Organizations certified as ISO 9001 compliant need to conduct Internal Audits of their processes at planned intervals. The objective is to determine whether the processes followed in their projects are effective and are in compliance to the requirements defined in the organization’s QMS (Quality Management System).
Auditing a project implementing agile processes has some unique challenges. Such projects do not perceive any direct value addition from these audits to the product they deliver to the customer (unless the customer has mandated such an audit). However from the organization’s perspective an effective internal audit is a means for continuous improvement.
Here are some guidelines for auditing a project which follows Scrum an agile methodology:
- Audit should be non-intrusive as far as possible
- Audit should not trigger creation of for-Auditor-only documents
- A generic Scrum checklist tailored to suit project requirements should be used as the basis for audit
- An Auditor is assigned to an entire Sprint as per the Internal Audit Plan
- Auditor is a silent observer of the Sprint.
- The Auditor is added to the team mailing list to receive all communications; provided access to all the artifacts; attends at the minimum Sprint Planning, a few Daily Scrum meetings, Sprint Review and Sprint Retrospective meetings.
- Auditor does not schedule formal audit meetings with the team members but may seek clarifications from ScrumMaster and/or Product Owner as needed during the Sprint.
- Auditors prepare the audit report recording their observations and findings against the items in the checklist. However they are encouraged to go beyond the checklist and provide their suggestions for improvement.
- The Audit Report is presented to the Team preferably immediately after the Sprint Retrospective meeting.
- Non-conformances are addressed in the forthcoming Sprints and verified by the Auditor.
The Internal Audit following the above guidelines will minimize the project overheads, allow the team to be focused on delivery and yet can yield value added recommendations from the Auditor.
[Please feel free to leave your comments below or bookmark/share this post]