#tuki2018 #stöd2018 julkishallinnossa?ketter... · • what is scaled agile framework (safe)? •...
TRANSCRIPT
Ketterä kehitys –mahdollisuus julkishallinnossa?
KPMG OY AB – Sami Tervola
14.6.2018
#tuki2018 #stöd2018
2© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
KPMG Finland Agility Lead (SPC)
IT Advisory Manager, projektipäällikkö (PMP)
Samilla on 14 vuoden kokemus ohjelmistokehityksestä eri rooleissa. Hän vetää KPMG:n ketterää
liiketoimintaa ja kouluttaa seuraavia standardeja SAFe-sertifiointikursseja:
- Leading SAFe (SA)
- SAFe for Teams (SP)
- SAFe Scrum Master (SSM)
- SAFe DevOps (SDP)
Lisäksi pidämme työpajoja. Sekä sertifiointikoulutukset että työpajat saa myös räätälöitynä.
Tarkastamme ketteriä toimituksia ja vertailemme niitä standardeihin parannuskohteiden löytämiseksi.
Myös SAFen tuntevia lakimiehiä löytyy KPMG:ltä mm. sopimuksia varten.
Presenter: Sami Tervola
3© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
The following slides are mostly based on ScaledAgile’s (copyright owner)
Leading SAFe certification training with additions by KPMG.
The information on the following slides is not sufficient for a certification, but the
purpose of the slides is to demonstrate the key aspects to consider when
assessing the potential of SAFe in the public sector.
To acquire your own certification, you can participate in a two days' Leading
SAFe course.
4© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
• What is Scaled Agile Framework (SAFE)?
• SAFe’s values, principles, key benefits etc.
• Waterfall versus SAFe delivery
• How are development and operations working together in SAFe?
• What are Product Owner’s (customers) responsibilities in delivering value?
• Compliance as a built-in feature in SAFe
• What to expect from the vendor in SAFe?
• What do vendors expect from you?
During the presentation, take time to consider how the topics are reflected in your
workplace.
This presentation will concentrate on:
5© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
Suomi.fi-palveluita kehitetään
Väestörekisterikeskuksessa ketterästi
” Kokonaisvaltainen digipalveluiden kehitys vaatii myös
ketterät työtavat. VRK uudistaakin parhaillaan työnteon
tapojaan kohti kokonaisvaltaista ketterää kehittämistä.
-Olemme kuunnelleet asiakkailtamme tullutta palautetta
ja ryhtyneet uudistamaan palvelukehitystä, jotta voimme
tarjota parempaa palvelua, tiivistää kehityspäällikkö
Esa Keränen.
VRK:ssa on jo pitkään sovellettu ketteriä
toimintamalleja. Esimerkiksi viime vuonna päättynyt ja
VRK:n toteuttama Kansallinen palveluarkkitehtuuri -
ohjelma sovelsi pitkälti ketteriä kehitysmenetelmiä. Nyt
toimintamalli laajennetaan kuitenkin koko virastoon.
Näin tuote- ja projektikeskeisestä kehittämisestä
siirrytään SAFe:en pohjautuvaan
kokonaisvaltaiseen ketterään kehittämiseen.”
Suomi.fi ketterästi 1/2
6© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
”Väestörekisterikeskuksella on kovat odotukset mallin suhteen. Uudistuksella
tavoitellaan merkittäviä hyötyjä: tehokkaampaa toimintaa, pienempää läpimenoaikaa
(ideasta tuotantoon ja hyötyjen johtamiseen), parempaa riskienhallintaa ja tärkeimpänä
totta kai tyytyväisempiä asiakkaita.
- Mallin läpinäkyvyys poistaa myös yllätyksiä ja mahdollistaa jaetun tilannekuvan eri
sidosryhmien välillä. Se mahdollistaa myös luottamukseen perustuvan yhteistyön,
Keränen toteaa.
Keränen korostaa, että itse kehittämismalli ei ole uudistuksessa tärkein, vaan tulos.”
Lisätietoa: [email protected]
tai
http://uutiskirjeet.vrk.fi/uutiset/suomi.fi-palvelut/suomi.fi-palveluita-kehitetaan-
vaestorekisterikeskuksessa-ketterasti.html
Suomi.fi ketterästi 2/2
7© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
”AIPA-hankkeessa kehitetään yleisten tuomioistuinten eli
käräjäoikeuksien, hovioikeuksien ja korkeimman oikeuden sekä
syyttäjälaitoksen toimintaa siirtymällä sähköisiin työtapoihin.
