Scrum and Compliance for Scrum Gathering Vegas (2013)

1 Copyright ©2013 CollabNet, Inc. All Rights Reserved.
ENTERPRISE CLOUD DEVELOPMENT
Making Scrum Work in Regulated
Industries
Laszlo Szalvay
VP Worldwide Scrum Business
Version 7.0 (04 May 2013)

Compliance is Top of Mind
To become a mainstream methodology, Agile had to
overcome many potential obstacles. The first was
geography…One of today’s most daunting obstacles is
compliance, often bringing heavyweight documentation,
required procedures that are very waterfall-ish, complex
approval workflows, and complicated approval processes.
July 2011
Forrester Research, Inc.
“Compliance Is A Hurdle, Not A Barrier, To Agile”
Tom Grant, PhD
“
”

Quotes from Govt
Agile is not just a method or a process, it’s a way of being. You don’t do
Agile. You are Agile. The FBI has arranged to load their ScrumMaster to
other teams to get them trained. Increased Transparency has kept
stakeholders in sync. Further, stakeholders would modify their expectations,
based on the increased visibility of the process.
Jack Israel, CTO FBI
With no significant bugs reported…operation nearly flawless – a stunning
and an unpredicted success. What are the implications for failing IT
programs across government?
Roger Baker, CIO VA
“
”

Agenda
1. Market Overview
2. How do your teams want
to work?
3. Problem Statement
4. Hands on Exercise
5. Case Study
6. BYO Org Patterns
7. Closing
http://bit.ly/SWAwlH

market trends
0%
5%
10%
15%
20%
25%
30%
35%
40%
Regulated
Unregulated
Source: Forrester/Dr. Dobb’s Global Developer Technographics® Survey, Q3 2010

Your developers want to collaborate and be part of a community
Inner-source (Corporate Open Source)
– Transparency (breeds trust which drives reuse)
– Workspaces and Wikis (Federated)
How does your team want to work?
Ward Cunningham
Inventor of the Wiki
Sent to Laz via LinkedIn in March 2013
Wiki is the oldest and simplest software
that lets a community of strangers work
together to build something of
surprising and lasting value.
“
”

Building a Community Architecture
Both Quotes from this slide come from:
July 2011
Forrester Research, Inc.
“App Dev Teams Dispel The Compliance Boogeyman”
Tom Grant, PhD
The real difference between developers in the
most regulated and less-regulated industries
lies in their reasons for contributing to open
source…developers in more-regulated teams
see open source as an outlet for what they
may not get from a more-regimented
workplace: opportunities for collaboration
and a personal sense of accomplishment.
“
”
30% of developers who
work in regulated
industries contribute to
open source projects
during their free time.
“
”

”
Thought Leader Perspective
2009
TED Conference
Dan Pink
“These lessons are worth
repeating, and if more
companies feel
emboldened to follow Mr.
Pink's advice, then so much
the better.”
Wall Street Journal
“Pink is rapidly acquiring
international guru status…
He is an engaging writer,
who challenges and
provokes.”
Financial Times
In Drive, Dan Pink examines the three
elements of true motivation—
Autonomy over time, task, team,
technique led to 20% time at some of the
most innovative companies in the world.
“

How we want to work vs. How we have to work
vs.
http://bit.ly/VMaMHu
http://bit.ly/X9xvwD

Problem Space
Can values from Scrum and Open Source work
within a Heavily Regulated Industry?

• Ever changing
• More scrutiny due to Sept 2008 crash and general
‘anger’ at Wall Street (e.g. Occupy Movement)
• Many faces, although for financial vertical
Singapore is emerging as a leader (strategic)
• Not familiar with internal corporate vernacular,
culture, or even software development
Compliance is complex

• Singapore sees compliance as a strategic differentiator and
Singaporeans have taken a very taken a very hard position
within the banking industry. As such, they are now seen
as the international standard.
• Complex set of cross-border rules that can
be contradictory, incomplete, or vague
• Have seen this in other industries (e.g. Postal)
– Customs is where the most senior people
from DHL, FedEx, UPS sit
Singapore – emerging standard

Visual Problem Statement
• 6 cross functional teams of 8 people
(split between NJ, Silicon Valley and Kiev)
• 2 Backlogs
• 6 Product Owners, 1 Uber - PO
(based in London)
• 2 Compliance Officer
(based in Singapore and NYC)
• 2 external compliance mandates
(overlapping jurisdictions, e,g, MAS
and FSOC) Uber PO Compliance
Officers
Dev Teams

Drill Down
Dec 2011
Compliance Doesn't Have to Be Painful for Banks
Bank Systems & Technology
Bryan Yurcan
“
”
Undoubtedly, the Dodd-Frank bill has driven the biggest
risk management changes for banks; Dodd-Frank’s
2,300-plus pages contain hundreds of new rules and
spell out dozens of studies and reports that regulators
are required to conduct. But many of the law’s new
regulations have yet to be implemented or, in some
cases, still remain undefined. And many of the new
rules don't have a set implementation date.

