Loading ...
Sorry, an error occurred while loading the content.

Scrum with SOX 404

Expand Messages
  • Venu Madhav
    Can any of you provide me some feedback on your experience with using agile scrum and complying with SOX 404.   I am looking for some experience, whitepaper,
    Message 1 of 3 , Oct 7, 2009
    • 0 Attachment

      Can any of you provide me some feedback on your experience with using agile scrum and complying with SOX 404.

       

      I am looking for some experience, whitepaper, audit reports to prove this would work.

       


    • Ron Jeffries
      Hello, Venu. On Wednesday, October 7, 2009, at 3:54:55 PM, you ... What are you doing now that works? Why could you not continue that? Ron Jeffries
      Message 2 of 3 , Oct 7, 2009
      • 0 Attachment
        Hello, Venu. On Wednesday, October 7, 2009, at 3:54:55 PM, you
        wrote:

        > Can any of you provide me some feedback on your experience with
        > using agile scrum and complying with SOX 404.
        >  
        > I am looking for some experience, whitepaper, audit reports to prove this would work.

        What are you doing now that works? Why could you not continue that?

        Ron Jeffries
        www.XProgramming.com
        www.xprogramming.com/blog
        Without practice, no emergence. -- Dougen Zenji
      • Simon Roberts
        Hi Venu, ... I ve coached Scrum teams in organisations for which SOX is relevant. Scrum and SOX can coexist. It is likely that you will have to have more
        Message 3 of 3 , Oct 7, 2009
        • 0 Attachment
          Hi Venu,

          On 07.10.2009, at 21:54, Venu Madhav wrote:

          >
          > Can any of you provide me some feedback on your experience with
          > using agile scrum and complying with SOX 404.
          >
          >
          > I am looking for some experience, whitepaper, audit reports to prove
          > this would work.
          >

          I've coached Scrum teams in organisations for which SOX is relevant.
          Scrum and SOX can coexist.

          It is likely that you will have to have more ceremony (e.g. for
          release management) and your definition of done will need to be
          expanded to comply with SOX (e.g. certain user documentation is
          mandatory). You may also find that SOX compliance means that
          additional stories need to be implemented to handle role management
          and to lay down a secure audit trail.

          Our experience is that SOX compliance is possible without compromising
          Scrum, although the additional governance means that one will end up
          going a little slower than would otherwise be possible - it's the
          price that organizations that want access to certain capital markets
          basically have to pay.

          One further thing that I've found is essential - engage with the SOX
          coordinator in your organization.

          We presented a summary of our experiences coaching teams developing
          SOX relevant products last year at a couple of conferences. You can
          find a copy of the slides here:

          http://www.scrumalliance.org/resource_download/433

          Best wishes,

          Simon
        Your message has been successfully submitted and would be delivered to recipients shortly.