Samalla rakennetaan tietojärjestelmäkokonaisuus tukemaan
uusia työtapoja. Kun hanke on valmis, kaikki lainkäyttöön liittyvät
toiminnot hoidetaan syyttäjänvirastoissa ja yleisissä
tuomioistuimissa sähköisesti.”
“AIPAn tietojärjestelmä rakennetaan ja otetaan käyttöön
osissa. Ensimmäinen osuus eli syyttäjien sakkosovellus on ollut
käytössä syyttäjänvirastoissa tämän vuoden helmikuusta alkaen.”
Lisätietoja: hankkeen johtoryhmän puheenjohtaja, ylijohtaja Kari
Kiesiläinen, puh. 02951 50138, ja hankejohtaja Marko Loisa, puh.
02951 50175 tai
https://oikeusministerio.fi/artikkeli/-
/asset_publisher/oikeushallinnon-aineistopankkihanke-aipa-
etenee-seuraavien-vaiheiden-tietojarjestelmatoimittajat-valittu
Oikeusministeriön AIPA-hanke SAFE:lla
8© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
SAFe refers to a Scaled Agile Framework delivering software and systems. It is scalable, but certain
essentials are required even for smaller deliveries. A global best-practice roadmap is provided to
support implementation.
1. Introducing the Scaled Agile Framework
9© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
“The Scaled Agile Framework (SAFe®) helps businesses address the significant challenges of
developing and delivering enterprise-class software and systems in the shortest sustainable lead
time. It is a freely revealed, online knowledge base of proven success patterns, for people building
the world’s most important software and systems.
SAFe synchronizes alignment, collaboration, and delivery for multiple Agile teams. Scalable and
configurable, SAFe allows each organization to adapt it to its own business needs. It supports
smaller-scale solutions employing 50 – 125 practitioners, as well as complex systems that require
thousands of people.”
What is SAFe?
1-10© Scaled Agile, Inc.
The Scaled Agile Framework® (SAFe®)
Synchronizes alignment, collaboration, and delivery for large numbers of teams.
1. Built-In Quality
2. Program execution
3. Alignment
4. Transparency
Core Values
1-11© Scaled Agile, Inc.
Navigate with the Implementation Roadmap
Roadmap presents best
practice to implement
SAFe
Certification trainings,
workshops, planning
sessions, LACE,
Coaches all help to
make this possible
Key principle is to train
everyone
1-12© Scaled Agile, Inc.
Essential SAFe provides the basis for success
Lean-Agile
Principles1
2Real Agile Teams
and Trains3
Cadence and
Synchronization
PI Planning4
DevOps and
Releasability5
System Demo 6
Inspect
& Adapt7
IP Iteration8
Architectural
Runway9
Lean-Agile
Leadership10
13© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
Agile manifesto and lean thinking compose the lean-agile mindset which is a different way of thinking
compared to traditional waterfall-based deliveries. If thinking doesn’t change, you are not agile.
2. Embracing a Lean-Agile Mindset
2-14© Scaled Agile, Inc.
The Agile Manifesto
Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan
We are uncovering better ways of developing software by doing it and helping others do it.
Through this work we have come to value:
That is, while there is value in the items on the right, we value the items on the left more.
agilemanifesto.org
2-15© Scaled Agile, Inc.
Leadership in House of Lean
People are already doing their best;
the problems are with the system.
Only management can change the system.
—W. Edwards Deming
Lead the change
Know the way; emphasize life-long
learning
Develop people
Inspire and align with mission;
minimize constraints
Decentralize decision-making
Unlock the intrinsic motivation of
knowledge workers
LEADERSHIP
Respect fo
r
people
and c
ulture
Flo
w
Innovation
Rele
ntless
impro
vem
ent
VALUE
2-16© Scaled Agile, Inc.
Activity: Assessing a Lean mindset
Step 1: Assess where your organization stands in embracing a Lean mindset
Step 2: Compare the results with your peers.
Value delivery
Respect for
people and culture
Flow
Innovation
Relentless improvement
Leadership
(low)
1 2 3 4(high)
5
PREPARE
5min
17© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
The benefits of SAFe can only be obtained if following the SAFe principles.
