Loading ...
Sorry, an error occurred while loading the content.

SOX and Agile

Expand Messages
  • mike.dwyer1@comcast.net
    Anyone dealing with Sarbanes Oxley and Agile/Scrum? I think it is going to prove to be a very interesting learning experience. -- Mike Dwyer I Keep six
    Message 1 of 21 , Feb 15, 2005
    • 0 Attachment
      Anyone dealing with Sarbanes Oxley and Agile/Scrum?  I think it is going to prove to be a very interesting learning experience.
       
      --
      Mike Dwyer

      "I Keep six faithful serving-men
      Who serve me well and true:
      Their names are What and Where and When
      And How and Why and Who." - Kipling
    • Mike Beedle
      Mike, This is going to sound like advertising - my apologies included. We provide one of the best, if not the very best SOX tool in the market: Governance
      Message 2 of 21 , Feb 15, 2005
      • 0 Attachment

         

        Mike,

         

        This is going to sound like advertising – my apologies included.

         

        We provide one of the best, if not the very best SOX tool in the market:

         

        Governance Accelerator is a multi-regulatory integrated Enterprise Compliance Management application that

        automates and simplifies governance and compliance through a full COSO-based framework -- from Objectives,

        Assignment of Tasks, Regulation database, Document Manager (for Policies and procedures), Internal Controls,

        Tests, Statement Workflows to manage 10K, 10Q, annual reports, prospectuses, all the way through

        the generation of out-of-the-box compliance reports.  We are the most comprehensive CCO (Chief Compliance

        Officer) workbench.

         

        We also sell this tool for financials for SEC, NASD, etc. compliance, and we are starting to market it

        for other industries like banking, pharmas, EPA, and other types of compliance/governance.

         

        http://www.newgovernance.com/ga.html

         

        My apologies for the add, but after all, *all of our projects* are implemented through Scrum,

         

        -        Mike

         

        Michael A. Beedle Ph. D.

        CEO

        New Governance Inc.

        2275 Half Day Rd,Suite 350

        Bannockburn, IL 60015

        www: http://www.newgovernance.com

        Office: 847-821-2631

        Cell: 847-840-9890

         

         

         

         


        From: mike.dwyer1@... [mailto:mike.dwyer1@...]
        Sent: Tuesday, February 15, 2005 1:41 PM
        To: scrumdevelopment@yahoogroups.com ; Ken Schwaber; Ron Jeffries ; Glen B Alleman
        Subject: [scrumdevelopment] SOX and Agile

         

        Anyone dealing with Sarbanes Oxley and Agile/Scrum?  I think it is going to prove to be a very interesting learning experience.

         

        --
        Mike Dwyer

        "I Keep six faithful serving-men
        Who serve me well and true:
        Their names are What and Where and When
        And How and Why and Who." - Kipling



        To Post a message, send it to:   scrumdevelopment@...
        To Unsubscribe, send a blank message to: scrumdevelopment-unsubscribe@...




      • Stefan Ahrensdorf
        Hi, I was the lucky winner of our Application change management process as part of the 404 documentation. We choose a more or less minimalistic approach,
        Message 3 of 21 , Feb 15, 2005
        • 0 Attachment
          Hi,

          I was the lucky winner of our "Application change management process" as
          part of the 404 documentation. We choose a more or less minimalistic
          approach, creating a 10 page process narrative and a "Scrum flowchart"
          (no flames please ;-) amended with some engineering practices. So far we
          have passed two internal audits by our parent company and just had the
          external audit as well, final feedback from that due soon.

          I'll be happy to answer any specific questions people might have. If
          there is broader interest I could do a brief write-up.

          Regards
          Stefan Ahrensdorf


          mike.dwyer1@... wrote:

          > Anyone dealing with Sarbanes Oxley and Agile/Scrum? I think it is
          > going to prove to be a very interesting learning experience.
          >
          > --
          > Mike Dwyer
          >
          > "I Keep six faithful serving-men
          > Who serve me well and true:
          > Their names are What and Where and When
          > And How and Why and Who." - Kipling
          >
          >
          > To Post a message, send it to: scrumdevelopment@...
          > To Unsubscribe, send a blank message to:
          > scrumdevelopment-unsubscribe@...
          >
          >
          > *Yahoo! Groups Sponsor*
          > ADVERTISEMENT
          >
          >
          > ------------------------------------------------------------------------
          > *Yahoo! Groups Links*
          >
          > * To visit your group on the web, go to:
          > http://groups.yahoo.com/group/scrumdevelopment/
          >
          > * To unsubscribe from this group, send an email to:
          > scrumdevelopment-unsubscribe@yahoogroups.com
          > <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
          >
          > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
          > Service <http://docs.yahoo.com/info/terms/>.
          >
          >
        • Mike Dwyer
          Hmm. And here I thought that you spent all your time trying to get the likes of me to see the light. I am glad to see you have better sense than that. Thanks
          Message 4 of 21 , Feb 15, 2005
          • 0 Attachment

            Hmm.  And here I thought that you spent all your time trying to get the likes of me to see the light.  I am glad to see you have better sense than that.

             

            Thanks by the way.

            md

             

            Michael F. Dwyer

             

            Mike.Dwyer1@...

             

             

            -----Original Message-----
            From: Mike Beedle [mailto:beedlem@...]
            Sent: Tuesday, February 15, 2005 4:01 PM
            To: scrumdevelopment@yahoogroups.com
            Subject: RE: [scrumdevelopment] SOX and Agile

             

             

            Mike,

             

            This is going to sound like advertising – my apologies included.