• Agility and Compliance not only co-exist
but thrive when used together
• What is interesting and worth pointing
out as a paradox is that compliance is
seen as a negative. Yet companies that
invest in process regardless of
government requirements are always the
better and more profitable organizations.
Our BHAG (big hairy audacious goal)

Exercise #1

Please read scenarios and discuss
(12 mins)
Exercise: Navigate Amorphous Compliance Issue

Feedback
(6 mins)
Exercise: Navigate Amorphous Compliance Issue

Case Study

• On Feb 24, options market maker Ronin Capital injected more than 30,000
mispriced quotes into the NYSE Amex exchange. (http://bit.ly/Vsgdih)
• On March 23, the BATS Exchange, handling its own IPO traffic on top of
other traffic, crashed. (http://bit.ly/Vsgdih)
• On May 18, the Facebook IPO had many orders stalled and not executed
on the NASDAQ exchange. The Union Bank of Switzerland, alone, lost
more than $350 Million, and curiously Knight Capital lost $35.4 Million
in this incident.
• On August 1, the Knight Capital Group lost $440 Million by
flooding the NYSE with bad orders. (more to follow below)
Case Studies from 2013
List taken from: http://bit.ly/VMqwu2

Organizational Patterns
What are we seeing to help us down this pathway?

Option One
(a) Bring in external compliance
issues through work items in the
backlog
Risks:
Most external compliance mandates
result in changes to workflow not
work items

Option Two
(a) Automate Changes using
workflow automation tools and
Team picks up changes passively.
Risks:
Give up on the notion of Team
Learning (this can be seen by the
team as anti-agile)

Use the Retrospective Meeting to
introduce evolutionary changes to
process. In this case, use the retro
to introduce new compliance
requirements into workflow and the
backlog.
Option Three
(a) “Mandate changes” from the
Uber PO and Compliance Officer
Risks:
What team self-organization?
http://bit.ly/UvpGmk

Organizational Issues
Use the Retrospective Meeting to introduce
evolutionary changes to process. In this case,
use the retro to introduce new compliance
requirements into workflow and the backlog.
Option Four:
(a) Let the teams roll out their own, using
potentially disastrous self discovery /
learning exercises
Risks
Huge financial losses
Knight Capital’s stock dropped more
than 24% Monday to close at $3.07
following the announcement of the
deal [rescue package]. The new
investment will severely cut into the
value of existing shareholders’ stakes.
http://cnnmon.ie/XKAhqZ

Organizational Issues
Combo Approach
Option Five:
(a) Designate Compliance SME on each team, born from
Q/A who coordinates around workflow with the CCO
office
(b) Introduce governance standards that are rolled out at
the program level which are digested / constructed /
deconstructed in the retro meeting meaning
evolutionary changes to existing workflow and process
Risks
Need to grow many compliance SMEs
Language barriers can be an issue

Build Your Own
Organizational Pattern
Use the handout to uncover your own pattern (15 mins)
Exercise: Build Your Own Organizational Pattern

Build Your Own
Organizational Pattern
Share with the group (10 mins)
Exercise: Build Your Own Organizational Pattern

Submit your Organizational Patterns to:
http://ScrumAndCompliance.com/
http://bit.ly/XKG0Pi (FBI Case Study)
Become the community

Previous Solution CollabNet
Solution Cost
Three Times More Cost-Effective
Benefits
• Less complicated
• More graceful
• Easier to administer
• Easier to train and use
Source: Business Trends Quarterly
Instead of a one-size-fits-all solution, we
could, for more risk-averse platforms, have
a thicker process with more controls; and
for platforms that needed to be more agile,
we could have a more agile process.
Brian Roberson
Principal
Barclay’s Global Investors

© 2013 CollabNet, Inc., All rights reserved. CollabNet is a
trademark or registered trademark of CollabNet Inc., in the US
and other countries. All other trademarks, brand names, or
product names belong to their respective holders.
Laszlo Szalvay
VP Worldwide Scrum Business
Laz@collab.net
https://twitter.com/#!/ewok_bbq
+1-971-506-7862
http://www.linkedin.com/in/laszloszalvay

Scrum and Compliance for Scrum Gathering Vegas (2013)

Recommandé

Recommandé

Contenu connexe

Similaire à Scrum and Compliance for Scrum Gathering Vegas (2013)

Similaire à Scrum and Compliance for Scrum Gathering Vegas (2013) (20)

Plus de Laszlo Szalvay

Plus de Laszlo Szalvay (13)

Dernier

Dernier (20)

Scrum and Compliance for Scrum Gathering Vegas (2013)

Notes de l'éditeur