European Proceedings Logo

Agile Internal Auditing – The Case Back To Normal

Table 3:

Scrum Artefact Scrumpliance IA Project Scrum IA Function Scrum
Sprint All compliance tests Limited scope: project/area Covers all IA activities
Epic Compliance area N/A IA project, administrative task
User Story “As a compliance auditor…” Audit “who what why”, value Project bit: explore, test, align
Task granularity Control tests, follow-ups Must fit into sprint Mini tasks > 30 minutes
Product Backlog Compliance areas, tasks Audit areas; all user stories (Multi) annual audit plan
Increment Control status Sprint audit report (point of view, PoV) Transparency
Findings & Follow Up Entered as new tasks In the audit report (point of view, PoV) Follow up epic, findings database
Definition of Done Control tested / remedied Specific ‘done’ in a sprint Epic question; specific ‘done’
Bug Control design error N/A Tracking of impediments
Release Plan Test schedule for areas N/A Quarterly audit schedule
Compatibility SOX (with access control) QAIP QAIP; ISO 9001
Specifics Best fit: compliance audits Definition of Ready, canvas Best fit: non repetitive audits
< Back to article

We care about your privacy

We use cookies or similar technologies to access personal data, including page visits and your IP address. We use this information about you, your devices and your online interactions with us to provide, analyse and improve our services. This may include personalising content or advertising for you. You can find out more in our privacy policy and cookie policy and manage the choices available to you at any time by going to ‘Privacy settings’ at the bottom of any page.

Manage My Preferences

You have control over your personal data. For more detailed information about your personal data, please see our Privacy Policy and Cookie Policy.

These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services you have asked for cannot be provided.

Third-party advertising and social media cookies are used to
(1) deliver advertisements more relevant to you and your interests;
(2) limit the number of times you see an advertisement;
(3) help measure the effectiveness of the advertising campaign; and
(4) understand people’s behavior after they view an advertisement.
They remember that you have visited a site and quite often they will be linked to site functionality provided by the other organization. This may impact the content and messages you see on other websites you visit.