SDLC is a tried and true process for systems development, however as the speed of business has increased, so has the demand for development frameworks that can keep up. Many takes on this concept have come and gone, but one that has increased in adoption and earned high regard in the process is the Agile Development Process. It has been adapted to many industries and many types of systems. I’ll talk a little about what Agile is, and what it should mean for the audit process.
First things first, I’ll take a moment to describe the Systems Development Life Cycle (SDLC). This is important because a true understanding if Agile requires an understanding of SDLC for context. The SDLC is a process that is defined by five key steps in the development of an application or system. The steps are:
Planning
Analysis
Design
Implementation
Maintenance
The steps are meant to begin once the previous one is completed which is why it is often referred to as “Waterfall Project Management.” It has a very structured flow. It is best suited for larger projects that will not change much over the course of its lifecycle. As mentioned earlier, as the speed of business increased, the need for project development to be adaptable on the fly as situations changed began to create real questions on the suitability of SDLC for modern project development.
Where SDLC is a process, Agile is considered more of a methodology. Where the waterfall style of project management that defines SDLC doesn’t meet the needs of systems development in an environment that includes constant changes, Agile was developed. The “Agile Manifesto” was written in 2001. This led to the formalization of Agile as a process.
Scrums and Sprints are key concepts to Agile. Agile is known for constant collaborative meetings that bring stakeholders, multiple cross-functional teams from across the development staff, and clients to discuss the work that was done and needs to be done. This allows for changes to be implemented relatively quickly as opposed to waiting until it is impractical or impossible. Scrums are the meetings that precede Sprint periods. Sprints are a predetermined period of time when development work is done. Changes are generally not allowed during a sprint period. This is mitigated by the fact that sprints tend to be relatively short, and changes can be discussed and applied as needed. Agile provides for accountability, as development team members are required to frequently brief their progress in between sprints, and their work is drawn into the big picture with all stakeholders present.
As this all pertains to the audit process, development of systems with SDLC is unquestionably friendlier to the audit process. System development where requirements are clearly defined from the very beginning and if all goes right, the work follows that predetermined plan. Audit requirements should be baked into the system from the very beginning, and audit processes can be designed, tested, and performed on the system throughout its lifecycle.
Agile certainly complicates matters. As requirements change for a system, this can change the audit environment significantly. In order to minimize the effect of this complication, the audit team must be active participants in the Agile process. During scrums, auditors must be present as changes are discussed and must be engaged in discussing their concerns. System audits are a key component to a system, and must be part of the development process. A slower moving development process would be much easier for the audit process. A faster moving development process simply requires more active engagement and a faster moving audit team that is well versed with the terminologies and the concepts of the Agile Framework.
No comments:
Post a Comment