             

            We provide one of the best, if not the very best SOX tool in the market:

             

            Governance Accelerator is a multi-regulatory integrated Enterprise Compliance Management application that

            automates and simplifies governance and compliance through a full COSO-based framework -- from Objectives,

            Assignment of Tasks, Regulation database, Document Manager (for Policies and procedures), Internal Controls,

            Tests, Statement Workflows to manage 10K, 10Q, annual reports, prospectuses, all the way through

            the generation of out-of-the-box compliance reports.  We are the most comprehensive CCO (Chief Compliance

            Officer) workbench.

             

            We also sell this tool for financials for SEC, NASD, etc. compliance, and we are starting to market it

            for other industries like banking, pharmas, EPA, and other types of compliance/governance.

             

            http://www.newgovernance.com/ga.html

             

            My apologies for the add, but after all, *all of our projects* are implemented through Scrum,

             

            -        Mike

             

            Michael A. Beedle Ph. D.

            CEO

            New Governance Inc.

            2275 Half Day Rd, Suite 350

            Bannockburn, IL 60015

            www: http://www.newgovernance.com

            Office: 847-821-2631

            Cell: 847-840-9890

             

             

             

             


            From: mike.dwyer1@... [mailto:mike.dwyer1@...]
            Sent: Tuesday, February 15, 2005 1:41 PM
            To: scrumdevelopment@yahoogroups.com; Ken Schwaber; Ron Jeffries; Glen B Alleman
            Subject: [scrumdevelopment] SOX and Agile

             

            Anyone dealing with Sarbanes Oxley and Agile/Scrum?  I think it is going to prove to be a very interesting learning experience.

             

            --
            Mike Dwyer

            "I Keep six faithful serving-men
            Who serve me well and true:
            Their names are What and Where and When
            And How and Why and Who." - Kipling



            To Post a message, send it to:   scrumdevelopment@...
            To Unsubscribe, send a blank message to: scrumdevelopment-unsubscribe@...





            To Post a message, send it to:   scrumdevelopment@...
            To Unsubscribe, send a blank message to: scrumdevelopment-unsubscribe@...




          • Mike Dwyer
            Stefan: It might be of great value to have you write this up. Suggest that you submit it to the AgileAlliance. Michael F. Dwyer Mike.Dwyer1@comcast.net ...
            Message 5 of 21 , Feb 15, 2005
            • 0 Attachment
              Stefan:
              It might be of great value to have you write this up. Suggest that you
              submit it to the AgileAlliance.

              Michael F. Dwyer

              Mike.Dwyer1@...



              -----Original Message-----
              From: Stefan Ahrensdorf [mailto:sahrensdorf@...]
              Sent: Tuesday, February 15, 2005 4:58 PM
              To: scrumdevelopment@yahoogroups.com
              Subject: Re: [scrumdevelopment] SOX and Agile


              Hi,

              I was the lucky winner of our "Application change management process" as
              part of the 404 documentation. We choose a more or less minimalistic
              approach, creating a 10 page process narrative and a "Scrum flowchart"
              (no flames please ;-) amended with some engineering practices. So far we
              have passed two internal audits by our parent company and just had the
              external audit as well, final feedback from that due soon.

              I'll be happy to answer any specific questions people might have. If
              there is broader interest I could do a brief write-up.

              Regards
              Stefan Ahrensdorf


              mike.dwyer1@... wrote:

              > Anyone dealing with Sarbanes Oxley and Agile/Scrum? I think it is
              > going to prove to be a very interesting learning experience.
              >
              > --
              > Mike Dwyer
              >
              > "I Keep six faithful serving-men
              > Who serve me well and true:
              > Their names are What and Where and When
              > And How and Why and Who." - Kipling
              >
              >
              > To Post a message, send it to: scrumdevelopment@...
              > To Unsubscribe, send a blank message to:
              > scrumdevelopment-unsubscribe@...
              >
              >
              > *Yahoo! Groups Sponsor*
              > ADVERTISEMENT
              >
              >
              > ------------------------------------------------------------------------
              > *Yahoo! Groups Links*
              >
              > * To visit your group on the web, go to:
              > http://groups.yahoo.com/group/scrumdevelopment/
              >
              > * To unsubscribe from this group, send an email to:
              > scrumdevelopment-unsubscribe@yahoogroups.com
              >
              <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
              >
              > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
              > Service <http://docs.yahoo.com/info/terms/>.
              >
              >


              To Post a message, send it to: scrumdevelopment@...
              To Unsubscribe, send a blank message to:
              scrumdevelopment-unsubscribe@...
              Yahoo! Groups Links
            • Jiri Lundak
              Hi Stefan, Sounds interesting to me, as we will face some external audit later this year, and I was thinking how to describe our (Scrum) approach in an
              Message 6 of 21 , Feb 16, 2005
              • 0 Attachment
                Hi Stefan,

                Sounds interesting to me, as we will face some external
                audit later this year, and I was thinking how to describe
                our (Scrum) approach in an 'audit-compatible' manner.

                Looking forward to a write up.

