Ensuring Governance in an Agile World



Similar documents
Program & Portfolio! Management using! Kanban! Copyright 2013 Davisbase Consulting. Limited Display License Provided to ASPE

THE AGILE WATERFALL MIX DELIVERING SUCCESSFUL PROGRAMS INVOLVING MULTIPLE ORGANIZATIONS

Sound Transit Internal Audit Report - No

Waterfall to Agile. DFI Case Study By Nick Van, PMP

Roles, Activities and Relationships

Measuring ROI of Agile Transformation

A Viable Systems Engineering Approach. Presented by: Dick Carlson

AGILE & SCRUM. Revised 9/29/2015

Collaborative Project Management in a DevOps Culture

LEAN AGILE POCKET GUIDE

Glossary SAFe 4.0 for Lean Software and Systems Engineering

Water-Scrum-Fall Agile Reality for Large Organisations. By Manav Mehan Principal Agile consultant

Agile project portfolio manageme nt

Creating a High Maturity Agile Implementation

Moderator: Albert Jeffrey Moore, ASA, MAAA. Presenters: Albert Jeffrey Moore, ASA, MAAA Kelly J. Rabin, FSA, MAAA Steven L. Stockman, ASA, MAAA

Agile and lean methods for managing application development process

Agile Training Portfolio

WE ARE FOCUSED ON HELPING OUR CLIENTS WORK SMARTER AND MORE EFFICIENTLY SO THAT TOGETHER, WE CAN EMPOWER PEOPLE TO DELIVER GREAT RESULTS.

AGILE - QUICK GUIDE AGILE - PRIMER

Is PRINCE 2 Still Valuable in an Agile Environment?

An Agile Project Management Model

EXIN Agile Scrum Foundation

Transitioning Your Software Process To Agile Jeffery Payne Chief Executive Officer Coveros, Inc.

Agile Development for Application Security Managers

agenda AGILE AT SCALE

D25-2. Agile and Scrum Introduction

TSG Quick Reference Guide to Agile Development & Testing Enabling Successful Business Outcomes

Business Analysis In Agile A Differentiated Narrative

Managing Your Way to Success ensuring economic, effective, efficient quality best practice service (every time)

RISK MANAGMENT ON AN AGILE PROJECT

Agile and lean methods for managing application development process

Introduction to Agile

Whitepaper: How to Add Security Requirements into Different Development Processes. Copyright 2013 SD Elements. All rights reserved.

The Agile Movement An introduction to agile software development

Agile Scrum Workshop

Testing in Scrum Projects

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Quality Assurance in an Agile Environment

Project Management in Software: Origin of Agile

Agile Certification: PMI-ACP

Agile Project Management and Agile Practices Training; with a Scrum Project that you will do.

SECURITY AND RISK MANAGEMENT

An Introduction to Kanban for Scrum Users. Stephen Forte Chief Strategy Officer,

Sprint with Scrum and get the work done. Kiran Honavalli, Manager Deloitte Consulting LLP March 2011

Executive Guide to SAFe 24 July An Executive s Guide to the Scaled Agile Framework.

Secure Code Development

The Agile PMO. Contents. Kevin Thompson, Ph.D., PMP, CSP Agile Practice Lead cprime, Inc E. Third Avenue, Suite 205 Foster City, CA 94404

Agile Requirements Engineering + LESSONS LEARNED

SESSION 303 Wednesday, March 25, 3:00 PM - 4:00 PM Track: Support Center Optimization

Adapting Agile Software Development to Regulated Industry. Paul Buckley Section 706 Section Event June 16, 2015

Agile Software Development

The Agile Project Manager

Agile Based Software Development Model : Benefits & Challenges

Agile Development Overview

Issues in Internet Design and Development

Project Management Office Best Practices

Lean vs. Agile similarities and differences Created by Stephen Barkar -

Between Trapezes: Maintaining Fidelity While Switching Midstream from a CMMI-Driven Waterfall to an Enterprise Lean/Agile Transformation

EXIN Agile Scrum Foundation. Sample Exam

Agile Extension to the BABOK Guide

Implementation. Business-Driven IT-Wide Agile (Scrum) and Kanban (Lean) Andrew T. Pham and David K. Pham. An Action Guide for Business and IT Leaders

Mitigating Risk with Agile Development. Rich Mironov CMO, Enthiosys

About Dean Leffingwell

Redefining Agile to Realize Continuous Business Value

Agile Processes and Distributed Projects: Dream or Nightmare?

How Product Management Must Change To Enable the Agile Enterprise

Leading ITSM from Scrum to Kanban

Waterfall vs. Agile Project Management

Leverage Agile Project Management to Foster Collaboration in Distributed Teams

Agile Requirements And Testing For Continuous Software Delivery

Agile in a Safety Critical world

Overview of Scrum. Scrum Flow for one Sprint SCRUMstudy.com. All Rights Reserved. Daily Standup. Release Planning Schedule. Create.

