Re: Experience of external audit of Scrum process in FSA regulated compa
I suggest you discuss what it is that is being audited. You mentioned “confirm that there is an audit trail of what the customer has asked for and what is delivered”. And by FSA I’m assuming it’s financial software, so maybe there’s some requirement or liability that the numbers come out correctly?
There’s different things you could audit. At the simple end you could audit that the client asked for it to be blue, and look it is blue. Probably not much value – so maybe you can change the audit process for this kind of auditing to seeing if the client is happy or a measure of the client accepting the product.
I would guess though that what you really want to audit is that the maths is right, and the correct numbers come out. I’d hope this is covered by some form of testing, and that there were some form of scenarios / acceptance criteria etc that fed into the testing. Perhaps this is where the audit should focus, and it’s a matter of changing the audit to reflect your new artefacts, not the ones from the old process.
As others have said these artefacts will like change incrementally, which will impact the audit process; and if the auditors just want to tick boxes that documents exist, perhaps there is another conversation to be had.
I’d be interested to know what the outcome is.