Raven Catlin

Agile Auditing


Скачать книгу

can influence the organization, so it supports Agile auditing. You will learn about the influence a Grateful Agile Leader can have on the organization's culture and the Agile team. You will also learn what the ideal conditions for Agile auditing are.

      Chapter 18: Passing Your Quality Assessment Review (QAR) in an Agile Audit Environment discusses the four areas of most concern regarding your QAR when implementing Agile auditing (independence and objectivity, planning, documentation, and supervision). It also provides an overview of the standards used for the three types of audits covered in this book.

      In Chapter 19: Nuggets for Agile Audit Success, you are encouraged to summarize your new or refreshed knowledge from the book and identify your nuggets (which can be anything meaningful to you: an idea, a question, something to research later, something to tell someone else, an aha moment, or even a thought related to the content discussed). This chapter provides 10 nuggets for Agile auditing success.

      Appendix A: Glossary of Terms, provides definitions of key words, concepts, and notes provided in this book.

      Appendix C: Agile Audit Example. This example consists of the Agile Audit time‐lapse activities conducted during a one‐week period for an Agile audit of remediation activities for a Security/Access Controls audit finding: Deficiencies in the user provisioning process for terminations.

      Bibliography. Our journey as we wrote this book included reading over 100 books, reports, scholarly and trade journals, white papers, articles, interviews, and research papers on Agile, Agile frameworks, and Agile methodologies. The Bibliography includes references to many of the learning and discovery aids we have used in this book. We encourage our readers to seek these references, as well as many more.

       Good luck, and let's start your Agile auditing journey.

PART 1 Building an Understanding of Agile and Auditing

      AGILE IS A FRAMEWORK

      It felt like a no‐brainer to answer this question, as we set our sights on publishing a book on Agile auditing. Through discovery, we found that Agile has different meanings depending on your view and approach. When you develop and work with Agile, it's vital that you describe what Agile is and what it means.

      Agile is not a methodology itself in any discipline. It is a philosophy, a mindset, or a way of thinking to get stuff done faster based on the interests of identified customers.

      It is important to note that Agile is not a methodology itself in any discipline. It is a philosophy, a mindset, or a way of thinking to get stuff done faster based on the interests of identified customers. The roots of Agile as a philosophy originated in software development. It was software developers who combined existing frameworks to create the Agile movement to complete software development projects faster. You can think of Agile as an umbrella term for a set of different frameworks and practices all based on the original software development values and principles. These values are expressed in the “Manifesto for Agile Software Development,” and the 12 principles as fashioned by the Agile Alliance are presented later in this chapter. Another key thought is that Agile methods are people‐oriented rather than process‐oriented. In Agile, people come first and people complete projects. Conversely, conventional project management and software development methods, such as waterfall, are process‐oriented.

      Before we continue describing Agile, we want to clarify that there is a time and place for traditional conventional project management methods, such as waterfall. For example, certain mandatory compliance audits with repeated processes year after year might benefit from a waterfall process‐oriented approach. As a matter of fact, although there appears to be a mass adoption of various Agile methodologies in many organizations, there are still many that continue to use conventional methods successfully. We have also seen organizations transition into a hybrid Agile approach that combines aspects of both Agile and waterfall. Our Agile framework was developed specifically to help address common problems that arise when completing all audits using the traditional methodologies (i.e., waterfall).

      Agile means quick, easy, and nimble. In business, it's a way of thinking, a way of working that is increasingly part of how many of the most successful companies work (Cazaly 2017).

      Agile is the ability to move quickly and easily in response to your environment. To be Agile, you must be alert to your situations, and you must be flexible, nimble, and adaptable (Catlin 2014).

      Agile is a lightweight software development method that aims to be more efficient than traditional, plan‐driven development models. Agile seeks to do more with less:

       More team‐level decision‐making

       Faster development time

       Faster response to shifting customer demands

       Faster problem solving

       More customer satisfaction

       Smaller teams

       Less expense

       Less wasted effort

       Fewer features in the end product that either don't work or are never used (Mathis 2013)

      To