Software Development Methodologies

How to manage agile development? Rose Pruyne Jack Reed

Introduction to Software Engineering: Project Management ( Highlights )

Agile Fundamentals, ROI and Engineering Best Practices. Rich Mironov Principal, Mironov Consulting

Getting Started with Agile Project Management Methods for Elearning

When is Agile the Best Project Management Method? Lana Tylka

Agile Planning & Metrics That Matter

Course Title: Planning and Managing Agile Projects

Strategy. Agility. Delivery.

Agile Requirements Definition and Management (RDM) How Agile requirements help drive better results

AGILE BUSINESS SERVICES. Guiding and supporting your business. at any stage of your agile journey

Introduction to Agile and Scrum

Getting Business Value from Agile

Integrating Scrum with the Process Framework at Yahoo! Europe

ACP Exam Prep Plus Desk Reference including the Project Management Agile Body of Knowledge TM (PMABOK TM )

Bridging the Gap Between Acceptance Criteria and Definition of Done

Maximize Resource and Investment: Project Portfolio Management (PPM) Case Study: Design and Delivery of a Global PPM Solution

Software Development Life Cycle (SDLC)

Bridging the Gap: Traditional to Agile Project Management. I. S. Parente 1. Susan Parente, PMP, PMI ACP, CISSP, PMI RMP, ITIL, MSEM;

Oracle Unified Method (OUM)

Mastering the Iteration: An Agile White Paper

Scrum and Kanban 101

Transcription:

Ensuring Governance in an Agile World Sean Scranton, CISA, CISM, CRISC Thad King, PMP Agenda Background of RLI Insurance Company What is Agile? Where We Were Governance, Security, and Compliance Issues Where Did We Need to Be Identified improvement areas in the agile process to help ensure IT development is aligned with business requirements How Did We Get There Mitigating Governance, Security, and Compliance Issues Embedding security and controls requirements into the development process Identifying appropriate methods of creating test cases and efficiently performing testing Providing a feedback mechanism for the agile process for continuous improvement 2 1

Background of RLI RLI Insurance Company (RLI) http://www.rlicorp.com (NYSE:RLI) Located in Peoria, IL, licensed in all 50 States. Specialty Insurance Company serving niche markets for over 45 years. RLI = Replacement Lens, Inc. Flagship Product in 1960 was contact lens insurance sold via optometrists. $850M(ish) top line, 2.7B in assets, A+ A.M. Best Rating. Entrepreneurial culture and continued appetite for organic and inorganic growth. 4 2

RLI Insurance Company (RLI) Underwriting Profit RLI has achieved 16 straight years of a combined ratio below 100, and has beaten the industry ratio by an average of 15 points. 5 RLI Insurance Company (RLI) Distributed Insurance Operations, Centralized Home Office Support functions. 800+ Employees, 50+ Locations. IT Department in Peoria, IL with some remote Developers. 4.0% 3.5% Structured into various Solutions teams, Shared Services Team, and 3.0% 2.5% 2.0% 1.5% Technology/Architecture team. 1.0% Strong Microsoft Shop for Development. 0.5% 0.0% Best of Class for non-core functions. The usual challenges balancing legacy, e-legacy and new technology. IT Spending as a % of GWP 3.5% Industry 2.3% RLI 6 3

What is Agile? Agile A framework for development based on empowered teams to respond to unpredictability through iterative cadences Variations include Safe, Scrum, XP, Lean, Kanban, and many more Collaboration Prioritized Flexibility JIT Delivery Quick Feedback Ongoing Refinement Limiting WIP 8 4

How Is Agile Different from Waterfall? Waterfall Agile Upfront Design Contracts Cold handoffs Lessons Learned Postmortem Work shifts teams concurrently Design Integrated Collaboration Face to Face Communication Frequent Retrospectives Manage Flow Limit Work in Process 9 Agile Manifesto We are uncovering better ways of developing software by doing it and helping others do it. Through this work we have come to value: Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan That is, while there is value in the items on the right, we value the items on the left more. Source: www.agilemanifesto.org 10 5

Ongoing Collaboration 11 Where We Were 6

We Had Some Issues Portfolio-Level There is a lot going on, but nothing seems to be moving It is difficult to change decisions late in the process Long or complex projects are difficult to complete Tell us what you want now and we will get back to you in a year Testing is either very long or too high level, and is sacrificed in order to meet deadlines We were just audited and we need to rewrite the system to address the audit issues! 13 We Had Some Issues Project-Level Example project conversion of legacy system to off the shelf system Too little communication between departments Fear of disjointed operational processes by switching systems New requirements came as frequently as old requirements changed No minimum viable product was envisioned Lots of pieces in the air at the same time too much multitasking Audit Requirements came later 14 7

