European Proceedings Logo

Agile Internal Auditing – The Case Back To Normal

Table 3:

Scrum Artefact Scrumpliance IA Project Scrum IA Function Scrum
Sprint All compliance tests Limited scope: project/area Covers all IA activities
Epic Compliance area N/A IA project, administrative task
User Story “As a compliance auditor…” Audit “who what why”, value Project bit: explore, test, align
Task granularity Control tests, follow-ups Must fit into sprint Mini tasks > 30 minutes
Product Backlog Compliance areas, tasks Audit areas; all user stories (Multi) annual audit plan
Increment Control status Sprint audit report (point of view, PoV) Transparency
Findings & Follow Up Entered as new tasks In the audit report (point of view, PoV) Follow up epic, findings database
Definition of Done Control tested / remedied Specific ‘done’ in a sprint Epic question; specific ‘done’
Bug Control design error N/A Tracking of impediments
Release Plan Test schedule for areas N/A Quarterly audit schedule
Compatibility SOX (with access control) QAIP QAIP; ISO 9001
Specifics Best fit: compliance audits Definition of Ready, canvas Best fit: non repetitive audits
< Back to article