Site Search

Menu

Topics

Loading Results

New ways of working: Would you survive an Agile audit?

  • No matter the approach taken to digital transformation, companies need to ensure controls are in place.
  • Inadequate governance could lead to costly delays, project failure, security breaches or unsuccessful audits.
  • Six elements common to successfully transformed auditable companies can help a business shore up its work.

If you’re like most businesses, you’re exploring more dynamic ways of working as you digitally transform. Whether utilising Agile, BizDevOps, DevOps or DevSecOps, the ways in which you get work done are changing. 

These days, they have to. With digitisation raising the table stakes, the ability to differentiate your brand in the market is critical to growth. Transforming into a digital organisation can have substantial benefits like improved time to market, increased innovation, higher quality, positive cultural change, and ultimately, happier customers. 

Unfortunately, however, many businesses don’t realise that costly operational disruption, regulatory penalties, and even personal remuneration are at stake when controls aren’t embedded into new practices.

Agile, DevOps, what?

There are many different practices currently being explored by business to enable new ways of working. An Agile transformation of an organisation, for example, is about getting the right people working closer together, orientating around the customer and getting to value sooner, informed by continual feedback loops. With Agile, a business can adapt and innovate productively and cost-effectively. This transformation realigns the entire business including leadership and governance, strategy, operating model and culture.

DevOps on the other hand is a way to ensure that teams have all the capabilities that they need to deliver and provide service to the customer (from development to operations). It focuses more on transforming operating models, technology and infrastructure, similar to BizDevOps, but less focused on the business holistically and more focused on its technical capabilities. And just to throw in another acronym, then there is DevSecOps, which integrates security into DevOps to create accountability between teams and enable the business to provide secure infrastructure for its initiatives.

What could go wrong? 

What many businesses don’t know when they implement these solutions is that they can be unknowingly leaving adequate protections behind. By the time internal auditors, external regulators, or other assessment teams expose these weaknesses, it is often too late to avoid significant re-work costs, security fire drills, launch delays, or project failures.

Indeed, if your business was to be scrutinised tomorrow, what would the outcome be? 

Companies need to ensure that when they are working differently, they are also working securely. Policies and procedures (frameworks, toolkits, governance) should be updated to reflect the new ways, not the old. If an auditor were to look up how your business operates, would they get an accurate picture? For instance, could you prove, with evidence, that the teams are following new methods?

When it comes to finance, Agile organisations also often need to fund projects differently, embracing investment planning that supports iterative development. Can the finance team fund and account for project spend? And crucially, when it comes to security, are you sure that no one can use the new methods and tools — automation, new technology, artificial intelligence — to introduce malicious or deficient code into production? Are your systems robust and secure? It should go without saying that they need to be.

How to deliver at pace and still have control

Luckily, none of the above working methods and practices necessarily mean being at odds with governance, control and auditability. While not exhaustive, here are six elements that organisations who have embraced digital transformation auditability all address:

  1. Write integrated (across Agile, DevSecOps etc.) playbooks that help drive consistency and repeatability across teams. Delivery teams’ feedback should be incorporated to enhance their usefulness, while also enabling auditability by design/minimal overhead.
  2. Ensure lifecycle frameworks are not just in a set of slides; instead they should be instituted as part of the systems used (eg. within Jira, Rally, Chef, Selenium and/or other related tools) to drive adherence to the abovementioned playbooks, compliance, and internal controls. If implemented correctly, quality engineering practices and the use of automated tools immediately establishes the foundation for effective controls.
  3. Update your risk and control matrices for audit teams to use as the basis for their work, rather than relying on old checklists. 
  4. Align processes and controls for finance, portfolio, HR, procurement, and other teams with IT’s adoption of, or business transformation to Agile. 
  5. Make certain that ways of working are agreed for risk teams (eg. cyber, operational risk, compliance, etc.) so they can provide their expertise and requirements without disrupting the Agile teams’ flow.
  6. Lock down’ your DevOps continuous delivery pipeline and configure it to enable security and control by design.

How to gain confidence in your delivery

Additionally, businesses can get ahead by developing themselves into ‘auditready’ organisations. Conducting a mock audit, for example, can help to identify gaps before they are found by others — or have developed into serious issues. A mock audit can also uncover opportunities for digitising and automating internal controls. This approach will build confidence without adding overhead or complication — helping realise the benefits of your digital transformation.

An Agile/BizDevOps workplace is one that comes with substantial benefits, not the least being the ability to compete in today’s digital world. Working in these new ways doesn’t have to mean accepting risk, so ask yourself, would your Agile organisation survive an audit? And if your answer is unsure, it’s time to do something about it. 

To find out more on assurance processes for new ways of working, explore the United States or Australian transformation assurance sites or download our Agile Project Delivery Confidence report. 

{{filterContent.facetedTitle}}

Related Articles
heading
Digital Pulse shares insights from PwC experts to empower your digital journey. By exploring stories at the intersection of humanity and technology we help you solve today’s business challenges to unlock the possibilities of tomorrow.
sitelinks Home Topics About
policylinks PwC Consulting Privacy Legal disclaimer
sociallinks Connect with us Email Twitter
subscribe Get the latest in your inbox weekly. Sign up for the Digital Pulse newsletter.

© 2021 - 2024 PwC. Digital Pulse shares expertise from PwC consultants and wider industry networks to provide thought leadership and actionable insights to empower your digital journey. We focus on transformational change and how this impacts consumers and business alike.

Industries
Agribusiness and Food Banking and Capital Markets Construction and Transportation Education and Skills Entertainment and Media Government Insurance Power & Utilities Retail and Consumer Real Estate Telecommunications
Asset Management Charities and Not-for-profit Defence Energy (Oil & Gas) Financial Services Healthcare Mining Infrastructure Superannuation Technology
Capabilities
Asia Practice Assurance Business Align & Connect Consulting Cybersecurity and Digital Trust Deals Digital Transformation Energy Transformation Environment, Social and Governance (ESG)
Future of Work Indigenous Consulting Integrated Infrastructure Legal People & Organisation PwC Private Strategy Tax
About Us Alumni Governance Board Diversity and Inclusion Executive Board Non-executive Director Centre Social Impact Suppliers of PwC The New Equation
Media
Insights
Careers Student careers Graduate careers Experienced careers
Contact Us Local Offices Sitemap
Digital Pulse Topics About us Subscribe

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.