3. Understanding SAFe Principles
3-18© Scaled Agile, Inc.
#1-Take an economic view
#2-Apply systems thinking
#3-Assume variability; preserve options
#4-Build incrementally with fast, integrated learning cycles
#5-Base milestones on objective evaluation of working systems
#6-Visualize and limit WIP, reduce batch sizes, and manage queue lengths
#7-Apply cadence, synchronize with cross-domain planning
#8-Unlock the intrinsic motivation of knowledge workers
#9-Decentralize decision-making
SAFe Lean-Agile principles
Versus
Waterfall
delivery model
1-19© Scaled Agile, Inc.
Achieve business results with SAFe
30 – 75% faster
time-to-market
10 – 50% happier,
more motivated
employees
20 – 50% increase
in productivity
25 – 75%
defect reduction
See ScaledAgileFramework.com/case-studies
3-20© Scaled Agile, Inc.
Agile economics: Deliver early and often
Documents Documents Unverified System System
6-21© Scaled Agile, Inc.
Execution: Don’t waterfall Iterations
D D DB B BT T T
D D DB B BT T T
D D DB B BT T T
This is an
Inter-Iteration
waterfall:
This is an
intra-Iteration
waterfall:
Iteration 1 Iteration 2 Iteration 3 Iteration 4 Iteration 5
These are
cross-functional
Iterations:
Define Build Test
BuildDefine Test
Define Build Test
De
fine
De
fine
De
fine
Bu
ild
Bu
ild
Bu
ild
Te
st
Te
st
Te
st
Iteration 1 Iteration 2 Iteration 3 Iteration 4 Iteration 5
Iteration 1 Iteration 2 Iteration 3 Iteration 4 Iteration 5
6-22© Scaled Agile, Inc.
SAFe delivers earlier value to the market
SAFe’s early deliveries brings better value against market value, and go
to market time is shorter than in waterfall
SAFe’s fast feedback after each sprint
Time
Valu
e d
eliv
ery
System
Go-live
3-23© Scaled Agile, Inc.
Base decisions on economics
Understand tradeoff parametersSequence jobs for maximum benefit
Do not consider money already spent
Make economic choices continuously
Empower local decision-making
If you only quantify one thing, quantify
the cost of delay
—Don Reinertsen,
Principles of Product Development Flow
“Understanding economics requires
understanding of the interaction amongst
multiple variables.”
Cycle timeProduct
cost
ValueDevelopment
expense
Risk
3-24© Scaled Agile, Inc.
Apply fast learning cycles
Fast feedback accelerates knowledge.
Improves learning efficiency by decreasing the
time between action and effect
Reduces the cost of risk-taking by truncating
unsuccessful paths quickly
Facilitated by small batch sizes
Requires increased investment in development
environment
The shorter the cycles, the faster the learning
Principles of Product Development Flow, Don Reinertsen
Plan. Do. Check. Act. (Adjust), W. Edwards Deming,
Walter Shewhart, et al.
The iterative learning cycle
Do
CheckAdjust
Plan
PDCA
3-25© Scaled Agile, Inc.
SAFe’s Integration points reduce risk faster
Ris
k
Fast, integrated cycles
Waterfall
Time
Deadline
SAFe
Integration
point?
False positive
feasibility?
3-26© Scaled Agile, Inc.
Cadence and synchronization
Converts unpredictable events into
predictable ones and lowers cost
Makes waiting times for new work predictable
Supports regular planning and cross-
functional coordination
Limits batch sizes to a single interval
Controls injection of new work
Provides scheduled integration points
Causes multiple events to happen at the
same time
Facilitates cross-functional tradeoffs
Provides routine dependency management
Supports full system and integration and
assessment
Provides multiple feedback perspectives
Principles of Product Development Flow, Don Reinertsen
The Lean Machine, Dantar Ootserwall
Note: Delivering on cadence requires
scope or capacity margin
Note: To work effectively, design cycles
must be synchronized
3-27© Scaled Agile, Inc.
Cadence without synchronization is not enough
Time spent thinking you are on track
Integrate and slip!
System
Iterate Iterate Iterate Iterate Iterate Iterate
Iterate Iterate Iterate Iterate
Iterate Iterate Iterate Iterate Iterate Iterate
Iterate
Iterate
Iterate
Iterate
Iterate
Iterate
3-28© Scaled Agile, Inc.
