Inspire, develop, and guide a winning organization.
Create visible workflows to achieve well-architected software.
Understand and use meaningful data to measure success.
Integrate and automate quality, security, and compliance into daily work.
Understand the unique values and behaviors of a successful organization.
LLMs and Generative AI in the enterprise.
An on-demand learning experience from the people who brought you The Phoenix Project, Team Topologies, Accelerate, and more.
Learn how making work visible, value stream management, and flow metrics can affect change in your organization.
Clarify team interactions for fast flow using simple sense-making approaches and tools.
Multiple award-winning CTO, researcher, and bestselling author Gene Kim hosts enterprise technology and business leaders.
In the first part of this two-part episode of The Idealcast, Gene Kim speaks with Dr. Ron Westrum, Emeritus Professor of Sociology at Eastern Michigan University.
In the first episode of Season 2 of The Idealcast, Gene Kim speaks with Admiral John Richardson, who served as Chief of Naval Operations for four years.
New half-day virtual events with live watch parties worldwide!
DevOps best practices, case studies, organizational change, ways of working, and the latest thinking affecting business and technology leadership.
Is slowify a real word?
Could right fit help talent discover more meaning and satisfaction at work and help companies find lost productivity?
The values and philosophies that frame the processes, procedures, and practices of DevOps.
This post presents the four key metrics to measure software delivery performance.
August 16, 2022
When the auditors come knocking, it’s rare for Management to fling open the doors and happily usher them in. It’s even more rare for Management to invite their auditors in. Auditors, at times, are viewed as Management’s adversaries who get in the way of implementing better ways of working, like DevOps.
What if it could be different? What if auditors and Management could work together instead of getting in each other’s way?
Believe it or not, we auditors want to work with you, not against you. We want you to be able to do your work effectively and for you to achieve your objectives.
Here are a few of my favorite videos from DevOps Enterprise Summits that set the stage for moving past adversarial relationships and toward collective collaboration (and more fun) during audits! Both auditors and professionals who get audited will benefit from watching these videos.
This presentation busts common DevOps myths about auditors. It begins by stating the root problem addressed by the session: Management views auditors as an impediment to implementing better ways of working. Specifically, it explores the following:
Cultivating a better understanding of each party’s objectives and perspectives is an important step in creating stronger working relationships and leveraging that understanding as a superpower to bring the two parties together to work collectively and achieve so much more together. This presentation sets the stage for exactly this.
Audit Panel (Las Vegas 2019)Matt Bonser, Director, Digital Risk Solutions, PricewaterhouseCoopers LLPYosef Levine, Managing Director, Global Technology Controls, Confidentiality & Privacy, DeloitteJeff Roberts, Senior Manager, Advisory Services, Ernst&YoungMichael Wolf, Managing Director Modern Delivery Lead, KPMGGene Kim, Founder and Author, IT Revolution
One of the Agile Principles emphasizes satisfying the customer. Instead of the auditors guessing what they think their clients want to learn about, this session embraces this Agile Principle by building the entire presentation around whatever the audience wants to learn about.
It also brings auditors and Management into the same room with the objective of gaining a better understanding of each other—auditors understanding what their clients are worried about and struggling with, and Management understanding what the auditors are trying to accomplish and how they can best add value.
WATCH: Auditors’ Workshop – What You’ve Wanted to Ask an Auditor but Were Afraid to Ask (Las Vegas 2019)
These next two presentations hold a special place in my heart for two reasons:
They build upon the first session in my list by providing the audience with a double-click into what the auditors explored there. It provides tangible examples of controls commonly seen as hurdles to implementing DevOps. It also provides a different perspective to the audience, as the speakers here are internal auditors, whereas the speakers in the first session are external auditors.
In this two-part session, technology practitioners hear directly from internal auditors how they could think differently about controlling risks under this new operating model. It also explores the advantages to be experienced during an audit of an area using DevOps practices, including decreased interruption to daily work, stronger collaboration, and fewer requests for evidence.
I recommend watching this to everyone who is stuck fitting a square peg (old ways of controlling risk) in a round hole (new ways of working and different methods of controlling those risks).
WATCH: DevOps and Internal Audit: A Great Partnership (Las Vegas 2020)Rusty Lewis, IT Auditor, Nationwide InsuranceClarissa Lucas, IT Audit Director, Nationwide Insurance
WATCH: DevOps and Internal Audit: A Great Partnership (Part 2) (US 2021)Clarissa Lucas, IT Audit Director, Nationwide InsuranceRusty Lewis, IT Audit Specialist, Nationwide InsuranceEthan Culp, NTEC Sr. Associate, Nationwide Insurance
I selected this presentation because it dispels a number of myths about auditors. It is a great follow-up to the first one on my list, going beyond the myths about auditors and their impact on teams implementing DevOps practices, to instead exploring common myths about the audit profession and why auditors do what they do.
Some of the questions answered in this session include:
Understanding these truths (and other truths) about auditors and the audit profession also drives a better relationship between auditors and management, resulting in more value for the organization.
WATCH: From Your Auditor Friends: What We Wish Every Technology Leader Knew (Las Vegas 2020)Rusty Lewis, IT Auditor, Nationwide InsuranceClarissa Lucas, IT Audit Director, Nationwide Insurance
This is another great session from DevOps Enterprise Summit. It is great for both technology leaders and auditors. One of the key takeaways from this session is that it explores audit-related challenges in the software delivery process, including:
This presentation explores how technology professionals can overcome these challenges using modern governance practices. Technology leaders can watch this session to explore how to improve their own processes. I also encourage auditors to view this session, as they can learn more about these leading practices and add value to their audit clients by suggesting these practices as improvement opportunities, where it makes the most sense.
WATCH: We’re Sorry, Love DevOps (Europe 2022)Bill Bensing, Software Factory – Managing Architect, Red Hat
Finally, I encourage each of you to attend this year’s DevOps Enterprise Summit in Las Vegas October 18-20.
In addition to a list of phenomenal speakers who are thought leaders exploring the technology side of DevOps, you’ll experience a session unlike many others.
I, an internal auditor, will present with my client, a technology leader, sharing our experience working together collaboratively on an internal audit, implementing Agile and DevOps practices into the audit process itself. Yes, you read that correctly – applying better ways of working to the audit process itself.
This presentation expands beyond the other presentations in my list above by bringing audit and Management to the same side of the table. The presentations above are primarily given by auditors with technology leaders in the audience. Other DevOps Enterprise Summit sessions are given by technology leaders (with mostly technology leaders in the audience with some auditors sprinkled in).
What we’re presenting in this session has been compared to the Velocity 2009 session titled “10+ Deploys Per Day: Dev and Ops Cooperation at Flickr” by John Allspaw and Paul Hammond.
I can’t wait to see you there!
Clarissa Lucas is an experienced audit and risk management leader in the financial services industry. She is also the author of "Beyond Agile Auditing: Three Core Components to Revolutionize Your Internal Audit Practices", has written articles on Auditing with Agility that have been published by the IIA, and has spoken at a number of industry conferences on this topic locally and internationally.
No comments found
Your email address will not be published.
First Name Last Name
Δ
"This feels pointless." "My brain is fried." "Why can't I think straight?" These aren't…
As manufacturers embrace Industry 4.0, many find that implementing new technologies isn't enough to…
I know. You’re thinking I'm talking about Napster, right? Nope. Napster was launched in…
When Southwest Airlines' crew scheduling system became overwhelmed during the 2022 holiday season, the…