                Cheers.
                Jiri

                --- In scrumdevelopment@yahoogroups.com, Stefan Ahrensdorf
                <sahrensdorf@p...> wrote:
                > Hi,
                >
                > I was the lucky winner of our "Application change management
                process" as
                > part of the 404 documentation. We choose a more or less minimalistic
                > approach, creating a 10 page process narrative and a "Scrum flowchart"
                > (no flames please ;-) amended with some engineering practices. So
                far we
                > have passed two internal audits by our parent company and just had the
                > external audit as well, final feedback from that due soon.
                >
                > I'll be happy to answer any specific questions people might have. If
                > there is broader interest I could do a brief write-up.
                >
                > Regards
                > Stefan Ahrensdorf
                >
                >
                > mike.dwyer1@c... wrote:
                >
                > > Anyone dealing with Sarbanes Oxley and Agile/Scrum? I think it is
                > > going to prove to be a very interesting learning experience.
                > >
                > > --
                > > Mike Dwyer
                > >
                > > "I Keep six faithful serving-men
                > > Who serve me well and true:
                > > Their names are What and Where and When
                > > And How and Why and Who." - Kipling
                > >
                > >
                > > To Post a message, send it to: scrumdevelopment@e...
                > > To Unsubscribe, send a blank message to:
                > > scrumdevelopment-unsubscribe@e...
                > >
                > >
                > > *Yahoo! Groups Sponsor*
                > > ADVERTISEMENT
                > >
                > >
                > >
                ------------------------------------------------------------------------
                > > *Yahoo! Groups Links*
                > >
                > > * To visit your group on the web, go to:
                > > http://groups.yahoo.com/group/scrumdevelopment/
                > >
                > > * To unsubscribe from this group, send an email to:
                > > scrumdevelopment-unsubscribe@yahoogroups.com
                > >
                <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
                > >
                > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
                > > Service <http://docs.yahoo.com/info/terms/>.
                > >
                > >
              • Stefan Ahrensdorf
                Mike (D), Jiri, thanks for your encouragement - I have started to work on this. It might take some time until you get to see it - I was advised it has to go
                Message 7 of 21 , Mar 1, 2005
                • 0 Attachment
                  Mike (D), Jiri,

                  thanks for your encouragement - I have started to work on this.
                  It might take some time until you get to see it - I was advised it has to go through legal at our parent company... not very "agile", is it :-)

                  Regards
                  Stefan

                  Jiri Lundak wrote:

                  Hi Stefan,

                  Sounds interesting to me, as we will face some external
                  audit later this year, and I was thinking how to describe
                  our (Scrum) approach in an 'audit-compatible' manner.

                  Looking forward to a write up.

                  Cheers.
                  Jiri

                  --- In scrumdevelopment@yahoogroups.com, Stefan Ahrensdorf
                  <sahrensdorf@p...> wrote:
                  > Hi,
                  >
                  > I was the lucky winner of our "Application change management
                  process" as
                  > part of the 404 documentation. We choose a more or less minimalistic
                  > approach, creating a 10 page process narrative and a "Scrum flowchart"
                  > (no flames please ;-) amended with some engineering practices. So
                  far we
                  > have passed two internal audits by our parent company and just had the
                  > external audit as well, final feedback from that due soon.
                  >
                  > I'll be happy to answer any specific questions people might have. If
                  > there is broader interest I could do a brief write-up.
                  >
                  > Regards
                  > Stefan Ahrensdorf
                  >
                  >
                  > mike.dwyer1@c... wrote:
                  >
                  > > Anyone dealing with Sarbanes Oxley and Agile/Scrum?  I think it is
                  > > going to prove to be a very interesting learning experience.
                  > > 
                  > > --
                  > > Mike Dwyer
                  > >
                  > > "I Keep six faithful serving-men
                  > > Who serve me well and true:
                  > > Their names are What and Where and When
                  > > And How and Why and Who." - Kipling
                  > >
                  > >
                  > > To Post a message, send it to:   scrumdevelopment@e...
                  > > To Unsubscribe, send a blank message to:
                  > > scrumdevelopment-unsubscribe@e...
                  > >
                  > >
                  > > *Yahoo! Groups Sponsor*
                  > > ADVERTISEMENT
                  > >
                  > >
                  > >
                  ------------------------------------------------------------------------
                  > > *Yahoo! Groups Links*
                  > >
                  > >     * To visit your group on the web, go to:
                  > >       http://groups.yahoo.com/group/scrumdevelopment/
                  > >       
                  > >     * To unsubscribe from this group, send an email to:
                  > >       scrumdevelopment-unsubscribe@yahoogroups.com
                  > >     
                  <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
                  > >       
                  > >     * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
                  > >       Service <http://docs.yahoo.com/info/terms/>.
                  > >
                  > >





                  To Post a message, send it to:   scrumdevelopment@...
                  To Unsubscribe, send a blank message to: scrumdevelopment-unsubscribe@...



                • mike.dwyer1@comcast.net
                  Remember that Agile is about doing the minimal needed to accomplish the task. If the work you did is the property of the company, then legal review is a
                  Message 8 of 21 , Mar 1, 2005
                  • 0 Attachment
                    Remember that Agile is about doing the minimal needed to accomplish the task.  If the work you did is the property of the company, then legal review is a minimal step needed to keep you and the company from having problems.  (This really hurts to write, but it is the only fair thing to do!) 
                     
                    --
                    Mike Dwyer

                    "I Keep six faithful serving-men
                    Who serve me well and true:
                    Their names are What and Where and When
                    And How and Why and Who." - Kipling
                     
                    -------------- Original message --------------
                    Mike (D), Jiri,

                    thanks for your encouragement - I have started to work on this.
                    It might take some time until you get to see it - I was advised it has to go through legal at our parent company... not very "agile", is it :-)

                    Regards
                    Stefan

                    Jiri Lundak wrote:

                    Hi Stefan,

                    Sounds interesting to me, as we will face some external
                    audit later this year, and I was thinking how to describe
                    our (Scrum) approach in an 'audit-compatible' manner.

                    Looking forward to a write up.

