making scrum stick inside heavy regulated industries (2012)
DESCRIPTION
This is my seminar on the making Scrum work inside heavily regulated industriesTRANSCRIPT
1 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
About today’s presenter
Laszlo Szalvay
Laszlo Szalvay is one of the foremost Scrum experts in the software industry. At CollabNet he
oversees the company’s global Scrum business, helping organizations adopt and scale Scrum-
based initiatives to drive productivity and quality improvements. He creates engagement
frameworks to forge lasting Agile-process transformations at customer sites, using a personal
approach to teaching and implementing Lean/Agile/Scrum processes as a means of achieving
greater IT agility. He is expert at leading successful distributed Agile environments (usually with
an Indian or Chinese offshore model), and addressing cultural nuances, replication issues, and
capital and headcount resource requirements.
Prior to CollabNet, Szalvay co-founded and led operations for Danube, a leader in Scrum tools
and training, before it was acquired by CollabNet. He is an active industry thought leader, having
written and contributed hundreds of articles, presentations and blogs on improving software
delivery through Scrum. Since mid-2010, Szalvay has traveled more than 330,000 miles
throughout Europe, Asia and North America, working with CollabNet customers and partners to
gain a unique perspective of the complexities and success strategies of a globally distributed
software organizations.
2 Copyright ©2012 CollabNet, Inc. All Rights Reserved.ENTERPRISE CLOUD DEVELOPMENT
Making Agile Work in Regulated Industries
Laszlo Szalvay
VP Worldwide Scrum Business
August 2012
3 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Compliance is Top of Mind
To become a mainstream methodology, Agile had to
overcome many potential obstacles. The first was
geography…One of today’s most daunting obstacles is
compliance, often bringing heavyweight documentation,
required procedures that are very waterfall-ish, complex
approval workflows, and complicated approval processes.
July 2011
Forrester Research, Inc.
“Compliance Is A Hurdle, Not A Barrier, To Agile”
Tom Grant, PhD
4 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
About CollabNetR
eco
gn
itio
n
Founded
Subversion
Open ALM Platform
Build
Lab Management
Founded
Agile PM
#1 Scrum Trainer
Dev Tools Hosting
Development
Communities
Collaborative
ALMALM
Hybrid Cloud
Development
Platform
1999 2000 2007 2008 2009 2011 2012
Th
emes
dPaaS
5 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Agenda
Review of Agile and
GRC
Review our
Technology & Process
Approach
Closing
2007, 2011
COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance Processes
Robert R. Moeller
6 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Problem Statement
Dec 2011
Compliance Doesn't Have to Be Painful for Banks
Bank Systems & Technology
Bryan Yurcan
Undoubtedly, the Dodd-Frank bill has driven the biggest
risk management changes for banks; Dodd-Frank’s
2,300-plus pages contain hundreds of new rules and
spell out dozens of studies and reports that regulators
are required to conduct. But many of the law’s new
regulations have yet to be implemented or, in some
cases, still remain undefined. And many of the new
rules don't have a set implementation date.
7 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
• Agility and Compliance not only co-exist but
thrive when used together
• What is interesting and worth pointing out as a
paradox is that compliance is seen as a negative.
Yet companies that invest in process regardless of
government requirements are always the better
and more profitable organizations.
Our BHAG (big hairy audacious goal)
8 Copyright ©2012 CollabNet, Inc. All Rights Reserved.8 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Agility
9 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
market trends
“Scrum is the Modern way to work” October 2010
Tieto In person meeting in Helsinki”
Mika Koivuluoma, VP Software Development and Tools
10 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
roles, meetings, and artifacts
Scrum is a means to an end.
11 Copyright ©2012 CollabNet, Inc. All Rights Reserved.11 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
GRC
12 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
This is not what external compliance is
13 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
• Ever changing
• More scrutiny due to Sept 2008 crash and general 'anger' at Wall Street
(e.g. Occupy Movement)
• Many faces, although Singapore emerging as leaders (strategic)
• Not familiar with internal corporate vernacular, culture, or even
software development
Compliance is complex
14 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
• Singapore sees compliance as a strategic
differentiator and Singaporeans have taken
a very taken a very hard position within the
banking industry. As such, they are now seen
as the international standard.
• Complex set of cross-border rules that can be contradictory,
incomplete, or vague
• Have seen this in other industries (e.g. Postal)
– Customs is where the most senior people from DHL, FedEx, UPS sit
Singapore – emerging standard
15 Copyright ©2012 CollabNet, Inc. All Rights Reserved.15 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
What are we seeing in the industry?
