Loading ...
Sorry, an error occurred while loading the content.

41762Re: [scrumdevelopment] Scrum with SOX 404

Expand Messages
  • Simon Roberts
    Oct 7, 2009
    • 0 Attachment
      Hi Venu,

      On 07.10.2009, at 21:54, Venu Madhav wrote:

      >
      > Can any of you provide me some feedback on your experience with
      > using agile scrum and complying with SOX 404.
      >
      >
      > I am looking for some experience, whitepaper, audit reports to prove
      > this would work.
      >

      I've coached Scrum teams in organisations for which SOX is relevant.
      Scrum and SOX can coexist.

      It is likely that you will have to have more ceremony (e.g. for
      release management) and your definition of done will need to be
      expanded to comply with SOX (e.g. certain user documentation is
      mandatory). You may also find that SOX compliance means that
      additional stories need to be implemented to handle role management
      and to lay down a secure audit trail.

      Our experience is that SOX compliance is possible without compromising
      Scrum, although the additional governance means that one will end up
      going a little slower than would otherwise be possible - it's the
      price that organizations that want access to certain capital markets
      basically have to pay.

      One further thing that I've found is essential - engage with the SOX
      coordinator in your organization.

      We presented a summary of our experiences coaching teams developing
      SOX relevant products last year at a couple of conferences. You can
      find a copy of the slides here:

      http://www.scrumalliance.org/resource_download/433

      Best wishes,

      Simon
    • Show all 3 messages in this topic