Integrate Regulatory Auditing with Agile
When attempting to audit agile in regulated enterprises, auditors all too often hear “We are agile, so we have no evidence for you to examine.” For a profession rooted in plan-driven methodologies—from validating software development to documenting audit work papers—agile presents a unique conundrum for auditors. Join Chong Ee as he explores ways for agile teams to develop and sustain an open dialogue with auditors on internal controls. From updating age-old mindsets such as segregated development and testing phases to employing the agile artifacts of user stories and burndown charts, Chong shares examples to demonstrate how achieving accountability and quality software need not be mutually exclusive. Contrary to what some may think, enterprises employing Scrum or agile are not running on empty. By collaborating with product owners, there are opportunities to bake internal controls into user stories as early as possible as well as leverage automated test results to validate the operating effectiveness of internal controls.