                    Cheers.
                    Jiri

                    --- In scrumdevelopment@yahoogroups.com, Stefan Ahrensdorf
                    <sahrensdorf@p...> wrote:
                    > Hi,
                    >
                    > I was the lucky winner of our "Application change management
                    process" as
                    > part of the 404 documentation. We choose a more or less minimalistic
                    > approach, creating a 10 page process narrative and a "Scrum flowchart"
                    > (no flames please ;-) amended with some engineering practices. So
                    far we
                    > have passed two internal audits by our parent company and just had the
                    > external audit as well, final feedback from that due soon.
                    >
                    > I'll be happy to answer any specific questions people might have. If
                    > there is broader interest I could do a brief write-up.
                    >
                    > Regards
                    > Stefan Ahrensdorf
                    >
                    >
                    > mike.dwyer1@c... wrote:
                    >
                    > > Anyone dealing with Sarbanes Oxley and Agile/Scrum?  I think it is
                    > > going to prove to be a very interesting learning experience.
                    > > 
                    > > --
                    > > Mike Dwyer
                    > >
                    > > "I Keep six faithful serving-men
                    > > Who serve me well and true:
                    > > Their names are What and Where and When
                    > > And How and Why and Who." - Kipling
                    > >
                    > >
                    > > To Post a message, send it to:   scrumdevelopment@e...
                    > > To Unsubscribe, send a blank message to:
                    > > scrumdevelopment-unsubscribe@e...
                    > >
                    > >
                    > > *Yahoo! Groups Sponsor*
                    > > ADVERTISEMENT
                    > >
                    > >
                    > >
                    ------------------------------------------------------------------------
                    > > *Yahoo! Groups Links*
                    > >
                    > >     * To visit your group on the web, go to:
                    > >       http://groups.yahoo.com/group/scrumdevelopment/
                    > >       
                    > >     * To unsubscribe from this group, send an email to:
                    > >       scrumdevelopment-unsubscribe@yahoogroups.com
                    > >     
                    <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
                    > >       
                    > >     * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
                    > >       Service <http://docs.yahoo.com/info/terms/>.
                    > >
                    > >





                    To Post a message, send it to:   scrumdevelopment@...
                    To Unsubscribe, send a blank message to: scrumdevelopment-unsubscribe@...





                    To Post a message, send it to:   scrumdevelopment@...
                    To Unsubscribe, send a blank message to: scrumdevelopment-unsubscribe@...



                  • Paul Wilson
                    ... Hi, Does anyone have anything more on this? I m a relatively new Developer on a greenfield project for a (very) large organisation and I m pushing Agile
                    Message 9 of 21 , Mar 19, 2005
                    • 0 Attachment
                      --- In scrumdevelopment@yahoogroups.com, "Jiri Lundak"
                      <jiri.lundak@l...> wrote:
                      >
                      > Hi Stefan,
                      >
                      > Sounds interesting to me, as we will face some external
                      > audit later this year, and I was thinking how to describe
                      > our (Scrum) approach in an 'audit-compatible' manner.
                      >
                      Hi,

                      Does anyone have anything more on this? I'm a relatively new
                      Developer on a greenfield project for a (very) large organisation and
                      I'm pushing Agile \ Scrum(*) hard, with some promising results so far.
                      One of the pending issues is SOX compliance for the project. Frankly
                      I have no idea what SOX is (reading up for me, I thing), but pointers
                      on audit and Scrum would be great for me.

                      Paul
                    • Phlip
                      ... I heard of a company whose first Scrum/XP project was on-time and under-budget, despite passing both CMMI and ISO audits. I have a theory that any audit
                      Message 10 of 21 , Mar 19, 2005
                      • 0 Attachment
                        Paul Wilson wrote:

                        > Does anyone have anything more on this? I'm a relatively new
                        > Developer on a greenfield project for a (very) large organisation and
                        > I'm pushing Agile \ Scrum(*) hard, with some promising results so far.
                        > One of the pending issues is SOX compliance for the project. Frankly
                        > I have no idea what SOX is (reading up for me, I thing), but pointers
                        > on audit and Scrum would be great for me.

                        I heard of a company whose first Scrum/XP project was on-time and
                        under-budget, despite passing both CMMI and ISO audits.

                        I have a theory that any audit paperwork requirement can be converted
                        into a FITnesse test page.

                        This might lead to a situation where regulators start requiring
                        interactive paperwork. That would slow down our competition, as they
                        scramble to retrofit high-level tests, without the low-level support.
                        Darn.

                        --
                        Phlip
                      • Mike Dwyer
                        Contact Mike Beedle - he would be the SME (subject matter expert) on this from a SCRUM and product viewpoint. Michael F. Dwyer Mike.Dwyer1@comcast.net ...
                        Message 11 of 21 , Mar 19, 2005
                        • 0 Attachment
                          Contact Mike Beedle - he would be the SME (subject matter expert) on this
                          from a SCRUM and product viewpoint.

                          Michael F. Dwyer

                          Mike.Dwyer1@...



                          -----Original Message-----
                          From: Paul Wilson [mailto:yahoo_lists@...]
                          Sent: Saturday, March 19, 2005 5:39 PM
                          To: scrumdevelopment@yahoogroups.com
                          Subject: [scrumdevelopment] Re: SOX and Agile



                          --- In scrumdevelopment@yahoogroups.com, "Jiri Lundak"
                          <jiri.lundak@l...> wrote:
                          >
                          > Hi Stefan,
                          >
                          > Sounds interesting to me, as we will face some external
                          > audit later this year, and I was thinking how to describe
                          > our (Scrum) approach in an 'audit-compatible' manner.
                          >
                          Hi,

                          Does anyone have anything more on this? I'm a relatively new
                          Developer on a greenfield project for a (very) large organisation and
                          I'm pushing Agile \ Scrum(*) hard, with some promising results so far.
                          One of the pending issues is SOX compliance for the project. Frankly
                          I have no idea what SOX is (reading up for me, I thing), but pointers
                          on audit and Scrum would be great for me.