Synchronize to assure delivery
3-29© Scaled Agile, Inc.
Control variability with planning cadence
Cadence-based planning limits variability to a single interval.
Max deviation
Time
Cadence-based
planning
Asynchronous
planning
Max
deviation
(3X)
30© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
SAFe beats “managing silos” challenges with cross-function teams. Clear roles and responsibilities
are also known and determined beforehand. Everyone knows what is expected from them.
4. Creating High-Performing Teams and Programs
4-31© Scaled Agile, Inc.
Value doesn’t follow silos
Business HardwareSystem
Engineering
Software Test and QA
Management challenge:
Connect the silos
Value delivery is inhibited by
hand-offs and delays
Political boundaries can
prevent cooperation
Silos encourage geographic
distribution of functions
Communication across silos
is difficult
4-32© Scaled Agile, Inc.
Build cross-functional Agile Teams
Agile teams are cross-functional,
self-organizing entities that can
define, build and test (and ideally
deploy) a Feature or component
Optimized for communication
and delivery of value
Deliver value every two weeks
1-33© Scaled Agile, Inc.
Nothing beats an Agile Team
Cross-functional, self-organizing — can define, build, and test
valuable things
Applied Agile Software Engineering practices with XP, Scrum,
and Kanban
Delivers value every two weeks
Do
CheckAdjust
Plan
PDCA
4-34© Scaled Agile, Inc.
In SAFe teams execute iterations with Scrum
Scrum is built on transparency, inspection, and adaptation.
Pla
n ReviewDev Team
PO
SM
Retro
4-35© Scaled Agile, Inc.
Agile Teams power the train
Scrum
Master
Product
Owner
Development
Team
Coach the Agile team and facilitate team meetings
Removes impediments; protects the team from outside influence
Attends Scrum of Scrum meetings
Defines and accepts Stories
Acts as the customer for developer questions
Works with Product Management to plan Program Increments (PI)
Create and refine user Stories and acceptance criteria
Define/Build/Test/Deliver Stories
Develop and commit to Team PI Objectives and Iteration plans
Three to nine members
4-36© Scaled Agile, Inc.
Product Owner
Product ownership on different levels
The Product Owner (PO) is a member of the Agile Team responsible
for defining Stories and prioritizing the Team Backlog to streamline the
execution of program priorities while maintaining the conceptual and
technical integrity of the Features or components for the team.
The PO has a significant role in quality control and is the only team
member empowered to accept stories as done. For most enterprises
moving to Agile, this is a new and critical role, typically translating into a
full-time job, requiring one PO to support each Agile team (or, at most,
two teams).
This role has significant relationships and responsibilities outside the
local team, including working with Product Management, who is
responsible for the Program Backlog, to prepare for the Program
Increment (PI) Planning meeting.
Product
ownershipConnected
backlogs
4-37© Scaled Agile, Inc.
Agile Release Trains (ARTs) continuously deliver value
A virtual organization of 5 – 12 teams (50 – 125+ individuals from
teams)
Synchronized on a common cadence, a Program Increment (PI)
Aligned to a common mission via a single Program Backlog
4-38© Scaled Agile, Inc.
Create cross-functional Agile Release Trains
4-39© Scaled Agile, Inc.
Program roles govern the train
Release Train Engineer acts as the Chief Scrum Master for the train
Business Owners are key stakeholders on the Agile Release Train
Product Management owns, defines, and prioritizes the Program Backlog
System Architect/Engineering provides architectural guidance and technical
enablement to the teams on the train
The System Team provides processes and tools to integrate and evaluate
assets early and often
40© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
Planning for the following ten weeks takes place during a two-day session called Program Increment
(PI). It's a planning event in which everyone participates and where everyone commits to the
iteration goals.
5. Experiencing PI Planning
5-41© Scaled Agile, Inc.
Simulation: Day 1 agendaPresented
by RTE
5-42© Scaled Agile, Inc.
Simulation: Day 2 agendaPresented
by RTE
5-43© Scaled Agile, Inc.
Video resource: Agile Planning Implementation
DURATION
2min
https://youtu.be/ZZAtl7nAB1M
44© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
New ideas are discovered by exploring various different sources. The approved ideas of highest
priority are executed. Only when ideas go to live production environment value is released. Releases
should happen often, even after each two-week sprint.
