls exist within Agile. In addition, they also wonder if Agile gives rise to net-new risks as well.

The purpose of this session is to allow audience to understand how to make your Agile program and Agile methodology risk, security and compliance intelligent. Not only does such an initiative help alleviate concerns from stakeholders, but more importantly enhances the quality and robustness of the project outcomes and renders the overall Agile program more sustainable and reliable.

After a brief introduction on risks and controls within the waterfall model as an example, we will discuss how these traditional risks manifest in an Agile project and whether or not the inherent risks increase. Further, we will also discuss net new risks that an Agile development project gives rise to and how organizations needs to address that.

The second part of the session will explain the role of partners in the second line of defense (we will explain lines of defense briefly) such as Information security, Risk Management, Compliance (including Legal) and how best to engage them and collaborate with them during an Agile project.

In the next part we will discuss the role of Auditors and how to interact with them as they seek to provide assurance to stakeholders on either the Agile project or the overall program at large.

The session will end with a note on sustaining the control environment for Agile so that the program can stay resilient to risks and gain the confidence of various stakeholders. The speaker will use anonymized live cases and examples wherever possible.

 
2 favorite thumb_down thumb_up 0 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

Introduction to risks and controls in an Agile project

Risks and controls in traditional waterfall model and how they may manifest in an Agile project

Net new risks that are given rise to by an Agile project

The role of partners in Security, IT Risk Management and Compliance in Agile and how to effectively collaborate with them

The role of Auditors and how to effectively interact with them on Agile risks and controls

Recap of how to make your Agile methodology and related projects risk, security and compliance intelligent and sustain the same over time.

Learning Outcome

At the end of the session, participants will be able to:

1. Understand how risks to the Agile methodology and Agile project delivery can compromise outcome

2. Learn how to identify risks of different types within an Agile project and the importance of managing them with the help of appropriate controls

3. Understand when and how to engage partners from other organizational groups such as: Security, IT Risk management and compliance to effectively define appropriate controls .

4. Learn the concerns of Auditors and how to effectively communicate with Auditors on risks identified and controls implemented.

5. Monitor the performance of risk, compliance and security controls and ensure ongoing improvements.

Target Audience

This session wll benefit those who are involved in developing or maintaining Agile methodology, IT Auditors who audit Agile, Operational/Tech Risk managers from the second line and Compliance managers

Prerequisite

No specific pre-requisites are required, though some exposure to basics of risk management, controls in traditional waterfall model will be an advantage.

schedule Submitted 3 months ago

Comments Subscribe to Comments

comment Comment on this Proposal

  • Liked Sue Johnston
    keyboard_arrow_down

    Sue Johnston - It's Not About The Tools: Facilitating Effective Meetings Across Distance

    40 Mins
    Talk
    Intermediate

    A face-to-face conversation is the most efficient and effective method of conveying information to and within a development team. So states the sixth principle of the Agile Manifesto.

    Reality comes with a big "however." Work-at-home, outsourcing and inter-company partnerships mean that, more and more, we find ourselves n meetings where other participants are not in the same room. They may be around the corner or around the world. Some organizations invest in powerful tools to make this arrangement work well - or, sometimes, not so well. Others make do with audio only. Are we fooling ourselves when we call these events "meetings?" Maybe. Yet they're part of our world, so why not make the most of them?

    In this lively session, you'll examine a proven pattern for facilitation, discover ways to overcome the challenges of virtual meetings and learn techniques that encourage meaningful participation. Most of these require more focus and ingenuity than expense.

    Sue will share some of the techniques she learned as a teleworking pioneer in the '90s and a trainer of coaches, via distance, since 2003. Join us to explore ways you can bring your meetings with remote participants to life and respect everyone's time - including your own.

  • Liked Fawzy Manaa
    keyboard_arrow_down

    Fawzy Manaa - How to Lose Dev and Alienate Ops

    Fawzy Manaa
    Fawzy Manaa
    Senior Consultant
    Deloitte
    schedule 3 months ago
    Sold Out!
    40 Mins
    Talk
    Beginner

    As many organizations have adopted agile development and are starting to undertake a DevOps transformation to complete the lifecycle, it is not always easy to keep traditionally alienated back office practitioners engaged. In fact, many organizations go about engaging developers, testers, operators, ... in a way that does not align with the spirit of DevOps. Many enterprise DevOps transformations fail because of this very reason, this session will inform the audience of what it takes to create a strong and sustainable movement within an IT organization in today's world where people who perform different functions that are seemingly at odds can come together in the spirit of improving how work is done and delivered.

    The speaker will approach the topic from an anti-patterns perspective, highlighting the symptoms of transformation failure from structural, procedural, and strategic angles and discussing alternative approaches to enable DevOps transformation success.