                          Paul







                          To Post a message, send it to: scrumdevelopment@...
                          To Unsubscribe, send a blank message to:
                          scrumdevelopment-unsubscribe@...
                          Yahoo! Groups Links
                        • Paul Hodgetts
                          ... I did a little bit of investigating (brainstorming really) for a client on SOX issues with Scrum. I didn t get to see it through to an audit, and I m
                          Message 12 of 21 , Mar 19, 2005
                          • 0 Attachment
                            Paul Wilson wrote:

                            > Does anyone have anything more on this? I'm a relatively new
                            > Developer on a greenfield project for a (very) large organisation and
                            > I'm pushing Agile \ Scrum(*) hard, with some promising results so far.
                            > One of the pending issues is SOX compliance for the project. Frankly
                            > I have no idea what SOX is (reading up for me, I thing), but pointers
                            > on audit and Scrum would be great for me.

                            I did a little bit of investigating (brainstorming really) for
                            a client on SOX issues with Scrum. I didn't get to see it
                            through to an audit, and I'm hardly an expert on Sox compliance.
                            But, in case it helps, here's some results of that thinking...

                            At it's core, SOX requires that an organization maintains
                            adequate controls over financial data and its access across
                            the organization. The infamous section 404, requires that
                            CEOs and CFOs sign off on that, with severe penalties if
                            they are wrong. There's nothing like a scared CEO to make
                            the development organization scramble in their wake. ;-)

                            There are a lot of things about SOX compliance that I don't
                            think affect the Scrum development team directly, like making
                            sure we have backups of data, and security controls, etc. --
                            more IT operations kind of things. If these things spawn off
                            requirements for the systems we build, then of course the
                            team has to build to those requirements (see below).

                            One area of SOX compliance is making sure the financial info
                            that a company uses is consistent and correct. For software,
                            this is more an issue with what systems are in place, and how
                            these system store and access financial data. These types of
                            requirements would of course feed things into Scrum backlogs,
                            perhaps affecting the Product Owner's work, but has less to do
                            with the development process itself.

                            A second area is making sure the systems, once we have the
                            proper requirements figured out, actually function correctly
                            when working with the financial data. Scrum does not specify
                            testing practices, but the spirit of Scrum asks us to provide
                            a measure of completeness for backlog items, which of course
                            implies testing. If we use agile acceptance testing practices
                            to build a solid, automated testing safety net around our
                            backlog items, it makes proving the correctness of financial
                            systems a whole lot easier, and auditing for correctness pretty
                            straightforward. But IMHO, we have to raise our level of
                            acceptance testing to a pretty high level (we have to raise our
                            level of testing to a high level no matter what process, IMHO).

                            A third area is controlling changes to the financial software
                            systems, so that we can prove that we're not altering the
                            functionality or correctness of them without some level of
                            control over those changes. Fortunately, Scrum (and most all
                            agile processes) already provide a pretty good level of scope
                            control via the product backlog and sprint backlog. I think
                            we'd have to provide some more ceremony around backlog change,
                            like sign offs or something, to provide the auditor with the
                            evidence that changes are not being made without controls. It
                            would put some extra hoops in place for developers when they
                            want to refactor code -- I would guess we'd need someone on
                            the technical team to sign off on refactorings. Maybe pairing
                            with such an authorized person would help?

                            I think these general approaches also help in thinking about
                            how to comply with other regulated environments, like FDA or
                            HIPAA. As with those environments, many people interpret the
                            SOX regulations as requiring a particular type of development
                            process, but from talking with a couple of knowledgeable folks,
                            it seems it does not -- it only asks for certain levels of
                            controls and auditing. The problem is that a scared CEO/CFO
                            may go overboard to protect their interests, and may end up
                            buying into one of the expensive, heavyweight compliance
                            solutions that dictate process things they don't need to.

                            As I mentioned, I didn't get to see if our investigations
                            resulted in a SOX-compliant Scrum-like process or not. But the
                            talks with some more knowledgeable SOX folks were promising, so
                            I think we were headed in the right direction and it would be
                            very possible and not too painful to pass a SOX audit with a
                            process based on Scrum with some added formality and ceremony.
                            Maybe we'd bit a bit less agile, but it shouldn't hurt the core
                            agile values and strategies.

                            Paul
                            -----
                            Paul Hodgetts -- CEO, Coach, Trainer, Consultant
                            Agile Logic -- www.agilelogic.com
                            Training, Coaching, Consulting -- Agile Processes/Scrum/Lean/XP
                            Complete solutions for adopting agile processes, Scrum and XP.

                            Upcoming Events:

                            Certified ScrumMaster Training, Las Vegas, NV - April 25-26, 2005
                            http://www.agilelogic.com/CSM.html
                          • gabby_robertson
                            I had to deal with SOX audits at my last company (fully Agile - Scrum/XP) for the tech division and went through a lot of preparation with the nice folks from
                            Message 13 of 21 , Mar 20, 2005
                            • 0 Attachment
                              I had to deal with SOX audits at my last company (fully Agile -
                              Scrum/XP) for the tech division and went through a lot of preparation
                              with the nice folks from PWC. We documented the Scrum and XP process
                              which did include our QA section, how we committed code etc. You need
                              to provide an audit trail and show that you are taking every step to
                              reduce risk and produce a quality product. Scrum does do this and our
                              TDD approach and review cycles at frequent intervals passed with
                              flying colors.

