Auditing Agile and Scrum Development Projects - ITG213


IT risks are increasingly recognized as critical factors in enterprise risk management. From preventing failures in regulatory compliance to helping avoid devastating harm to the reputation of the organization from headline-making security breaches, auditors have an obligation as well as value-adding opportunities to assess enterprise vulnerabilities through effective risk-based IT audit planning.

Today, application systems development is all about SPEED. Agile and Scrum are all about getting data as well as processing and reporting to the customer ASAP. This is further complicated by the lack of standardized methodologies, expectations and business models. Auditors, reviewers and project sponsors are further confounded by the difficulty of knowing what can be done in a definitively short amount of time, especially in an environment that discourages oversight and audit..

What you will learn

You will learn what should be in place before the project begins, how to assess the project plan, ways to evaluate project performance, the key risks during testing, change management and reporting issues.

What Exactly ARE Agile and Scrum?

  • traditional application systems development
  • agile
  • scrum
  • prototyping
  • conditions when agile and scrum work, and then they don’t work
  • project manager vs scrum master

How to Learn About the Project in Time to Get Involved:

  • key team members
  • passive ways of being aware of agile and scrum projects
  • up-front risk assessment
  • What Is the definition of Success vs Failure?
  • who defines success?
  • is the project doomed from the beginning?
  • key triggers to look for

The Infrastructure that Should Be in Place Before the Project Begins:

  • security and IAM
  • governance
  • networks
  • encryption

What to Look for Before the Project Begins:

  • key documents to request – a checklist!
  • budget problems
  • goals that are achievable
  • planning and project management
  • team member skills…are they really subject matter experts?
  • team member commitments and responsibilities
  • the WAR ROOM

The Project Manager:

  • qualifications
  • expectations
  • key deliverables
  • scheduling
  • educating the project manager about internal controls in 10 minutes
  • project management tools to facilitate management
  • how does senior management evidence their support
  • overcommittment
  • key triggers to look for

The Steering Committee:

  • what they should expect
  • metrics to apply
  • key deliverables
  • key triggers to look for

The Project Plan:

  • content to expect
  • checklist of best practices
  • milestones
  • key triggers to look for

What to Look for During the Project and the Key Triggers to Apply:

  • time and budget overruns
  • prioritizing
  • problem management
  • scripts!
  • unskilled programmers
  • subject matter experts (alleged)
  • computer security
  • testing
  • training
  • inadequate end-user training
  • data conversion weaknesses
  • unknown programming languages
  • inadequate development team staffing

Testing. Yes, Testing!

  • audit testing without disrupting
  • benchmarks
  • how testing can find problems before they occur

Don’t Trust the Interfaces:

  • what can go wrong, and how to correct that
  • best practices
  • testing and managing the interfaces
  • key triggers to look for

Change Management:

  • what does go wrong
  • key triggers to look for

Reporting Deficiencies

  • samples

Further information

ACI Learning
ACI Learning
2 Days
Scheduled dates
Course type:
Amsterdam, Atlanta, GA, Bandar Seri Begawan, Boston, MA, Burlington, MA, Cape Town, Charlotte, NC, Chicago, IL, Dallas, TX, Denver, CO, Dubai, Dublin, Dublin, OH, Hong Kong, Houston, TX, Las Vegas, NV, London, Manila, New York, NY, Oman, Orlando, FL, Philadelphia, PA, San Antonio, San Diego, CA, San Francisco, CA, Seattle, WA, Singapore, Virtual Training Room Only, Washington, DC

Contact Information

ACI Learning

6855 S. Havana St.
Suite 230
80112 USA