  • Liked Mishkin Berteig
    keyboard_arrow_down

    Mishkin Berteig / David Sabine - JIRA is the Worst Possible Choice

    90 Mins
    Workshop
    Intermediate

    A rant, with evidence, on why electronic tools in general, and JIRA in particular, are anti-Agile. Participants will use the Agile Manifesto to evaluate the electronic tools they are currently familiar with. JIRA is used as a case study.

    NOTE: Scrum asks us to have courage. The Agile Manifesto asks us to value individuals and interactions over processes and tools. I hope the organizing committee will consider this proposal despite the risk that it might offend some tool vendors. If we can't speak freely about our experiences with tools, we will fail as a community.

  • Liked Raj Mudhar
    keyboard_arrow_down

    Raj Mudhar - Changing culture--A primer for leaders

    90 Mins
    Workshop
    Advanced

    Ever notice how you feel when you enter a company's doors? Is there excitement in the air? A buzz? Does it feel like innovation is oozing from the walls? Or does it feel as exciting as a tax man's trousers? What makes you feel these things? And how can you start creating a better cultural experience for your employees and customers?

    Culture is hard to change. And every time I hear there is a "mindset problem" or, "we need to change our culture", it becomes painfully clear that focusing on process and tooling changes alone won't cut it. Thankfully, there are effective techniques to help you hack your culture.

    In this workshop, you will learn how to identify the attributes of your existing culture. You will build a culture map, starting with the visible signs of culture and then delve into norms, values, and finally, the core of culture--the underlying assumptions we don't even think about. Understanding where you are, culturally, is the first step.

    From there, you will run through facilitated activities to build a culture hack. Simply put, a hack allows you to test a culture change and if it works, you can stabilize that change and start adding new hacks. Each hack moves you down that all important path to a new, vibrant culture, step by step.

    My team has been experimenting with these techniques with several organizations. You'll hear about some real-world hacks and how they helped organizations improve. Our approach is not built on a single culture framework or a change management system. It is built on the work of many; the Cynefin framework, complex adaptive systems thinking, lean change, supported by culture walks, interviewing, and impact mapping to name a few of the tools you'll learn to use.

    As a leader in your organization, one of your most important roles is as the steward and curator of your culture. This workshop will help you make culture change real, practical, and measurable. With these tools, you can have a positive impact on your people and customers.

    Here are some common cultural challenges:

    • Excessive command and control
    • A belief that employees need detailed processes because they are incapable of making decisions on their own
    • Fear of making a mistake
    • Long and excessive approval processes - again, because employees cannot make good decisions
    • No or little focus on customers
    • Value statements like "We value our people" but with no supporting evidence
    • Lack of employee engagement
  • Liked Sriram Natesan
    keyboard_arrow_down

    Sriram Natesan / Athavan Thulakanathan - Agile in Finance

    60 Mins
    Experience Report
    Beginner

    CFOs in today's digital economy are looking to invest significant capital on data driven initiatives to deliver strategic analysis to business partners. However this is often reprioritized due to regulatory requirements.

    This session is about a large European Bank successfully delivering a large regulatory transformation program using an agile approach. Driven by Finance & Risk groups and enabled by technology, incremental business value was delivered to Finance and Risk stakeholders.

    The key challenges faced required an approach to handle evolving regulatory requirements, integration of new technology assets to automate business requirements and an aggressive timeline enforced by the regulator.

    The successful delivery was largely due to business foresight to maneuver around typical IT challenges and instead adopt an approach using agile principles that put delivering business value over fixed scope. Through this approach, the clients were able to deliver the solution that addressed the immediate needs but this also position them to leverage for future regulations.

    This talk will elucidate the backdrop, challenges that posed the business, the agile approach, culture and mindset that was adopted, and the resulting outcomes.

    If you have thought of or thinking of adopting Agile mindset in a non-IT environment, this is the session for you. In this session we will share some techniques we developed and hiccups that we managed along the way.

    By the end of this session, you will likely have gained some valuable insights that you can take back to your Organization and adopt agile principles and practices in areas outside of IT.

  • Liked Sriram Natesan
    keyboard_arrow_down

    Sriram Natesan / Nancy Wu - Adaptive Planning using Impact Mapping

    90 Mins
    Workshop
    Intermediate

    Have you ever felt you don't quite understand WHY you work on things that you do and HOW it actually supports your business' goals?

    Most (if not all) of us might agree that creating a shared understanding of the vision and goals is critical to the success of the organization. But how do we do it?

    From our experience coaching Product Owners and Product Managers over the years, many of them struggle with creating or articulating the business goals and how each of their product increments support them. It turned out that some of them were just taking marching orders from the powers that be, they didn't know (the goals) for themselves and their teams are left in the dark. This challenge is amplified by lack of definition and communication of measures of success to validate that the product increment is indeed contributing to the business objectives.

    These factors make it hard to answer questions like "Should we start working on this?" or "Should we continue working on that?".

