{{item.title}}
If you’re like most businesses, you’re exploring more dynamic ways of working as you digitally transform. Whether utilising Agile, BizDevOps, DevOps or DevSecOps, the ways in which you get work done are changing.
These days, they have to. With digitisation raising the table stakes, the ability to differentiate your brand in the market is critical to growth. Transforming into a digital organisation can have substantial benefits like improved time to market, increased innovation, higher quality, positive cultural change, and ultimately, happier customers.
Unfortunately, however, many businesses don’t realise that costly operational disruption, regulatory penalties, and even personal remuneration are at stake when controls aren’t embedded into new practices.
There are many different practices currently being explored by business to enable new ways of working. An Agile transformation of an organisation, for example, is about getting the right people working closer together, orientating around the customer and getting to value sooner, informed by continual feedback loops. With Agile, a business can adapt and innovate productively and cost-effectively. This transformation realigns the entire business including leadership and governance, strategy, operating model and culture.
DevOps on the other hand is a way to ensure that teams have all the capabilities that they need to deliver and provide service to the customer (from development to operations). It focuses more on transforming operating models, technology and infrastructure, similar to BizDevOps, but less focused on the business holistically and more focused on its technical capabilities. And just to throw in another acronym, then there is DevSecOps, which integrates security into DevOps to create accountability between teams and enable the business to provide secure infrastructure for its initiatives.
What many businesses don’t know when they implement these solutions is that they can be unknowingly leaving adequate protections behind. By the time internal auditors, external regulators, or other assessment teams expose these weaknesses, it is often too late to avoid significant re-work costs, security fire drills, launch delays, or project failures.
Indeed, if your business was to be scrutinised tomorrow, what would the outcome be?
Companies need to ensure that when they are working differently, they are also working securely. Policies and procedures (frameworks, toolkits, governance) should be updated to reflect the new ways, not the old. If an auditor were to look up how your business operates, would they get an accurate picture? For instance, could you prove, with evidence, that the teams are following new methods?
When it comes to finance, Agile organisations also often need to fund projects differently, embracing investment planning that supports iterative development. Can the finance team fund and account for project spend? And crucially, when it comes to security, are you sure that no one can use the new methods and tools — automation, new technology, artificial intelligence — to introduce malicious or deficient code into production? Are your systems robust and secure? It should go without saying that they need to be.
Luckily, none of the above working methods and practices necessarily mean being at odds with governance, control and auditability. While not exhaustive, here are six elements that organisations who have embraced digital transformation auditability all address:
Additionally, businesses can get ahead by developing themselves into ‘auditready’ organisations. Conducting a mock audit, for example, can help to identify gaps before they are found by others — or have developed into serious issues. A mock audit can also uncover opportunities for digitising and automating internal controls. This approach will build confidence without adding overhead or complication — helping realise the benefits of your digital transformation.
An Agile/BizDevOps workplace is one that comes with substantial benefits, not the least being the ability to compete in today’s digital world. Working in these new ways doesn’t have to mean accepting risk, so ask yourself, would your Agile organisation survive an audit? And if your answer is unsure, it’s time to do something about it.
To find out more on assurance processes for new ways of working, explore the United States or Australian transformation assurance sites or download our Agile Project Delivery Confidence report.
Get the latest in your inbox weekly. Sign up for the Digital Pulse newsletter.
Sign Up
References
© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.