Contenu connexe Similaire à Scrum and Compliance for Scrum Gathering Vegas (2013) Similaire à Scrum and Compliance for Scrum Gathering Vegas (2013) (20) Plus de Laszlo Szalvay (13) Scrum and Compliance for Scrum Gathering Vegas (2013)1. 1 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
ENTERPRISE CLOUD DEVELOPMENT
Making Scrum Work in Regulated
Industries
Laszlo Szalvay
VP Worldwide Scrum Business
Version 7.0 (04 May 2013)
2. 2 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Compliance is Top of Mind
To become a mainstream methodology, Agile had to
overcome many potential obstacles. The first was
geography…One of today’s most daunting obstacles is
compliance, often bringing heavyweight documentation,
required procedures that are very waterfall-ish, complex
approval workflows, and complicated approval processes.
July 2011
Forrester Research, Inc.
“Compliance Is A Hurdle, Not A Barrier, To Agile”
Tom Grant, PhD
“
”
3. 3 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Quotes from Govt
Agile is not just a method or a process, it’s a way of being. You don’t do
Agile. You are Agile. The FBI has arranged to load their ScrumMaster to
other teams to get them trained. Increased Transparency has kept
stakeholders in sync. Further, stakeholders would modify their expectations,
based on the increased visibility of the process.
Jack Israel, CTO FBI
With no significant bugs reported…operation nearly flawless – a stunning
and an unpredicted success. What are the implications for failing IT
programs across government?
Roger Baker, CIO VA
“
”
4. 4 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Agenda
1. Market Overview
2. How do your teams want
to work?
3. Problem Statement
4. Hands on Exercise
5. Case Study
6. BYO Org Patterns
7. Closing
http://bit.ly/SWAwlH
5. 5 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
market trends
0%
5%
10%
15%
20%
25%
30%
35%
40%
Regulated
Unregulated
Source: Forrester/Dr. Dobb’s Global Developer Technographics® Survey, Q3 2010
6. 6 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Your developers want to collaborate and be part of a community
Inner-source (Corporate Open Source)
– Transparency (breeds trust which drives reuse)
– Workspaces and Wikis (Federated)
How does your team want to work?
Ward Cunningham
Inventor of the Wiki
Sent to Laz via LinkedIn in March 2013
Wiki is the oldest and simplest software
that lets a community of strangers work
together to build something of
surprising and lasting value.
“
”
7. 7 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Building a Community Architecture
Both Quotes from this slide come from:
July 2011
Forrester Research, Inc.
“App Dev Teams Dispel The Compliance Boogeyman”
Tom Grant, PhD
The real difference between developers in the
most regulated and less-regulated industries
lies in their reasons for contributing to open
source…developers in more-regulated teams
see open source as an outlet for what they
may not get from a more-regimented
workplace: opportunities for collaboration
and a personal sense of accomplishment.
“
”
30% of developers who
work in regulated
industries contribute to
open source projects
during their free time.
“
”
8. 8 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
”
Thought Leader Perspective
2009
TED Conference
Dan Pink
“These lessons are worth
repeating, and if more
companies feel
emboldened to follow Mr.
Pink's advice, then so much
the better.”
Wall Street Journal
“Pink is rapidly acquiring
international guru status…
He is an engaging writer,
who challenges and
provokes.”
Financial Times
In Drive, Dan Pink examines the three
elements of true motivation—
Autonomy over time, task, team,
technique led to 20% time at some of the
most innovative companies in the world.
“
9. 9 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
How we want to work vs. How we have to work
vs.
http://bit.ly/VMaMHu
http://bit.ly/X9xvwD
10. 10 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
10 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Problem Space
Can values from Scrum and Open Source work
within a Heavily Regulated Industry?
11. 11 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
• Ever changing
• More scrutiny due to Sept 2008 crash and general
‘anger’ at Wall Street (e.g. Occupy Movement)
• Many faces, although for financial vertical
Singapore is emerging as a leader (strategic)
• Not familiar with internal corporate vernacular,
culture, or even software development
Compliance is complex
12. 12 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
• Singapore sees compliance as a strategic differentiator and
Singaporeans have taken a very taken a very hard position
within the banking industry. As such, they are now seen
as the international standard.
