Eric Brotten (firstname.lastname@example.org) is Director of International Compliance Programs at Optum in Eden Prairie, Minnesota, USA.
No matter the industry, “Every company is now a technology company.” This means that whether you are a compliance professional supporting financial services, retail, farming, logistics, automotive, healthcare, media, or even food, you need to meet your business partners where they are. Regulators and enforcement agencies are also abuzz with the emerging fields of artificial intelligence, blockchain, data protection and governance, the gig economy, the International Organization for Standardization, tech ethics, and cryptocurrency. Increasingly, business teams are deploying via continuous delivery, or agile and scrum methodologies. As a result, today’s compliance professional needs to understand the intersection of traditional compliance, privacy, and technology and how business partners’ support needs and expectations are changing in regard to overall compliance and governance models.
What is waterfall?
Traditionally, businesses relied on project management based on a waterfall approach, where there was a clear start and stop to delivery. For the compliance professional, waterfall delivery was very advantageous, as expectations were clear up front, project artifacts and documentation were created early on, and it was comparatively easy to assess risks—even without assistance from business partners. The problem, however, for business partners was that waterfall delivery often did not allow redo’s or error corrections, was seen as inflexible, and was perceived as creating a slower speed to market.
What is agile?
The agile project delivery and methodology creates a series of ongoing, incremental work packages, called “sprints,” through continuous design and release (Figure 1).
Business partners enjoy the benefits of expected redo’s and expected error identification and correction, as well as customer feedback loops, less bugs, higher project success rates, and faster speed to market. For the compliance professional, however, agile delivery presents the challenges of fast-paced project teams (Figure 2), multidisciplinary stakeholders, frequent team meetings, and business partner need for continuous governance support.
In this type of delivery model, the compliance professional truly needs to learn how business partners are executing so that they are not left in the dark by the scrum team, are accidentally excluded from participating in project sprints or stand-up scrum meetings, or are overlooked by the scrum master.
What is agile compliance?
For the agile compliance practitioner, it is important to learn the language of the teams you’re supporting—where “scrum” comes from a reference to a rugby team huddle, having players lock themselves together over the ball to move forward, and the scrum team is encouraged to work closely together and take responsibility for results. Scrum is also reference to a common agile delivery framework. Similarly, if you find your emails are not responded to by members of the scrum or agile teams, it’s because email within scrum teams is discouraged. Daily stand-up scrum meetings are encouraged, which are brief discussions designed to resolve questions and spot issues in real time. Lastly, if you think the scrum master is blocking you from interacting with the project team, you’re not imagining it, as a scrum master’s role is a coach to the project delivery team, a facilitator of scrum meetings, and a buffer to filter out nonessential interactions between the delivery team and project stakeholders.
Within agile project delivery, the compliance professional also needs to understand the phases of continuous project delivery across “Ideate,” “Define,” “Build,” “Launch,” and “Manage,” and recognize that the compliance and governance support model will need to adapt to each project phase. One recommendation is to proactively engage your business partners, attend and engage in their stand-up scrum meetings, or consider hosting your own stand-up scrum meeting with the project leads. Typically, the Build and Launch phases of delivery require more frequent governance engagement and increased cadence of stand-up meetings and support. Furthermore, due to the fast-paced nature of delivery through incremental project iterations called “sprints,” it is increasingly important to stay connected with your broader governance colleagues in legal, privacy, security, and even human resources. Another recommendation to meet these continuous governance requirements is to develop and host your own internal governance stand-up scrum meetings (e.g., 15–20 minutes every other week) with your legal, privacy, and security colleagues to ensure awareness and alignment of your overall governance support team.
In summary, compliance professionals working in agile teams need to accept that their business partners will change their minds and courses constantly, and that the only way to keep abreast of changing governance support needs is to be embedded in the agile delivery process as early as possible across the full multidisciplinary team.
Moreover, especially in heavily regulated and enforced industries, the advanced compliance professional in an agile delivery team may find it necessary to take additional steps to ensure adequate governance support is provided and that evidence of that support exists for audit or enforcement purposes. For example, the advanced compliance professional may find it necessary to create artifacts such as roles and responsibilities matrices; hazard or incident logs (in addition to standard compliance risk assessments); privacy compliance documentation (data flows, impact assessments, etc.); and, in some cases, even meet various International Organization for Standardization compliance documentation requirements.
The importance of broadly experienced teams
Lastly, when building a modern compliance and governance team, it’s important to consider nontraditional and noncompliance work experiences. The ability to spot issues at stand-up scrum meetings comes more naturally when compliance professionals have walked in the shoes of their business partners by having past experiences in sales, information technology, service, operations, or marketing. Additionally, building a compliance team with diverse work experience yields the benefit of creating cross-functional expertise across the broad spectrum of general compliance, governance, legal, and privacy, and it allows for better coverage of frequent business partner meetings. Business partners benefit when compliance professionals use experience outside of their core function to know when additional subject matter expertise is needed and where to find it within the multidisciplinary agile team.
Be your own scrum master
Within the business you support, your goal as an agile compliance professional needs to be not just to have a traditional seat at the table, but to lock arms with your multidisciplinary business partners and be a part of the scrum around the rugby ball. And while it is not the compliance practitioner’s role to be a scrum master of the business or project delivery teams, compliance practitioners are uniquely positioned to be scrum masters among a broader multidisciplinary governance team and lead coordination efforts, facilitate real-time issue spotting, and filter out unnecessary distractions. Agile compliance requires a shift in mindset and project delivery support, and the sooner you become your own scrum master, the sooner you will create additional value for your business partners and multidisciplinary governance team.
Today’s compliance professional needs to understand the changing high-tech support model and how almost all products and services are heavily rooted in technology.
Traditionally reserved for technology projects, the agile methodology is today commonly used in service and project management environments.
Agile project delivery can place unique demands, including frequent team meetings, blurred lines of accountability in project teams, and projects without clear starts and stops.
Agile project delivery may require compliance professionals to adopt their own project management tools, such as roles and responsibility matrices, hazard logs, and impact assessments.
The skill set of a compliance professional in an agile team favors those that have past experiences in sales, information technology, service, operations, or marketing.