                              I did create some forms for new projects to state what the project was
                              and when it was officially approved, put into production, and
                              completed. The Product owners would fill out the 1 page (very very
                              simple) form, be allocated a number (looks nice and official and we
                              had to capture capitalizable labor) and get it signed. I signed these
                              and as they were printed out and put in a folder. It was very
                              lightweight but satisfied the auditors. They need to see things
                              looking very neat and organized but the trick is keeping your overhead
                              down.

                              The main SOX issues were operationally driven as someone else covered
                              in detail but I don't think you should have any problem using Scrum.
                              Email me directly if you need any other details.

                              Gabrielle Benefield (gbenefield@...)

                              --- In scrumdevelopment@yahoogroups.com, "Paul Wilson"
                              <yahoo_lists@m...> wrote:
                              >
                              > --- In scrumdevelopment@yahoogroups.com, "Jiri Lundak"
                              > <jiri.lundak@l...> wrote:
                              > >
                              > > Hi Stefan,
                              > >
                              > > Sounds interesting to me, as we will face some external
                              > > audit later this year, and I was thinking how to describe
                              > > our (Scrum) approach in an 'audit-compatible' manner.
                              > >
                              > Hi,
                              >
                              > Does anyone have anything more on this? I'm a relatively new
                              > Developer on a greenfield project for a (very) large organisation and
                              > I'm pushing Agile \ Scrum(*) hard, with some promising results so far.
                              > One of the pending issues is SOX compliance for the project. Frankly
                              > I have no idea what SOX is (reading up for me, I thing), but pointers
                              > on audit and Scrum would be great for me.
                              >
                              > Paul
                            • Phlip
                              ... Look sir, look sir, Mister Knoxley. We ll have some fun with Sarbanes-Oxley. First I l make a slick trick cash stash. You can make a pump-dump stock
                              Message 14 of 21 , Mar 21, 2005
                              • 0 Attachment
                                gabby_robertson wrote:
                                >
                                > I had to deal with SOX audits at my last company (fully Agile -
                                > Scrum/XP) for the tech division and went through a lot of preparation
                                > with the nice folks from PWC. We documented the Scrum and XP process
                                > which did include our QA section, how we committed code etc. You need
                                > to provide an audit trail and show that you are taking every step to
                                > reduce risk and produce a quality product. Scrum does do this and our
                                > TDD approach and review cycles at frequent intervals passed with
                                > flying colors.

                                "Look sir, look sir, Mister Knoxley.
                                We'll have some fun with Sarbanes-Oxley.
                                First I'l make a slick trick cash stash.
                                You can make a pump-dump stock smash."

                                "I don't like this Mister Fox sir.
                                We're letting audit firms control our SOX sir."

                                "Try to say this, Mister Knoxley, please.
                                Thru three tax trees a fee freeze flew.
                                So three fax fleas had a shredder cheese chew.
                                Their bennies bought them sound bites on the N.B.C. News
                                And that's what gave the S.E.C. clues!"

                                "This is won't work, you SOX Fox, sir.
                                Off you'll jerk into a SOX, sir!"

                                "When RDBMS tables tattle it's called tattle table data.
                                When RDBMS tables tattle on your navel it's called
                                navel tattle table data. And when data tables tattle
                                on your navel with a label, it's a label navel tattle
                                table. And when data tables tattle on your navel with
                                a label in a haven, it's a haven label navel tattle
                                table. And when you swear on the Bible and babble about
                                your data table tattle with your navel with a label in
                                a haven in the islands, it's a babble Bible island
                                haven navel label table tattle!

                                "Mister Knoxley, our game is done, sir.
                                And now we are both on the run, sir."

                                --
                                Phlip
                              • Jim.Hyslop
                                ... [...] ... Move over, Theodore Geisel! -- Jim Hyslop Senior Software Designer Leitch Technology International Inc. ( http://www.leitch.com ) Columnist,
                                Message 15 of 21 , Mar 21, 2005
                                • 0 Attachment
                                  Phlip wrote:
                                  > "Look sir, look sir, Mister Knoxley.
                                  [...]
                                  > "Mister Knoxley, our game is done, sir.
                                  > And now we are both on the run, sir."

                                  Move over, Theodore Geisel!

                                  --
                                  Jim Hyslop
                                  Senior Software Designer
                                  Leitch Technology International Inc. ( http://www.leitch.com )
                                  Columnist, C/C++ Users Journal ( http://www.cuj.com/experts )
                                • Phlip
                                  ... http://www.c2.com/cgi/wiki?AgilePropheciesOfDoctorSeuss -- Phlip
                                  Message 16 of 21 , Mar 21, 2005
                                  • 0 Attachment
                                    Jim.Hyslop wrote:

                                    > Move over, Theodore Geisel!

                                    http://www.c2.com/cgi/wiki?AgilePropheciesOfDoctorSeuss

                                    --
                                    Phlip
                                  • Christian E. Gruber
                                    Ye Gods, I nearly choked to death on this. It was beautiful - especially when read aloud. Thank you Philip, thank you. regards, Christian. ... -- ...
                                    Message 17 of 21 , Mar 22, 2005
                                    • 0 Attachment
                                      Ye Gods, I nearly choked to death on this. It was beautiful -
                                      especially when read aloud.


                                      Thank you Philip, thank you.


                                      regards,

                                      Christian.

