Professional Scrum Training Courses
Enables all members of a software-focused Scrum Team to learn Scrum while doing it, experiencing what it is like to build products with modern Agile and DevOps practices.
Professional Scrum Competencies
Scrum.org has created these Professional Scrum™ Competencies to help guide an individual’s personal development as they learn Scrum.
New and Now at Scrum.org
Resources Describing Scrum Guide Changes
Find a series of resources that discuss and describe the changes between the 2017 and 2020 versions of the Scrum Guide.
Accountabilities of a Professional Product Owner
n this joint whitepaper from Avanade and Scrum.org, we explore the key complexities of Product Ownership and ways to address them.
Measuring Enterprise Agility
This whitepaper describes the foundation mindset, actions and behaviors of agile in four simple statements supported by 12 principles
What Makes Scrum.org Different
Learn how Scrum.org is unique in the market as a mission based organization that provides consistent experiential training around the world.
Professional Scrum Certification Assessments
The Professional Agile Leadership - Evidence Based Management assessment validates and certifies an understanding about how leaders can best support their teams in an agile environment.
New Blog Posts
The Product Owner is a critical accountability in Agile and Scrum. And although the Scrum Guide doesn’t give much guidelines around great Product Ownership, the role is still absolutely necessary for great Agile and Scrum Teams.
Jun 11, 2021 Read blog
How does the Sprint Retrospective supports Transparency? Transparency being one of the core underlying concepts of the Scrum framework. What questions can you ask with your team about your Sprint Retrospective to raise transparency?
Jun 11, 2021 Read blog
“It is not the strongest or the most intelligent who will survive but those who can best manage change.” ― Leon C. Megginson, author of Small Business Management Though these words are often misattributed to Charles Darwin, Megginson’s concept of “survival of the fittest” is most applicable in this time of increased Cyber hostility. CMMC (Cybersecurity Maturity Model Certification) is a unified standard for cybersecurity across the defense industrial base. Maturity Levels 1 or 3 will be required for entities to continue doing business with the United States Department of Defense on some contracts as early as June 2021. Adopting Agile Audit practices will help Audit and Compliance teams effectively attain and maintain CMMC Maturity Levels. Most Internal Audit Teams currently follow a phased process that flows from Planning and Scoping to Fieldwork, Reporting, and then Follow-Up. This phased process results in a big batch of audit results dropped on stakeholders via a draft report for comments and a corrective action plan. The stakeholders then begin extensive work as detailed in the corrective action plan. Before CMMC became the effective standard, the “big batch approach” was acceptable; corrective action plans known as a Plan of Actions and Milestones (POA&Ms) were created to prioritize and monitor the progress of remedial efforts related to addressing security weaknesses over time. CMMC put an end to the POA&M for Department of Defense contractors because DOD audits revealed that the items documented in the POA&Ms were often never completed. Now, when a Certified Third-Party Assessor Organization (C3PAO) performs a CMMC audit, it is pass or fail. This all-or-nothing approach puts significantly more pressure on the Internal Audit Teams with the assistance of CMMC Registered Practitioners to identify these problems promptly. Any deficiencies found must then be addressed before the formal audit is performed by the C3PAO. For example, CMMC Maturity Level 1 has 6 Domains and 17 practices that the organization must perform consistently. All of the 17 Level 1 practices or 130 Level 3 practices that are found to have shortcomings must be addressed promptly before the C3PAO audit….or the contract award is at risk. Operations Management Teams and Agile Teams have shown time and time again that the more work that is in progress at any given time, on average, the longer all work will take to complete ( Little’s Law). Traditional Audit teams may have assigned as many auditors as they had available to an audit team. Each team would focus on a different set of the 17 practices, with very little feedback solicited from stakeholders until very late in the effort. Audit crossover is thus also likely to occur with traditional audit approaches. This is when a team of auditors working independently on separate test controls descend on an auditee/stakeholder all at once while performing their fieldwork. The result is to overwhelm the stakeholders, causing untimely and excessive interruptions from their day jobs. Minimizing interruptions is good for everyone and will reduce frustration with the process and business impact. Another problem with most traditional audit approaches is that due to audit crossover. Audit crossover may occur when a team of auditors working independently on separate test controls descend on an auditee/stakeholder while performing their fieldwork, which may overwhelm a stakeholder causing much frustration with the process. Typically the auditee views the audit as an interruption from their day job. Minimizing interruptions is good for everyone. Suppose that instead, an organization encourages teams of auditors to focus their work such that they complete a test control before another is started. In that case, they will be able to provide corrective action reports for each of the practices on an ongoing basis. This focus, enabled by limiting the team’s work in progress, will allow the organization to begin remediation before the entire audit is completed. The ability to begin remediation early on becomes even more critical as an organization achieves maturity levels 3, 4, or 5. My experience when providing Scrum training to internal auditors in banking and retail organizations was that these organizations didn’t embrace a collaborative team concept. For the most part, each auditor worked independently on fieldwork and reporting for specific controls with little collaboration with the other auditors.. If we agree that Internal Audit is a complex endeavor and Auditing Cybersecurity Compliance is even more so, would we still want to take the “big batch” approach of Scoping, Planning, Fieldwork, Closure, and Monitoring? Or would it make more sense to break the work into smaller parts to focus on one control at a time, embracing a collaborative team effort to focus on completing work on a control-by-control basis? Does this approach to audit and compliance sound interesting to you? Applied Professional Scrum is an excellent 2-day workshop that will help your audit teams understand the benefit of using the Scrum Framework to solve complex problems. Next month, I will be offering a new Applied Professional Scrum class, adding a third day focused on building an initial Product Backlog for a CMMC Maturity Level 1 Compliance effort. Contact me if you would like to learn more about using Professional Scrum to guide your compliance efforts! Read About the Details of Applying Professional Scrum for CMMC Compliance.
Jun 10, 2021 Read blog
There are plenty of failure possibilities with Scrum. Given that Scrum is a framework with a reasonable yet short “manual,” this effect should not surprise anyone.
Jun 10, 2021 Read blog