6. Exploring, Executing, and Releasing Value
6-45© Scaled Agile, Inc.
Manage continuous delivery with the Program Kanban
6-46© Scaled Agile, Inc.
The Roadmap guides the delivery of Features over time.
Road Rage ported (part I)
Brickyard port started
Distributed platform demo
ALL GUIs for both games
demonstrable
Multiuser architecture
New Road Rage Features
(see objectives for details)
New Brickyard Features (see
objectives for details)
— Stretch Objectives —
Demo of Beemer game
Roadmap creates the outline
May July Sep
E3 Expo Tradeshow!
Road Rage completed (single
user)
Brickyard Ported (single user)
Road Rage multiuser
demonstrable
First multiuser game Feature for
Road Rage
Road Rage (multiuser)
first release
Brickyard ported multiuser demo
New Features for both games (see
backlog)
Committed
V1.0V2.0
E3 Expo (7/23)9/18
Forecast
6-47© Scaled Agile, Inc.
Features have benefit hypothesis and acceptance criteria
‘Feature’ is an industry-standard term familiar to
marketing and Product Management
Benefit hypothesis justify Feature
implementation cost, and provides business
perspective when making scope decisions
Acceptance criteria is typically defined during
Program Backlog refinement
Reflect functional and Nonfunctional
Requirements
Fits in one PI
Epics Solution Feature User Story Task
Multi-factor
authentication
Acceptance criteria
1. USB tokens as a first layer
2. Password authentication second layer
3. Multiple tokens on a single device
4. User activity log reflecting both
authentication factors
Benefit hypothesis
Enhance user security via both
password and a device.
SSO example:
48© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
In DevOps, Development and Operations work together with shared targets. Automation, lean flow,
measurement and recovery are considered to be important in DevOps. DevOps Health Radar can be
used for health check and to show improvement opportunities.
7. DevOps
6-49© Scaled Agile, Inc.
What is DevOps?
An agile approach to bridge the gap between development and
operations to deliver value faster and more reliably.
Operations:
Create stability
Create or enhance
services
Development:
Create change
Add or modify
Features
DevOps
DevOps is a capability of every Agile Release Train
6-50© Scaled Agile, Inc.
DevOps is IN the Value Stream
Value occurs only when the end users are operating the solution.
Lead time
R E P E A T
$
Trigger
Define Implement Deploy
DevOps isn’t optional. The only question is how efficient it is.
6-51© Scaled Agile, Inc.
Video resource: Bing Continuous Delivery (2 of 4) - Microsoft Engineering Stories
DURATION
4min https://youtu.be/3sFT7tgyEQk
6-52© Scaled Agile, Inc.
A CALMR approach to DevOps
Culture Establish a culture of shared responsibility for
development, deployment, and operations.
Automation Automate the Continuous Delivery
Pipeline.
Lean flow Keep batch sizes small, limit Work In
Progress (WIP), and provide extreme visibility.
Measurement Measure the flow through the pipeline.
Implement application telemetry.
Recovery Architect and enable low-risk releases.
Establish fast recovery, fast reversion, and fast fix-
forward.
4.53© Scaled Agile, Inc.
Automate the deployment process
1. Match development environments to production to the
extent feasible
2. Maintain a staging environment that
emulates production
3. Deploy a working system to staging
every Iteration
4. Automate testing of Features and
performance tests
5. Automate deployment
– Everything under version control
– Automatically build environments
– Automate the actual deployment process
For Reference
6-54© Scaled Agile, Inc.
Continuous code integration
Develop
End-To-End
Testing StagingApp
PackageTest
Package
Version
Control
Commit
On the market you can find proper tools for each phase. Those tools should be integrated.
55© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
DevOps Health Radar for health check and improvements
SAFE DevOps certification training deals with
Health Radar. It is used also outside the course to
evaluate client’s DevOps status and improvement
points.
Health Radar has 16 sub-sections, which are
evaluated and graded. Each sub-section belongs
to certain business benefit and can be realized
with certain practices.
Review results show client’s current status and
what would need to be done to improve each sub-
sections to achieve the business benefit on the
inner grey circle in the radar.
1-56© Scaled Agile, Inc.
