Agile/Scrum for IT Risk Professionals
Download as PPT, PDF1 like987 views
This document discusses Agile software development and Scrum, an Agile framework. It provides an overview of Scrum roles like the Product Owner and ScrumMaster, the Scrum process involving sprints, daily stand-ups, sprint reviews and retrospectives. The goal of Scrum is to deliver working software frequently through short iterative cycles, collaboration and responding to change. Many large companies have adopted Scrum for its benefits of faster delivery, increased quality and transparency.
Agile/Scrum for IT Risk Professionals
- 1. Agile Software Development for IT Risk Control Professionals Dave Friesen, CISA, CMA, CISSP ISACA Willamette Valley Chapter January 2014
- 2. Today Walk through Agile Scrum Key practice and risk+control considerations Dave Friesen 2
- 3. Agile Deliver early and continuously Adapt to changes Produce working software often Collaborate (tech teams, +business) Simplicity is essential Self-organizing teams excel source: agilemanifesto.org Dave Friesen 3
- 4. Why Agile? Deliver systems faster Respond to changes Create competitive advantage Increase transparency Improve quality Dave Friesen 4
- 6. Scrum has been used by Microsoft Yahoo Google Electronic Arts IBM Lockheed Martin Philips Siemens Nokia Capital One BBC Intuit Nielsen Media BMC Software Ipswitch John Deere Lexis Nexis Sabre Salesforce.com source: mountaingoatsoftware.com Dave Friesen 6
- 7. Scrum has been used for Commercial software Video game development In-house development FDA-approved, life-critical systems Contract development Satellite-control software Fixed-price projects Websites Financial applications Handheld software ISO 9001-certified applications Mobile phones Embedded systems Network switching applications 24x7 systems (3 9’s) ISV applications the Joint Strike Fighter source: mountaingoatsoftware.com Dave Friesen 7
- 8. Scrum roles: the Product Owner Drives Product vision, roadmap and business case Expertise? Defines and prioritizes Product requirements Experience? Determines releases, sequencing “Owns” budget Accepts (rejects) results Dave Friesen 8
- 9. the Team Delivers Product Cross-functional Self-organizing Small Expertise mix? (+nimble) Skill+ mix? Collaborative Committed? Dave Friesen 9
- 10. the ScrumMaster Drives Scrum process Removes “roadblocks” (Not resource or project manager) Goal: Make Team successful Dave Friesen 10
- 11. Scrum approach: work in Sprints Iterative design, code/configure, test Typically 2-4 weeks Fixed duration (never extended) No changes! Goal: Working software Dave Friesen 11
- 12. Sprints vs. Releases Dave Friesen 12
- 13. Context: Product Planning Product vision, roadmap Business drivers, goals Business case Product “ownership?” Strategic? (business, tech) Dependencies? Dave Friesen Needs, features Financial, people Portfolio, release views Sizing. . . 13
- 14. the Product Backlog All expected Product work Functional requirements Operational requirements Known issues Sized as possible Prioritized by Product Owner Dave Friesen 14
- 15. User Stories Discrete pieces of functionality Written from user perspective (human or technical) Enough detail for estimating, designing, testing Dave Friesen 15
- 16. Sprint Planning Product Owner and Team (ScrumMaster facilitates) Sprint Goal Prioritized User Stories Technical Tasks 16 Dave Friesen
- 17. the Sprint Backlog All expected Sprint work Technical to-do’s Team’s commitment Focused on Sprint Goal Dave Friesen 17
- 18. Tasks Operational coverage? Performance, capacity, availability? Process considerations? Coding, configuring, testing, design, R&D, + Interface controls? Typically n:1 with User Stories Security features? Estimates Regulatory/ compliance considerations? Sprint Task Board Dave Friesen 18
- 19. Sprint: Building the Product Design/Coding/ Configuring Consistent architecture and approach? Integrating Planned feature Development? Refactoring Secure development practices? Writing tests Frequent builds and integration? Security analysis (+action)? Usual controls: Source management; environments; + Dave Friesen 19
- 20. Sprint: Testing Speed of Agile Iterative throughout Sprint Scenario coverage? Unit testing? Frequent build:test ➝ rapid feedback Validates Stories and Tasks Goal: Build quality in Dave Friesen More than functional “Enough” documentation? Defect/issue management? User acceptance? Usual controls: independence, environments, + 20
- 21. Daily Scrums ScrumMaster and Team (others observe) Daily stand-up (15 minutes) Did yesterday? Doing today? Roadblocks? (risk management) Dave Friesen 21
- 22. Tracking Sprint Burndown How’s the work coming? Dave Friesen 22
- 23. Sprint Reviews Team, ScrumMaster, Product Owner; +”the world” Team demo’s (feedback) Informal; time-boxed Product Owner accepts (rejects) (Product Backlog updated) Dave Friesen 23
- 24. Working Software and Releases Business readiness? Operational readiness? Usual controls: approvals; contingency plans; environment/access; smoke test Dave Friesen 24
- 25. Sprint Retrospectives Team, ScrumMaster, Product Owner What is/isn’t working Accurate estimates? Complete Sprints? Release quality? Release effectiveness? Goal: Continuous improvement Dave Friesen 25
- 27. Agile Values Individuals and interactions over Processes and tools Working software over Comprehensive documentation Customer collaboration over Contract negotiation over Following a plan Responding to change source: agilemanifesto.org (mountaingoatsoftware.com) Dave Friesen 27
- 28. Questions?