Integrate Regulatory Auditing with Agile
When attempting to audit agile in regulated enterprises, auditors all too often hear “We are agile, so we have no evidence for you to examine.” For a profession rooted in plan-driven methodologies—from validating software development to documenting audit work papers—agile presents a unique conundrum for auditors. Join Chong Ee as he explores ways for agile teams to develop and sustain an open dialogue with auditors on internal controls. From updating age-old mindsets such as segregated development and testing phases to employing the agile artifacts of user stories and burndown charts, Chong shares examples to demonstrate how achieving accountability and quality software need not be mutually exclusive. Contrary to what some may think, enterprises employing Scrum or agile are not running on empty. By collaborating with product owners, there are opportunities to bake internal controls into user stories as early as possible as well as leverage automated test results to validate the operating effectiveness of internal controls.
As a senior finance systems manager with Twilio, a San Francisco-based cloud communications company, Chong Ee is focused on optimizing the use and integration of financial cloud applications. Most recently, Chong implemented NetSuite and other SaaS solutions at Trulia to support the company’s growth from startup through IPO and then as a public company. Previously, Chong spent thirteen years in various compliance, audit, and consultant capacities for Big Four, Fortune 500, and startups. A certified NetSuite ERP Consultant and NetSuite Administrator, Chong also holds active CISA and CGEIT certifications from the Information Systems and Audit Control Association.