The role of continuous security
Information security is a key
concept in SAFe DevOps
DevSecOps concepts present key
principles for value delivery
Security affects every dimension of
the continuous delivery cycle
Information security should be part
of every DevOps transformation
Threat
Modeling
Security
as code
Continuous
Security
Monitoring
Penetration
Testing
1-57© Scaled Agile, Inc.
The role of continuous testing
Testing is an ongoing activity
We build quality in by addressing
testing and quality throughout the
continuous delivery cycle
Automated testing and quality
assurance should be part of every
DevOps transformation
BDD Behavior
Driven
Development
TDD Test
Driven
Development
Unit
Testing
Production
Testing
Non-functional
Testing
6-58© Scaled Agile, Inc.
Decouple deployment from release
New
Feature
59© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
In the public sector, as in other sectors, your organization needs to be compliant with certain
standards, rules and laws. Break compliance into smaller requirements, automate their testing
cumulatively and run in each sprint. Final release brings all compliance requirements together
without big bang effort and last minute compliance breach findings.
8. Compliance
60© Scaled Agile, Inc.
Traditional development challenges regulatory assessment
Often results in late verification, validation, and opportunities for
compliance assessment
Can create a large bow wave of testing and compliance activity
resulting in missed deadlines and windows for schedule compliance
activities
Despite best efforts, compliance with large batches and late feedback
slows flow and results in worse outcomes and lower quality
No way to leverage compliance knowledge to improve flow
61© Scaled Agile, Inc.
Verification, validation, and compliance
Validation is the confirmation via objective evidence that the system
performs its intended function. The intended functions and how well the
system performs those functions are determined by the customer.
We built the right solution.
Verification is the confirmation through objective evidence that the specified
requirements have been fulfilled. Verification demonstrates that the design
and implementation correctly and completely embody the requirements.
We built the solution right.
Compliance is an organization’s adherence to relevant laws, specifications
and guidelines. Compliance typically requires documented, objective
evidence of solution V&V through tests, inspections, analysis, or
demonstrations.
And we have evidence that we have done so.
62© Scaled Agile, Inc.
SAFe addresses both types of compliance requirements
Processes and procedures are performed in
accordance with policy based on regulations
Product is specified, designed, built and
tested in accordance with regulations
Sign-off
Approval
Certification
Validation
Objective
Evidence
63© Scaled Agile, Inc. 63
Meeting regulatory requirements with
Lean-Agile development
Build the solution and compliance incrementally
Organize for value and compliance
Build quality and compliance in
Apply continuous verification and validation
64© Scaled Agile, Inc.
Specify, build, and comply incrementally
One PDCA cycle
P
DC
A P
DC
A P
DC
A P
DC
A P
DC
A
P
DC
A
Documents More Documents Unverified System Certified SolutionDocuments
65© Scaled Agile, Inc.
Integrate regulatory, customer, and compliance concerns
Solution Intent
Shared understanding of system’s goals,
specifications, and constraints
Kanban and Backlog
Align and focus on work
priorities
PI Planning
Synchronizes on
near term plan
PI System Demo
Frequent feedback on fully-
integrated system
Inspect & Adapt
Continuously
improve together
PI
Roadmap
Know solution’s
future plan
66© Scaled Agile, Inc.
Accelerate feedback through automated compliance testing
Give teams automated scripts instead of checklists
Automate tests in the same iteration
as the functionality
Include tests for safety, security,
performance, quality, etc.
Invest in automated testing
infrastructure to improve flow
Actively maintain test data under
version control
Done
Functional test
Security test
Performance test
QA test
Compliance test
…
Pro
gre
ss
Functional test automation
Building functionality
Compliance test automation
Safety V&VQuality Security
Functional test
Security test
Performance test
QA test
Compliance test
…
67© Scaled Agile, Inc.
Continually reduce risk for meeting compliance objectives
Break compliance activities into
smaller batches
Regular cadence make
compliance predictable
Get visibility, transparency into
assessment sooner
Fast feedback continuously
improves practices
Reduce last sign-off activity from a large, extended
event to a quick, boring, non-event.
V&V
…
68© Scaled Agile, Inc.
Include compliance concerns in continuous improvement
Solution Demo• Asses results of current compliance work and automated tests
• Demonstrate compliance status by assessing or generating latest
information and documents
Quantitative Measurement• Show trends towards meeting compliance solution and dev system
• % code coverage, % requirements coverage, peer reviews status
• % compliance concerns covered in automated tests
Retrospective and Problem Solving Workshop• Are we sufficiently addressing compliance goals?
