This guide (2017) is a result of the working group of the Association for Project Management’s Assurance Special Interest group (APM’s Assurance SIG).
The guide addresses assurance in relation to the areas that are considered the fundamental aspects (and key differences form traditional waterfall approach) of agile project management and assurance.
Like the other book I reviewed (Agile Governance and Audit), this book too focusses on temporary project organizations using an agile way of delivery (compare PRINCE2 Agile, AgilePM, DAD, PMI Agile where we have agile teams using e.g. Scrum) and not on organizations using e.g. SAFe, LeSS or Nexus. The four areas described, are (each in a separate chapter):
- Approaching reviews in an agile way provides guidance on how to plan and conduct reviews. It starts with early engagement to obtain an understanding how the organization applies agile project management, what methodologies, (reporting) tools and approaches it employs. A Terms of Reference (ToR) focusing on the specifics of an agile way of working, the planning of the review and the the output.
- Environments focus on the agile ways of working and the physical working environment. You get ten general health indicators to assess an agile team. Furthermore, you should take the time to familiarize yourself with the whitboards/walls the, preferably co-located, teams are using to understand their Kanbans.
- Governance starts with an overview of generic governance topics that are applicable too for agile projects. On top of this you get some additional characteristics of agile projects that you, as an assessor, should keep in mind. E.g. the agile approach and terminology, the way the backlog is managed, the agile specific roles like an agile team, a product owner and a scrum master and their behaviors.
- Risk management mechanisms are probably leaner than for traditional projects. Incremental and iterative delivery with regular client feedback reduces the chance to deliver the wrong product. An overview of specific risks for agile projects and how to cope with them is provided.
At the end of the book you get checklists for the four areas (approaching review, environments, governance and risk checklists) and references to further reading including links to National audit Office and HM Government documents and several agile related sites.
Conclusion: This easy to read book focusses, as stated, on temporary projects with an agile delivery team. I would say it’s a good starting point, and it helps to get an understanding how to perform an assessment on agile projects.
To order: A Guide to Assurance of Agile Delivery
Christopher Wright wrote the book Agile Governance and Audit – An overview for auditors and agile teams. Auditing of an agile way of working looks like an unexplored corner. There is not that much written about this topic.
Agile Governance and Audit gives a short introduction to agile, compares agile with waterfall and looks at audit and agile cultures. The author follows a project life cycle from idea towards a usable product including governance and control.
Based on an audit objective related to the position in the life cycle, you get the main risks to consider, the audit approach including a set of questions and a conclusion. The following audit objectives are explored:
- Auditing agile versus waterfall: To ensure management has adequate controls for decisions regarding the choice of approach for projects (agile/waterfall/hybrid approach) and has established the governance and infrastructure to support these approaches
- Auditing project initiation: To ensure management has adequate procedural controls and evidence for decisions regarding inception and choice of approach, business benefits, risk/compliance implication, phasing and level of governance required. A case study is included
- Auditing requirements gathering: To ensure management has adequate controls and evidence for decisions for the consistent gathering, assessment, prioritization and approval of high-level business requirements. A case study is included
- Auditing build and testingphases: To ensure management has adequate controls and evidence for decisions regarding testing performed, and that that testing will ensure management requirements will be met
- Auditing business handover: To ensure management has adequate controls and evidence so that functionality, processes and controls can be operated effectively and maintained by the business post Go Life
- Auditing agile governance: To ensure management has established an effective and efficient framework for governance off the project, with appropriate evidence being retained.
The final chapter gives some top tips for auditors as a take-away.
Conclusion: This easy to read book focusses on projects with an agile delivery team using Scrum, Unified Process or XP. This means, in this book, a temporary organization using an agile way of working that is close to more traditional project management. This is where we now see PRINCE2 Agile, AgilePM, DAD or PMI Agile. I would say it’s a good starting point, and it helps to get an understanding what kind of controls you need to put in place. On the other hand, I hoped to find some audit practices regarding organizations with permanent agile teams using SAFe or LeSS or other agile scaling frameworks. In these situations, the focus will probably be on requirements/user stories/backlog items, roles, governance, decentralized decision making, DevOps, automated testing, continuous integration, continuous deployment and transition. And these areas are not covered in this book (understandable because the book was written in 2014).
In a next post I will review another book in this area: A guide to Assurance of Agile Delivery. Please let me know if you are aware of other books in this area.
To order (Bol.com): Agile Governance and Audit