1 / 29

Auditing in an Agile Environment

Auditing in an Agile Environment. Andres Camacho August 2012. Agenda. Intro to Agile Software Development Highlight practices Things to look for in an audit Questions. Manilla. S ecure, one-stop “Digital Life Management Dashboard” that gives consumers simple, instant, direct

nat
Download Presentation

Auditing in an Agile Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditing in an Agile Environment Andres Camacho August 2012

  2. Agenda • Intro to Agile Software Development • Highlight practices • Things to look for in an audit • Questions

  3. Manilla Secure, one-stop “Digital Life Management Dashboard” that gives consumers simple, instant, direct access to all of their expenses and online accounts

  4. Waterfall What happens when things change?

  5. Agile Software Development • Iterative • Working software over comprehensive documentation • Collaboration over contract negotiation • Responding to change • Early visibility How does Agile reconcile with IT audits and secure software development?

  6. Agile Software Development • User stories • Velocity • Whole team • Test driven development • Estimation session • Sustainable pace • Backlog • Daily standups • Early visibility • User stories • Whole team • Backlog • Early visibility • User stories • Whole team • Backlog • Early visibility • Automated tests • Simple designs • Fast iterations • Planning game • Continuous integration • Refactoring • Pair programming • Collaboration over contract negotiation • Automated tests • Fast iterations • Continuous integration • Pair programming • Automated tests • Fast iterations • Continuous integration • Pair programming

  7. User Story • Unit of work • Small, stands on its own two feet • Estimable • Placeholder for a conversation As a … I can … so that …

  8. User Story

  9. Story Workflow

  10. Backlog • User stories that are ready to be implemented • Developers work next story in queue • No P’s • We use Pivotal Tracker

  11. Pivotal Tracker

  12. Git • Standard source code control software for Ruby community • Github, social coding • Rigorous commit workflow Is GitHub secure?

  13. Commit Workflow • All work done using feature branches • Format: • feature-3274744-Add_custom_reminders feature branch

  14. Iteration • Stories and bugs that are released to production • Stories labeled (tagged) by release date

  15. Release W TH F M T W TH F Production bug fixes tag and release to production bug fixes Staging release branch feature branch Master Staging branch merged End of Iteration

  16. Whole Team • Hire generalists • Everyone gets to work on everything • Automatic cross training • Small teams • Product/QA are part of the team

  17. Pair Programming • 2 developers 1 story • Built in code review • Built in cross training • Collaboration

  18. Collaboration

  19. Pull Request • Request by a contributor to pull code changes into a codebase • Used extensively by open source projects • Adopted as a code review tool

  20. Pull Request

  21. Automated Tests • “pay me now or pay me more later” • Critical, especially with dynamic languages (Ruby, Python) • Unit tests, acceptance tests • Test Driven Development • At Manilla 3 lines of test code for every 1 line of code

  22. Continuous Integration • Check in early and often • Automated builds and deployments • Keep the build fast • Everyone can see the results

  23. Continuous Integration

  24. Early Visibility

  25. Documentation Where is the documentation?

  26. Documentation

  27. Documentation

  28. Resources • Manilla – http://www.manilla.com • Pivotal Tracker – http://www.pivotaltracker.com • Github – http://www.github.com • Relish - https://www.relishapp.com/

  29. My Background • Degree in Finance, many courses in Accounting • Auditor for Price Waterhouse in San Jose, CA • Computer Science courses at San Francisco State • Positions at Price Waterhouse, NextCard, QRS, Yaga, Vinfolio, and Manilla

More Related