16 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Scrum and XP are the #1 choice in heavily regulated industries
Source: Forrester/Dr. Dobb’s Global Developer Technographics® Survey, Q3 2010
0%
5%
10%
15%
20%
25%
30%
35%
40%
Agile Iterative Waterfall Structured Chaos
Regulated
Unregulated
17 Copyright ©2012 CollabNet, Inc. All Rights Reserved.17 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Our Approach Introducing the Enterprise Cloud Development Maturity Model
18 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Enterprise Cloud Development
19 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
• Visibility
• Centralization
• Standardization
• Information security audit log
• IP security
• RBAC reports
Step 1: Embrace the Cloud
20 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
• Map business / enterprise architecture
(project hierarchies, workspaces, artifacts, roles)
• Create a social environment ? Why?
A lesson from Open Source. Did you know…
Why? Lets ask Dan Pink
Step 2: Implement Community Architecture
30% of developers who
work in regulated
industries contribute to
open source projects
during their free time.
July 2011
Forrester Research, Inc.
“App Dev Teams Dispel The Compliance Boogeyman”
Tom Grant, PhD
21 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Thought Leader Perspective
2009
TED Conference
Dan Pink “These lessons are worth
repeating, and if more
companies feel
emboldened to follow Mr.
Pink's advice, then so much
the better.”Wall Street Journal
“Pink is rapidly acquiring
international guru status…
He is an engaging writer,
who challenges and
provokes.”Financial Times
In Drive, Dan Pink examines the three
elements of true motivation—
Autonomy over time, task, team,
technique led to 20% time at some of the
most innovative companies in the world.
22 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Analyst Perspective
July 2011
Forrester Research, Inc.
“App Dev Teams Dispel The Compliance Boogeyman”
Tom Grant, PhD
The real difference between developers in the most-
regulated and less-regulated industries lies in their
reasons for contributing to open source…developers in
more-regulated teams see open source as an outlet
for what they may not get from a more-regimented
workplace: opportunities for collaboration
and a personal sense of accomplishment.
23 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Your developers want to collaborate and be part of a community
– step 2 enables that through…
– Inner-source (Corporate Open Source)
– Transparency (breeds trust which drives reuse)
– Workspaces and Wikis (Federated)
Back to Step 2 Implement Community Architecture –
what are the benefits?
Wiki is the oldest and simplest software that lets a community of strangers work together to build something of surprising and lasting value.
Ward Cunningham
Inventor of the Wiki
Sent to Laz via LinkedIn in March 2012
24 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
So does Dan Pink’s motivation
concept hold water?
So how did SCM market play out?
2007 Forrester Research
The Forrester Wave: Software Change and Configuration Management
autonomy, mastery, and purpose = innovation and market leadership
25 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Step 3: Codify Development Processes
• Support Scrum and XP
• Codify workflows and vernacular
• Gain end to end visibility and traceability
• Use the retrospective meetings as a point to make
evolutionary changes to process that map to external
compliance standards
26 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Agile workflow management (gated approvals based on RBAC)
Explain how CTF workflow matches to Basel II
27 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Paper Trails (reporting and reconstruction)
Explain how CTF maps to reporting and reconstruction using associations and threaded conversations
28 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Single source of truth – Developers View
CTF data integrality is maintained even though the roles differ
29 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Single source of truth – The Businesses View
CTF data integrality is maintained even though the roles differ
30 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Single source of truth – The Auditors view
CTF data integrality is maintained even though the roles differ
31 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
• Scrum is a means to an end and it improves learning
organizations
• Leverage mandatory compliance and Scrums popularity as a
means to:
– Embrace the Cloud
– Implement Community Architecture
– Codify Dev Processes
• You will be compliance ready, your employees will see a
better way to work, and you will improve the effectiveness of
your enterprise
Lessons to Take Away
32 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
Previous Solution CollabNet
Solution Cost
Three Times More Cost-Effective
Benefits
• Less complicated
• More graceful
• Easier to administer
• Easier to train and use
Source: Business Trends Quarterly
Instead of a one-size-fits-all solution, we
could, for more risk-averse platforms, have
a thicker process with more controls; and
for platforms that needed to be more
agile, we could have a more agile process.
Brian Roberson
Principal
Barclay’s Global Investors
33 Copyright ©2012 CollabNet, Inc. All Rights Reserved.33 Copyright ©2012 CollabNet, Inc. All Rights Reserved.
© 2012 CollabNet, Inc., All rights reserved. CollabNet is a
trademark or registered trademark of CollabNet Inc., in the US
and other countries. All other trademarks, brand names, or
product names belong to their respective holders.
CollabNet, Inc.
8000 Marina Blvd., Suite 600
Brisbane, CA 94005
www.collab.net
+1-650-228-2500
+1-888-778-9793
blogs.collab.net
twitter.com/collabnet
www.facebook.com/collabnet
www.linkedin.com/company/collabnet-inc