We Had Some Issues Controls System security was almost an afterthought Knew we had to interface with other systems, and at some point we would need to do reconciliations and exception reporting Testing was something we did during training At some point Audit would come around and look at systems controls Overall Result: Internal Audit tried to get involved with *every* large project Eventually, IT called in the cavalry 15 Where Did We Need to Be? 8

Where Did We Need to Be? Partnered with Third Party (the cavalry) to perform an overall assessment of ALM (Application Lifecycle Management) 17 ALM Assessment Findings Lack of built-in quality (code reviews, unit testing, automated testing) lead to maintenance issues Development processes and management were inconsistent between teams process communication Fear of Innovation / Change Learn from it, good or bad Lots of small improvements add up quickly Assessment vendor provided recommendations and action plans, and a simple maturity model for use as a gap analysis 18 9

ALM Rec and Action Plans (Governance) Not Governance that is agile, rather, Governance that supports agile Not overhead integral part of the methodology Main Themes: Portfolio Management Scheduling / Cadences Requirements Definitions Testing Security / Controls System Interface Controls Access Controls Vulnerability Assessments Training Continuous Improvement 19 How Did We Get There? 10

Portfolio Management Needed to ensure IT efforts were Aligned with the Business Governance became the shim between IT and the Business Business = PMG (Project Management Group) / Product Owners Portfolio Level APO02 / APO05 Manage Strategy / Portfolio Project Level BAI01 Manage Programs and Projects Scheduling / Cadence Communication among stakeholders / prioritization (along the horizontal) Communication effective and timely; confirm IT-related objectives are in line with Business Redefined our intake process to ensure cross-team discussions Ongoing Scrum-of-Scrum, consistent Product Owner Involvement 21 Just In Time Sizing JIT Sizing Roadmap planning Release planning Prop T-Shirt Sizing Swagging Estimating Increasing Precision T-shirt: L, M, S Swag: days/hours Task breakdown Project Throttling Don t estimate more than can fit Surety??? GL E&S Auto Project List New PAS XXXL?? M L 5d 1d S S 1d 1d 2d 4d M 9d L 1d 2d S S Future Sprints Next Sprint Current Sprint 22 11

Scheduling / Cadence Needed to align Project Management / Portfolio cadence with IT cadence Was not as hard as it sounds Smallest level of an application the Business discusses is a Feature Features may take one or several sprints Features are broken down into more manageable tasks for IT Difficulty with scheduling work to the teams Small organization, many developers worked on different projects APO07 Manage Human Resources (APO07.05) Time tracking invaluable we can predict available resources 23 Scheduling Resource Planning (Portfolio) 24 12

Scheduling Resource Planning (Team) Team-Level Planning Resource-Level Planning 25 Requirements Definition Previous Waterfall projects would have detailed requirements, but the Business Use case had often changed by the time of implementation Requirements are now created as close to the development as feasible Product Owner drives requirements and defines the true needs Test Cases are now developed from requirements! BAI02 Manage Requirements Definition 26 13

Testing Testing occurs throughout Development, not just at the end As Batch Sizes (sprint times) are reduced, there is an increased need for Testing Automation Limits us to our current maturity level Key is to write requirements that can be directly converted into an Acceptance Test APO11 Manage Quality BAI07 Manage Change Acceptance and Transitioning 27 Testing 28 14

Security / Controls Previous Waterfall developments would add security needs and controls near the end of the project These are now integrated into the overall project Examples System Interfaces Exception Reporting / Reconciliation Reports (DSS06 Manage Business Process Controls) Access Controls Configuration and Access Reports (DSS06 Manage Business Process Controls) Vulnerability Assessments (DSS05 Manage Security Services) 29 Security / Controls Note that System Interface and Access Control needs are part of Development sprints Vulnerability Assessments are performed once the system reaches Q/A Performed out-of-band from sprint cadence Feedback provided to Developers 30 15

Training Previously, training was ad-hoc, and occurred during Testing Training begins once system enters Q/A Still have some room to go with Training BAI08 Manage Knowledge 31 Continuous Improvement Continuous Improvement reviews baked in across the spectrum APO11 Manage Quality (Portfolio / Project) BAI07 Manage Change Acceptance and Transitioning (Project) BAI07.08 Post-Implementation Review MEA01 Monitor, Evaluate and Assess Performance and Conformance Teams have retrospectives to adjust what is not working, enhance what is Governance does the same 32 16

Resources SAFe (Scaled Agile) Framework - www.scaledagileframework.com The Principles of Product Development Flow; Donald G. Reinertsen Succeeding with Agile Governance The Agile PMO; Paul Osborn The Phoenix Project; Kim / Behr / Spafford COBIT 5 33 Questions? Thank You! Sean Scranton, sean.scranton @ rlicorp.com Thad King, thad.king @ rlicorp.com 34 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information