• Are policies or procedures inhibiting development?
• If so, can we find alternatives to meeting compliance goals
69© Scaled Agile, Inc.
Release validation
Fitness for purpose
Final validation
Qualification including installation
and operation
User acceptance testing
Supporting documentation
Installation, user, and other
Compliance evidence
Releasable Solution
System
Increment
Solution Increment
Team
Increment
70© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
• SAFe is the global best practice and trainings are available everywhere, so your organization can
expect vendor’s representatives to be certified and knowledgeable about SAFe. When you use
a standard delivery model, it is also easier to attract new employees to work for you.
• SAFe defines key roles, values and principles. A new recruit or vendor’s representative is
familiar with the roles, values and principles. They will only need to know who is who in the model
to start working for your organization.
• Vendors understand that value needs to be delivered in the shorted sustainable lead time.
• Improvements to process and velocity (throughput) occur in each sprint and vendor personnel
contributes to these improvements too.
• Transparency should be maintained.
• Product Owners decide the priorities according to what the company needs. Flexibility to
changing requirements is a key principle in SAFe.
• Teams from different vendors know how to work with other teams, how to communicate and how
to report progress.
9. What to expect from vendors in SAFe
71© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
• Vendors will expect support and presence of Product Owners, architects and other key persons
when needed.
• Vendors expect tools and process that support agile delivery.
• Vendors expect Product Owners and customer management to be able to make decisions and
lead by example.
• Vendors expect that your organization knows SAFE and also you follow SAFe values,
principles and processes.
10. What vendors expect from you
72© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
• SAFe refers to a Scaled Agile Framework delivering software and systems. It is scalable, but certain essentials are required even
for smaller deliveries. A global best-practice roadmap is provided to support implementation.
• Agile manifesto and lean thinking compose the lean-agile mindset which is a different way of thinking compared to traditional
waterfall-based deliveries. If thinking doesn’t change, you are not agile.
• The benefits of SAFe can only be obtained if following the SAFe principles.
• SAFe beats “managing silos” challenges with cross-function teams. Clear roles and responsibilities are also known and determined
beforehand. Everyone knows what is expected from them.
• Planning for the following ten weeks takes place during a two-day session called Program Increment (PI). It's a planning event in
which everyone participates and where everyone commits to the iteration goals.
• New ideas are discovered by exploring various different sources. The approved ideas of highest priority are executed. Only when
ideas go to live production environment value is released. Releases should happen often, even after each two-week sprint.
• In DevOps, Development and Operations work together with shared targets. Automation, lean flow, measurement and recovery are
considered to be important in DevOps. DevOps Health Radar can be used for health check and to show improvement opportunities.
• In the public sector, as in other sectors, your organization needs to be compliant with certain standards, rules and laws. Break
compliance into smaller requirements, automate their testing cumulatively and run in each sprint. Final release brings all compliance
requirements together without big bang effort and last minute compliance breach findings.
• SAFe makes it easier to get people to standard roles. In SAFe expectations and needed roles for both parties are clear.
Is your organization ready for SAFe?
Summary of presented SAFe
73© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Document Classification: KPMG Public
Scaling Lean-Agile and DevOps in Public Sector Organizations
Transitioning to Lean-Agile practices for building digital services is especially challenging in the
government context. But legacy governance, contracting, and organizational barriers can be
overcome with the right information and strategies. During this two-day course, attendees will learn
the principles and practices of SAFe, how to execute and release value through Agile Release
Trains, and what it means to lead a Lean-Agile transformation of a program inside a government
agency.
Attendees will gain an understanding of the Lean-Agile mindset and why it’s an essential foundation
for transformation. They’ll also get practical advice on building high performing multi-vendor Agile
teams and programs, managing Lean Government Portfolios, acquiring solutions with Agile
contracting, launching the program, planning, and delivering value using SAFe, and how specific
leadership behaviors can drive successful organizational change, even in government.
This course is designed for government leaders and influencers who can guide the decision
to adopt SAFe within their agency or program.
Coming soon: SAFe® for Government with SGP certification
Document Classification: KPMG Public
© 2018 KPMG Oy Ab, a Finnish limited liability company and a member firm of the KPMG network
of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Thank you!
Contact KPMG and [email protected] for more information