                                      Phlip wrote:

                                      >"Mister Knoxley, our game is done, sir.
                                      >And now we are both on the run, sir."
                                      >
                                      >
                                      >


                                      --
                                      -----------------------------------------------------------------------
                                      Christian E. Gruber cgruber@...
                                    • Paul Wilson
                                      ... Thanks for the info from all who responded (even Dr Seuss). The whole issue has subsided for the moment - I fully expect to be hit with the you need the
                                      Message 18 of 21 , Mar 24, 2005
                                      • 0 Attachment
                                        --- In scrumdevelopment@yahoogroups.com, "gabby_robertson"
                                        <gabby_robertson@y...> wrote:
                                        >
                                        > and as they were printed out and put in a folder. It was very
                                        > lightweight but satisfied the auditors. They need to see things
                                        > looking very neat and organized but the trick is keeping your overhead
                                        > down.
                                        >
                                        Thanks for the info from all who responded (even Dr Seuss). The whole
                                        issue has subsided for the moment - I fully expect to be hit with the
                                        "you need the heavy-weight methodology for compliance" hammer
                                        sometime, so the pointers given have been useful. Part of the problem
                                        is that here (in the UK) no-one really knows what SOX is, and the
                                        unknown can be used to frighten.

                                        Paul
                                      • Deb
                                        Stefan - I d love to hear more about this too! Please let us know here, when you have some notes available for us! Thanks deb ... process as ... far we ...
                                        Message 19 of 21 , Apr 25, 2005
                                        • 0 Attachment
                                          Stefan - I'd love to hear more about this too!
                                          Please let us know here, when you have some notes available for us!
                                          Thanks
                                          deb

                                          --- In scrumdevelopment@yahoogroups.com, Stefan Ahrensdorf
                                          <sahrensdorf@p...> wrote:
                                          > Hi,
                                          >
                                          > I was the lucky winner of our "Application change management
                                          process" as
                                          > part of the 404 documentation. We choose a more or less minimalistic
                                          > approach, creating a 10 page process narrative and a "Scrum flowchart"
                                          > (no flames please ;-) amended with some engineering practices. So
                                          far we
                                          > have passed two internal audits by our parent company and just had the
                                          > external audit as well, final feedback from that due soon.
                                          >
                                          > I'll be happy to answer any specific questions people might have. If
                                          > there is broader interest I could do a brief write-up.
                                          >
                                          > Regards
                                          > Stefan Ahrensdorf
                                          >
                                          >
                                          > mike.dwyer1@c... wrote:
                                          >
                                          > > Anyone dealing with Sarbanes Oxley and Agile/Scrum? I think it is
                                          > > going to prove to be a very interesting learning experience.
                                          > >
                                          > > --
                                          > > Mike Dwyer
                                          > >
                                          > > "I Keep six faithful serving-men
                                          > > Who serve me well and true:
                                          > > Their names are What and Where and When
                                          > > And How and Why and Who." - Kipling
                                          > >
                                          > >
                                          > > To Post a message, send it to: scrumdevelopment@e...
                                          > > To Unsubscribe, send a blank message to:
                                          > > scrumdevelopment-unsubscribe@e...
                                          > >
                                          > >
                                          > > *Yahoo! Groups Sponsor*
                                          > > ADVERTISEMENT
                                          > >
                                          > >
                                          > >
                                          ------------------------------------------------------------------------
                                          > > *Yahoo! Groups Links*
                                          > >
                                          > > * To visit your group on the web, go to:
                                          > > http://groups.yahoo.com/group/scrumdevelopment/
                                          > >
                                          > > * To unsubscribe from this group, send an email to:
                                          > > scrumdevelopment-unsubscribe@yahoogroups.com
                                          > >
                                          <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
                                          > >
                                          > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
                                          > > Service <http://docs.yahoo.com/info/terms/>.
                                          > >
                                          > >
                                        • Stefan Ahrensdorf
                                          Deb & all interested - I am working on this, please expect to see sth within the next two weeks or so.
                                          Message 20 of 21 , Apr 26, 2005
                                          • 0 Attachment
                                            Deb & all interested - I am working on this, please expect to see sth
                                            within the next two weeks or so.

                                            Deb wrote on 4/25/2005 8:11 PM:

                                            >
                                            > Stefan - I'd love to hear more about this too!
                                            > Please let us know here, when you have some notes available for us!
                                            > Thanks
                                            > deb
                                            >
                                            > --- In scrumdevelopment@yahoogroups.com, Stefan Ahrensdorf
                                            > <sahrensdorf@p...> wrote:
                                            > > Hi,
                                            > >
                                            > > I was the lucky winner of our "Application change management
                                            > process" as
                                            > > part of the 404 documentation. We choose a more or less minimalistic
                                            > > approach, creating a 10 page process narrative and a "Scrum flowchart"
                                            > > (no flames please ;-) amended with some engineering practices. So
                                            > far we
                                            > > have passed two internal audits by our parent company and just had the
                                            > > external audit as well, final feedback from that due soon.
                                            > >
                                            > > I'll be happy to answer any specific questions people might have. If
                                            > > there is broader interest I could do a brief write-up.
                                            > >
                                            > > Regards
                                            > > Stefan Ahrensdorf
                                            > >
                                            > >
                                            > > mike.dwyer1@c... wrote:
                                            > >
                                            > > > Anyone dealing with Sarbanes Oxley and Agile/Scrum? I think it is
                                            > > > going to prove to be a very interesting learning experience.
                                            > > >
                                            > > > --
                                            > > > Mike Dwyer
                                            > > >
                                            > > > "I Keep six faithful serving-men
                                            > > > Who serve me well and true:
                                            > > > Their names are What and Where and When
                                            > > > And How and Why and Who." - Kipling
                                            > > >
                                            > > >
                                            > > > To Post a message, send it to: scrumdevelopment@e...
                                            > > > To Unsubscribe, send a blank message to:
                                            > > > scrumdevelopment-unsubscribe@e...
                                            > > >
                                            > > >
                                            > > > *Yahoo! Groups Sponsor*
                                            > > > ADVERTISEMENT
                                            > > >
                                            > > >
                                            > > >
                                            > ------------------------------------------------------------------------
                                            > > > *Yahoo! Groups Links*
                                            > > >
                                            > > > * To visit your group on the web, go to:
                                            > > > http://groups.yahoo.com/group/scrumdevelopment/
                                            > > >
                                            > > > * To unsubscribe from this group, send an email to:
                                            > > > scrumdevelopment-unsubscribe@yahoogroups.com
                                            > > >
                                            > <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
                                            > > >
                                            > > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
                                            > > > Service <http://docs.yahoo.com/info/terms/>.
                                            > > >
                                            > > >
                                            >
                                            >
                                            >
                                            >
                                            >
                                            > To Post a message, send it to: scrumdevelopment@...
                                            > To Unsubscribe, send a blank message to:
                                            > scrumdevelopment-unsubscribe@...
                                            >
                                            >
                                            > ------------------------------------------------------------------------
                                            > *Yahoo! Groups Links*
                                            >
                                            > * To visit your group on the web, go to:
                                            > http://groups.yahoo.com/group/scrumdevelopment/
                                            >
                                            > * To unsubscribe from this group, send an email to:
                                            > scrumdevelopment-unsubscribe@yahoogroups.com
                                            > <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
                                            >
                                            > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
                                            > Service <http://docs.yahoo.com/info/terms/>.
                                            >
                                            >
                                          • Deb
                                            Thanks, Stefan! and... ... Congratulations! ... flowchart ... had the ... ...
                                            Message 21 of 21 , Apr 26, 2005
                                            • 0 Attachment
                                              Thanks, Stefan! and...

