Description
IT risks are increasingly recognized as critical factors in enterprise risk management. From preventing failures in regulatory compliance to helping avoid devastating harm to the reputation of the organization from headline-making security breaches, auditors have an obligation as well as value-adding opportunities to assess enterprise vulnerabilities through effective risk-based IT audit planning.
Today, application systems development is all about SPEED. Agile and Scrum are all about getting data as well as processing and reporting to the customer ASAP. This is further complicated by the lack of standardized methodologies, expectations and business models. Auditors, reviewers and project sponsors are further confounded by the difficulty of knowing what can be done in a definitively short amount of time, especially in an environment that discourages oversight and audit..
What you will learn
You will learn what should be in place before the project begins, how to assess the project plan, ways to evaluate project performance, the key risks during testing, change management and reporting issues.
Objectives
What Exactly ARE Agile and Scrum?
- traditional application systems development
- agile
- scrum
- prototyping
- conditions when agile and scrum work, and then they don’t work
- project manager vs scrum master
How to Learn About the Project in Time to Get Involved:
- key team members
- passive ways of being aware of agile and scrum projects
- up-front risk assessment
- What Is the definition of Success vs Failure?
- who defines success?
- is the project doomed from the beginning?
- key triggers to look for
The Infrastructure that Should Be in Place Before the Project Begins:
- security and IAM
- governance
- networks
- encryption
What to Look for Before the Project Begins:
- key documents to request – a checklist!
- budget problems
- goals that are achievable
- planning and project management
- team member skills…are they really subject matter experts?
- team member commitments and responsibilities
- the WAR ROOM
The Project Manager:
- qualifications
- expectations
- key deliverables
- scheduling
- educating the project manager about internal controls in 10 minutes
- project management tools to facilitate management
- how does senior management evidence their support
- overcommittment
- key triggers to look for
The Steering Committee:
- what they should expect
- metrics to apply
- key deliverables
- key triggers to look for
The Project Plan:
- content to expect
- checklist of best practices
- milestones
- key triggers to look for
What to Look for During the Project and the Key Triggers to Apply:
- time and budget overruns
- prioritizing
- problem management
- scripts!
- unskilled programmers
- subject matter experts (alleged)
- computer security
- testing
- training
- inadequate end-user training
- data conversion weaknesses
- unknown programming languages
- inadequate development team staffing
Testing. Yes, Testing!
- audit testing without disrupting
- benchmarks
- how testing can find problems before they occur
Don’t Trust the Interfaces:
- what can go wrong, and how to correct that
- best practices
- testing and managing the interfaces
- key triggers to look for
Change Management:
- what does go wrong
- key triggers to look for
Reporting Deficiencies
- samples