• Complex set of cross-border rules that can
be contradictory, incomplete, or vague
• Have seen this in other industries (e.g. Postal)
– Customs is where the most senior people
from DHL, FedEx, UPS sit
Singapore – emerging standard
13. 13 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Visual Problem Statement
• 6 cross functional teams of 8 people
(split between NJ, Silicon Valley and Kiev)
• 2 Backlogs
• 6 Product Owners, 1 Uber - PO
(based in London)
• 2 Compliance Officer
(based in Singapore and NYC)
• 2 external compliance mandates
(overlapping jurisdictions, e,g, MAS
and FSOC) Uber PO Compliance
Officers
Dev Teams
14. 14 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Drill Down
Dec 2011
Compliance Doesn't Have to Be Painful for Banks
Bank Systems & Technology
Bryan Yurcan
“
”
Undoubtedly, the Dodd-Frank bill has driven the biggest
risk management changes for banks; Dodd-Frank’s
2,300-plus pages contain hundreds of new rules and
spell out dozens of studies and reports that regulators
are required to conduct. But many of the law’s new
regulations have yet to be implemented or, in some
cases, still remain undefined. And many of the new
rules don't have a set implementation date.
15. 15 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
• Agility and Compliance not only co-exist
but thrive when used together
• What is interesting and worth pointing
out as a paradox is that compliance is
seen as a negative. Yet companies that
invest in process regardless of
government requirements are always the
better and more profitable organizations.
Our BHAG (big hairy audacious goal)
16. 16 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
16 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Exercise #1
17. 17 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Please read scenarios and discuss
(12 mins)
Exercise: Navigate Amorphous Compliance Issue
18. 18 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Feedback
(6 mins)
Exercise: Navigate Amorphous Compliance Issue
19. 19 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
19 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Case Study
20. 20 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
• On Feb 24, options market maker Ronin Capital injected more than 30,000
mispriced quotes into the NYSE Amex exchange. (http://bit.ly/Vsgdih)
• On March 23, the BATS Exchange, handling its own IPO traffic on top of
other traffic, crashed. (http://bit.ly/Vsgdih)
• On May 18, the Facebook IPO had many orders stalled and not executed
on the NASDAQ exchange. The Union Bank of Switzerland, alone, lost
more than $350 Million, and curiously Knight Capital lost $35.4 Million
in this incident.
• On August 1, the Knight Capital Group lost $440 Million by
flooding the NYSE with bad orders. (more to follow below)
Case Studies from 2013
List taken from: http://bit.ly/VMqwu2
21. 21 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
21 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Organizational Patterns
What are we seeing to help us down this pathway?
22. 22 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Organizational Patterns
Option One
(a) Bring in external compliance
issues through work items in the
backlog
Risks:
Most external compliance mandates
result in changes to workflow not
work items
23. 23 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Organizational Patterns
Option Two
(a) Automate Changes using
workflow automation tools and
Team picks up changes passively.
Risks:
Give up on the notion of Team
Learning (this can be seen by the
team as anti-agile)
24. 24 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Organizational Patterns
Use the Retrospective Meeting to
introduce evolutionary changes to
process. In this case, use the retro
to introduce new compliance
requirements into workflow and the
backlog.
Option Three
(a) “Mandate changes” from the
Uber PO and Compliance Officer
Risks:
What team self-organization?
http://bit.ly/UvpGmk
25. 25 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Organizational Issues
Use the Retrospective Meeting to introduce
evolutionary changes to process. In this case,
use the retro to introduce new compliance
requirements into workflow and the backlog.
