Loading ...
Sorry, an error occurred while loading the content.

Re: QA and Agile

Expand Messages
  • caseyhelbling
    And on top of that, how does agile/scrum play into a company s ability to be compliant with section 404 and 409 of Sarbanes Oxley? Are public companies
    Message 1 of 4 , Dec 3, 2003
    • 0 Attachment
      And on top of that, how does agile/scrum play into a company's ability
      to be compliant with section 404 and 409 of Sarbanes Oxley? Are
      public companies changing internal methodologies to something more
      heavier weight in hopes to appear more risk adverse? What happens
      when an auditing firm declares a companies agile methodology and
      inherently their ability to quickly change directions (which is a
      double edge sword) a business risk that should have controls around?
      How can the agile community prevent being forced into having more
      controls and processes that are akin to a heavy weight methodology
      which we have seen slow us down?

      Ideally the agile community would educate boards, managements and
      auditing firms that being agile gives them a strategic leg up on their
      competition and should be looked upon as a benefit not a risk.

      Casey Helbling
      Fourth Generation Inc.
      www.fourthgen.com

      >
      >
      > How does Quality Assurance fit into Agile development and scrum? I
      > don't mean testing, but independent quality management including -
      > audits, standards, toll gates, reviews, metrics, training, records
      > retention, etc...
      >
      > How have those of you who are using agile/scrum incorporated these
      > items?
      >
      >
      >
    • ed_barton@i2.com
      ... Public companies are definitely changing internal methodologies to be heavier-weight because the executives must certify that they have adequate internal
      Message 2 of 4 , Dec 3, 2003
      • 0 Attachment
        > And on top of that, how does agile/scrum play into a company's ability
        > to be compliant with section 404 and 409 of Sarbanes Oxley? Are
        > public companies changing internal methodologies to something more
        > heavier weight in hopes to appear more risk averse?

        Public companies are definitely changing internal methodologies to be
        heavier-weight because the executives must certify that they have adequate
        internal controls. I think that in a lot of cases this extra control can
        be steered in the direction of more documentation (which is in itself
        heavier, but not necessarily a lot heavier), rather than to maximally
        heavyweight processes. Audit committees may be more concerned that there
        is a trail to establish that you followed the practices and processes you
        were intending to follow, and less concerned about which practices they
        were, unless the practices are indefensible.

        Even though I think the extra audit requirements are steerable, it is also
        a fact that the types of people who are attracted to working on audit
        committees and galactic process standards boards will often feel more
        comfortable with heavyweight processes and a maximal amount of control by
        central committee.
      • PaulOldfield1@compuserve.com
        ... I suspect there is a pattern among the successful enterprises that have heavyweight processes - I don t have enough anecdotal evidence to say for sure, but
        Message 3 of 4 , Dec 4, 2003
        • 0 Attachment
          > And on top of that, how does agile/scrum play into a company's ability
          > to be compliant with section 404 and 409 of Sarbanes Oxley? Are
          > public companies changing internal methodologies to something more
          > heavier weight in hopes to appear more risk adverse? What happens
          > when an auditing firm declares a companies agile methodology and
          > inherently their ability to quickly change directions (which is a
          > double edge sword) a business risk that should have controls around?
          > How can the agile community prevent being forced into having more
          > controls and processes that are akin to a heavy weight methodology
          > which we have seen slow us down?

          > Ideally the agile community would educate boards, managements and
          > auditing firms that being agile gives them a strategic leg up on their
          > competition and should be looked upon as a benefit not a risk.

          I suspect there is a pattern among the successful enterprises that
          have heavyweight processes - I don't have enough anecdotal
          evidence to say for sure, but it seems that in many cases
          the developers tell lies and don't follow the process, they do
          whatever is sensible based on their own experience. Somehow
          I suspect collecting hard evidence on this may not be easy.

          There's a paper somewhere from Mark Paulk (try looking on the
          agilealliance.com website?) relating XP to CMM.

          Paul Oldfield
          www.aptprocess.com
        Your message has been successfully submitted and would be delivered to recipients shortly.