Scrum Artefact |
Scrumpliance |
IA Project Scrum |
IA Function Scrum |
Sprint |
All compliance tests |
Limited scope: project/area |
Covers all IA activities |
Epic |
Compliance area |
N/A |
IA project, administrative task |
User Story |
“As a compliance auditor…” |
Audit “who what why”, value |
Project bit: explore, test, align |
Task granularity |
Control tests, follow-ups |
Must fit into sprint |
Mini tasks > 30 minutes |
Product Backlog |
Compliance areas, tasks |
Audit areas; all user stories |
(Multi) annual audit plan |
Increment |
Control status |
Sprint audit report (point of view, PoV) |
Transparency |
Findings & Follow Up |
Entered as new tasks |
In the audit report (point of view, PoV) |
Follow up epic, findings database |
Definition of Done |
Control tested / remedied |
Specific ‘done’ in a sprint |
Epic question; specific ‘done’ |
Bug |
Control design error |
N/A |
Tracking of impediments |
Release Plan |
Test schedule for areas |
N/A |
Quarterly audit schedule |
Compatibility |
SOX (with access control) |
QAIP |
QAIP; ISO 9001 |
Specifics |
Best fit: compliance audits |
Definition of Ready, canvas |
Best fit: non repetitive audits |