Option Four:
(a) Let the teams roll out their own, using
potentially disastrous self discovery /
learning exercises
Risks
Huge financial losses
Knight Capital’s stock dropped more
than 24% Monday to close at $3.07
following the announcement of the
deal [rescue package]. The new
investment will severely cut into the
value of existing shareholders’ stakes.
http://cnnmon.ie/XKAhqZ
26. 26 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Organizational Issues
Combo Approach
Option Five:
(a) Designate Compliance SME on each team, born from
Q/A who coordinates around workflow with the CCO
office
(b) Introduce governance standards that are rolled out at
the program level which are digested / constructed /
deconstructed in the retro meeting meaning
evolutionary changes to existing workflow and process
Risks
Need to grow many compliance SMEs
Language barriers can be an issue
27. 27 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Build Your Own
Organizational Pattern
Use the handout to uncover your own pattern (15 mins)
Exercise: Build Your Own Organizational Pattern
28. 28 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Build Your Own
Organizational Pattern
Share with the group (10 mins)
Exercise: Build Your Own Organizational Pattern
29. 29 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Submit your Organizational Patterns to:
http://ScrumAndCompliance.com/
http://bit.ly/XKG0Pi (FBI Case Study)
Become the community
30. 30 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
Previous Solution CollabNet
Solution Cost
Three Times More Cost-Effective
Benefits
• Less complicated
• More graceful
• Easier to administer
• Easier to train and use
Source: Business Trends Quarterly
Instead of a one-size-fits-all solution, we
could, for more risk-averse platforms, have
a thicker process with more controls; and
for platforms that needed to be more agile,
we could have a more agile process.
Brian Roberson
Principal
Barclay’s Global Investors
31. 31 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
31 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
© 2013 CollabNet, Inc., All rights reserved. CollabNet is a
trademark or registered trademark of CollabNet Inc., in the US
and other countries. All other trademarks, brand names, or
product names belong to their respective holders.
Laszlo Szalvay
VP Worldwide Scrum Business
Laz@collab.net
https://twitter.com/#!/ewok_bbq
+1-971-506-7862
http://www.linkedin.com/in/laszloszalvay
Notes de l'éditeur I would argue that introducing compliance only complicates this issue.
“Scaling is the last thing you should do” – Bas Vodde, Craig Larman, Martin Fowler, Jeff Sutherland, Ken Schwaber I would argue that introducing compliance only complicates this issue.
“Scaling is the last thing you should do” – Bas Vodde, Craig Larman, Martin Fowler, Jeff Sutherland, Ken Schwaber Before we started, Dan asked me, what's the point here. It's good / great to review that - here's why we are here.
The intersection is workflow management. Often multiple regulations at play just with one team or division. When you scale that the problem grows exponentially. [laz to show one team, then then, then 250)
Developers need to do their work. GRC often tells us how to work and it's never optional - it's required that's why its a regulation.
We need to respect both and find a happy medium. I think I've found a way.
We'll talk through some examples
More often than not Dev's are interested in their work product.
Auditors are interested in the documentation around that work product. This type of relationship isnt unique (You and your CPA)
Discuss the History of when I started in 2004 looking for candidates for the AOC project. Only 40 resumes in Dice.com with the term Scrum
Agile isn't going anywhere. It's hot, and it's how your engineers want to work. Finland is always ahead of technical trends – not sure why. But when I visited their largest SI, a company called Tieto, back in 2010 there CIO simply called it the “modern way to work” Is the Open Source model of working good? Does it produce results?
Wikipedia?
Subversion Elaborate our services and product offerings Gmail was invented during 20% time http://www.mas.gov.sg/index.html (Monetary Authority of Singapore) Our Thesis http://www.advancedtrading.com/algorithms/did-a-rogue-algo-cause-bats-ipo-crash/232800284
INSERT IMAGE And story of $400 mil losses INSERT IMAGE And story of $400 mil losses Former solution was from a proven vendor in the industry and we knew it had audit proof controls, but by the time CollabNet came in, we realized that (former solution) was much less cost effective. CollabNet was three times more cost-effective. We did an actual ROI study with Forrester, and over a three-year period, CollabNet was one third the cost, including the rollout of all these applications and maintenance costs.
CollabNet was a much less complicated solution, was much more graceful to meet our needs, easier to administer, and easier for developers to train up and to use.
The solution also included collaboration capabilities.
The solution was more flexible.
Instead of a one-size-fits-all solution, we could, for more risk-averse platforms, have a thicker process with more controls; and for platforms that needed to be more agile, we could have a more agile process.