Speaker: Baskaran Rajamani
Executives, Risk Managers, Auditors and Regulators view Agile as a new risk to the organization. In their view, traditional waterfall methods had several checks and balances that gave them comfort as it relates to software quality and code integrity, while they question whether similar controls exist within Agile. In addition, they also wonder if Agile gives rise to net-new risks as well.
The purpose of this session is to allow audience to understand how to make your Agile program and Agile methodology risk, security and compliance intelligent. Not only does such an initiative help alleviate concerns from stakeholders, but more importantly enhances the quality and robustness of the project outcomes and renders the overall Agile program more sustainable and reliable.
After a brief introduction on risks and controls within the waterfall model as an example, we will discuss how these traditional risks manifest in an Agile project and whether or not the inherent risks increase. Further, we will also discuss net new risks that an Agile development project gives rise to and how organizations needs to address that.
The second part of the session will explain the role of partners in the second line of defense (we will explain lines of defense briefly) such as Information security, Risk Management, Compliance (including Legal) and how best to engage them and collaborate with them during an Agile project.
In the next part we will discuss the role of Auditors and how to interact with them as they seek to provide assurance to stakeholders on either the Agile project or the overall program at large.
The session will end with a note on sustaining the control environment for Agile so that the program can stay resilient to risks and gain the confidence of various stakeholders. The speaker will use anonymized live cases and examples wherever possible.
Baskaran Rajamani is a Technology Risk Advisory Partner at Deloitte in Toronto. Baskaran leads teams to help Financial Services clients on: IT Risk Management, IT Audit, IT Regulatory Compliance, Outsourcing/Supplier risk management, IT Governance and Agile and Digital transformation risk management. He also provides thought leadership on related frameworks and methodologies. Baskaran is a Faculty at Deloitte University in its Toronto and Dallas, TX campuses.
Baskaran has over 34 years of experience of which the last 22 years have been in professional services, preceded by his career in engineering automation. He holds a Master’s degree in Engineering and an MBA. His designations include CISA and CISSP and was the recent past President of the ISACA Toronto Chapter.