    Fortunately, a technique like Impact Mapping helps overcome this challenge. Impact Mapping is a simple but powerful way of visualizing the mapping of the business goals or objectives down to the product increments that teams work on. It is a great tool that lends well to having meaningful dialogues between business, technology and other stakeholders, and most importantly useful for adaptive planning of what gets worked on or what should be stopped.

    In this session, we will share what Impact Mapping is and how to create one. By the end of the session, you will pick up enough knowledge through the process of creating an impact map to try it at work.

    This session is suitable for anyone that is interested in learning a technique to create connections between business goals and deliverables.

  • Liked Kat Lee
    keyboard_arrow_down

    Kat Lee - Transplanting Agile to BAU: It Doesn’t Have to be Open Heart Surgery

    Kat Lee
    Kat Lee
    Senior Manager
    Deloitte Inc
    schedule 3 months ago
    Sold Out!
    60 Mins
    Talk
    Intermediate

    Agile has historically started within technology whether to build an agile COE or with functional development. Today more organizations are taking agile principles and practices and applying them to their business as usual (BAU) activities such as marketing or strategy development. But how easy is it to transplant agile to BAU? Technology and business often speak different languages. Can something that was rooted in technology actually be the Rosetta Stone for overall operational efficiency and effectiveness?

    In this session, different case studies, including a large Canadian insurance provider, will demonstrate lessons learned from organizations that have taken agile practices to help them achieve business agility. Do agile practitioners need to “stay true” to the principles and practices they originally learned for technology in order to be effective in the business? How should teams be optimally structured? What can leaders learn from others’ journeys so we can determine whether agile can truly thrive outside IT and be scaled across the organization? If you’re considering creating and implementing agile teams, register for this session to learn leading practices from others as you being your own agile journey.

  • Liked Pradeep Nadgir
    keyboard_arrow_down

    Pradeep Nadgir / Sriram Natesan - Is Agile Working?

    60 Mins
    Experience Report
    Intermediate

    Large companies (Banks, Insurance, and Telecom) in our community have been on their Agile Transformation journey over the past 4 to 5 years, implementing Agile in various pockets of the organization. Leaders have made significant investments of time and money on this journey and are now facing the challenge of articulating tangible benefits of the transformation and would like to measure the efficacy of the transformation.

    Basically, they are asking Is Agile Working?

    While there is no one simple answer to this seemingly innocuous question, we have from our experience working with these different clients devised a process that has helped us with answering this question.

    In this session, we would like to share the three step process which we hope will help you.

    • Firstly, we start with identifying the personas in the organization who are asking the question. And in our experience, we have identified (at least) four major personas that work for this scenario.
    • Secondly, we identify the business objectives and outcomes that these personas want to achieve. This involves multiple workshops and sessions with these personas to identify their objectives and outcomes.
    • Finally, we introduce a 3 * 3 matrix based on the organization lens (personas) and the maturity of Agile capabilities in the organization

    The three step process identified above has proven to work irrespective of the industry it is being used in and provides a comprehensive and structured way to answer the important questions that an organization faces during the transformation. This process and the accompanying tool provided enable executives to make data backed decisions on the areas to focus on next in the transformation.

  • Liked Abeer Rahman
    keyboard_arrow_down

    Abeer Rahman / Fawzy Manaa - A Techie's Guide to Improving Operations: Inspirations from Public Transit

    60 Mins
    Experience Report
    Beginner

    A Techie's Guide to Improving Operations: Inspirations from Public Transit

    There are lots of common challenges between technical operations and public transit operations. Public transit is a staple system in any city's infrastructure that helps to flourish the economy of the city. They have tried-and-tested runbook-type systems in place to deal with standard operations, and how to deal in times of incidents. Sounds pretty much like what technical operations teams have to deal with on a regular basis, right?

    In this talk, we present some parallels between operating & running a public transit system that can be implemented at operations teams at software organizations. We will look at technical as well as simple organizational-behvaviour aspects that can be rolled out to increase operational efficiency at organizations, ultimately benefiting for global optimizations - such as minimize downtime, improve systems architecture & infrastructure.

    Why is improving Ops important and often left out of agile enablement?

    The world of infrastructure & operations is usually not looked at when enabling agile teams from a product management perspective. Most agile enablement process don't look at Ops early. All too often, we see the "throw over the wall, run it & figure it out" behaviour in organizations. The good news is... this behaviour is changing, slowly, but steadily, thanks to the DevOps movement.

    There are lots of good literature out there on increasing operational excellence in technical organizations, however, in such a fast world, are leaders getting time to actually learn & reflect on tactics to enable themselves? Can there be easy takeaways that teams can implement starting tomorrow?

    Yes they can!

    By carefully seeing how a public transit system, such as the TTC, operates, there are lots of areas we can incrementally improve in Ops at our organizations.