                                              > So far we
                                              > have passed two internal audits by our parent company ...

                                              Congratulations!

                                              --- In scrumdevelopment@yahoogroups.com, Stefan Ahrensdorf
                                              <sahrensdorf@p...> wrote:
                                              > Deb & all interested - I am working on this, please expect to see sth
                                              > within the next two weeks or so.
                                              >
                                              > Deb wrote on 4/25/2005 8:11 PM:
                                              >
                                              > >
                                              > > Stefan - I'd love to hear more about this too!
                                              > > Please let us know here, when you have some notes available for us!
                                              > > Thanks
                                              > > deb
                                              > >
                                              > > --- In scrumdevelopment@yahoogroups.com, Stefan Ahrensdorf
                                              > > <sahrensdorf@p...> wrote:
                                              > > > Hi,
                                              > > >
                                              > > > I was the lucky winner of our "Application change management
                                              > > process" as
                                              > > > part of the 404 documentation. We choose a more or less minimalistic
                                              > > > approach, creating a 10 page process narrative and a "Scrum
                                              flowchart"
                                              > > > (no flames please ;-) amended with some engineering practices. So
                                              > > far we
                                              > > > have passed two internal audits by our parent company and just
                                              had the
                                              > > > external audit as well, final feedback from that due soon.
                                              > > >
                                              > > > I'll be happy to answer any specific questions people might have. If
                                              > > > there is broader interest I could do a brief write-up.
                                              > > >
                                              > > > Regards
                                              > > > Stefan Ahrensdorf
                                              > > >
                                              > > >
                                              > > > mike.dwyer1@c... wrote:
                                              > > >
                                              > > > > Anyone dealing with Sarbanes Oxley and Agile/Scrum? I think it is
                                              > > > > going to prove to be a very interesting learning experience.
                                              > > > >
                                              > > > > --
                                              > > > > Mike Dwyer
                                              > > > >
                                              > > > > "I Keep six faithful serving-men
                                              > > > > Who serve me well and true:
                                              > > > > Their names are What and Where and When
                                              > > > > And How and Why and Who." - Kipling
                                              > > > >
                                              > > > >
                                              > > > > To Post a message, send it to: scrumdevelopment@e...
                                              > > > > To Unsubscribe, send a blank message to:
                                              > > > > scrumdevelopment-unsubscribe@e...
                                              > > > >
                                              > > > >
                                              > > > > *Yahoo! Groups Sponsor*
                                              > > > > ADVERTISEMENT
                                              > > > >
                                              > > > >
                                              > > > >
                                              > >
                                              ------------------------------------------------------------------------
                                              > > > > *Yahoo! Groups Links*
                                              > > > >
                                              > > > > * To visit your group on the web, go to:
                                              > > > > http://groups.yahoo.com/group/scrumdevelopment/
                                              > > > >
                                              > > > > * To unsubscribe from this group, send an email to:
                                              > > > > scrumdevelopment-unsubscribe@yahoogroups.com
                                              > > > >
                                              > >
                                              <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
                                              > > > >
                                              > > > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
                                              > > > > Service <http://docs.yahoo.com/info/terms/>.
                                              > > > >
                                              > > > >
                                              > >
                                              > >
                                              > >
                                              > >
                                              > >
                                              > > To Post a message, send it to: scrumdevelopment@e...
                                              > > To Unsubscribe, send a blank message to:
                                              > > scrumdevelopment-unsubscribe@e...
                                              > >
                                              > >
                                              > >
                                              ------------------------------------------------------------------------
                                              > > *Yahoo! Groups Links*
                                              > >
                                              > > * To visit your group on the web, go to:
                                              > > http://groups.yahoo.com/group/scrumdevelopment/
                                              > >
                                              > > * To unsubscribe from this group, send an email to:
                                              > > scrumdevelopment-unsubscribe@yahoogroups.com
                                              > >
                                              <mailto:scrumdevelopment-unsubscribe@yahoogroups.com?subject=Unsubscribe>
                                              > >
                                              > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
                                              > > Service <http://docs.yahoo.com/info/terms/>.
                                              > >
                                              > >
                                            Your message has been successfully submitted and would be delivered to recipients shortly.