It is widely understood that agile mitigates project execution risks. However, auditors and regulators unfamiliar with the agile process often reject it as non-compliant. In regulated industries, organizations seeking to adopt agile are often challenged to provide evidence that prescribed processes are being followed and can be evaluated to ensure adherence. This issue is compounded when auditors expect a more traditional, artifact-driven process, which, in an agile environment, does not necessarily mitigate the risks for which they were designed.