41762Re: [scrumdevelopment] Scrum with SOX 404
- Oct 7, 2009Hi Venu,
On 07.10.2009, at 21:54, Venu Madhav wrote:
> Can any of you provide me some feedback on your experience with
> using agile scrum and complying with SOX 404.
> I am looking for some experience, whitepaper, audit reports to prove
> this would work.
I've coached Scrum teams in organisations for which SOX is relevant.
Scrum and SOX can coexist.
It is likely that you will have to have more ceremony (e.g. for
release management) and your definition of done will need to be
expanded to comply with SOX (e.g. certain user documentation is
mandatory). You may also find that SOX compliance means that
additional stories need to be implemented to handle role management
and to lay down a secure audit trail.
Our experience is that SOX compliance is possible without compromising
Scrum, although the additional governance means that one will end up
going a little slower than would otherwise be possible - it's the
price that organizations that want access to certain capital markets
basically have to pay.
One further thing that I've found is essential - engage with the SOX
coordinator in your organization.
We presented a summary of our experiences coaching teams developing
SOX relevant products last year at a couple of conferences. You can
find a copy of the slides here:
- << Previous post in topic