John Gillespie

Look at the limitations of deterministic estimates and innovative approaches for effective decision-making via the Agile practices such as Scrum & Kanban. Learn to handle complexity while keeping projects on track.

To excel as an Agile facilitator, understanding the importance of facilitation skills and mastering the essential Scrum facilitation techniques are paramount. This blog post provides insights into these essentials while shedding light on how our Professional Scrum Facilitation Skills™ course can aid your Agile journey.

If you are not getting the value you hoped for from your Scrum transformation, try adding a couple of Kanban practices to your Scrum implementation.

Learn how Scrum Product Owners and Scrum Masters can employ techniques to enhance the user experience and ensure product success.

Uncover the secrets of outcome-driven roadmaps and learn how aligning product vision with a clear strategy can drive meaningful results for your business.

A Comparison of Traditional, Guided, Immersive, and Flipped Learning Approaches to accelerate your knowledge retention.

Scrum.org's Evidence-Based Management (EBM) effectively combines the Scrum framework with an emphasis on value, vision, and strategy. This approach appreciates the unpredictability of product development, promoting fact-based management over speculation. EBM's core involves continuous inspection and adaptation, creating an iterative, incremental process for problem-solving.

Given that the Product Owner may represent the needs of many stakeholders, these stakeholders will lobby for their requests.  Unfortunately, some stakeholders often intimidate others as a means to get what they want.  Some will argue publicly, and some will take it offline. Facilitation skills will help you successfully navigate difficult conversations.

In industries ranging from financial services to consulting and defense, we can find countless examples of how organizations employed incentive plans that produced behavior not aligned to the organization's desired strategic goals.

“It is not the strongest or the most intelligent who will survive but those who can best manage change.” ― Leon C. Megginson, author of Small Business Management Though these words are often misattributed to Charles Darwin, Megginson’s concept of “survival of the fittest” is most applicable in this time of increased Cyber hostility. CMMC (Cybersecurity Maturity Model Certification) is a unified standard for cybersecurity across the defense industrial base. Maturity Levels 1 or 3 will be required for entities to continue doing business with the United States Department of Defense on some contracts as early as June 2021. Adopting Agile Audit practices will help Audit and Compliance teams effectively attain and maintain CMMC Maturity Levels. Most Internal Audit Teams currently follow a phased process that flows from Planning and Scoping to Fieldwork, Reporting, and then Follow-Up. This phased process results in a big batch of audit results dropped on stakeholders via a draft report for comments and a corrective action plan. The stakeholders then begin extensive work as detailed in the corrective action plan. Before CMMC became the effective standard, the “big batch approach” was acceptable; corrective action plans known as a Plan of Actions and Milestones (POA&Ms) were created to prioritize and monitor the progress of remedial efforts related to addressing security weaknesses over time. CMMC put an end to the POA&M for Department of Defense contractors because DOD audits revealed that the items documented in the POA&Ms were often never completed. Now, when a Certified Third-Party Assessor Organization (C3PAO) performs a CMMC audit, it is pass or fail. This all-or-nothing approach puts significantly more pressure on the Internal Audit Teams with the assistance of CMMC Registered Practitioners to identify these problems promptly. Any deficiencies found must then be addressed before the formal audit is performed by the C3PAO. For example, CMMC Maturity Level 1 has 6 Domains and 17 practices that the organization must perform consistently. All of the 17 Level 1 practices or 130 Level 3 practices that are found to have shortcomings must be addressed promptly before the C3PAO audit….or the contract award is at risk. Operations Management Teams and Agile Teams have shown time and time again that the more work that is in progress at any given time, on average, the longer all work will take to complete ( Little’s Law). Traditional Audit teams may have assigned as many auditors as they had available to an audit team. Each team would focus on a different set of the 17 practices, with very little feedback solicited from stakeholders until very late in the effort. Audit crossover is thus also likely to occur with traditional audit approaches. This is when a team of auditors working independently on separate test controls descend on an auditee/stakeholder all at once while performing their fieldwork. The result is to overwhelm the stakeholders, causing untimely and excessive interruptions from their day jobs. Minimizing interruptions is good for everyone and will reduce frustration with the process and business impact. Another problem with most traditional audit approaches is that due to audit crossover. Audit crossover may occur when a team of auditors working independently on separate test controls descend on an auditee/stakeholder while performing their fieldwork, which may overwhelm a stakeholder causing much frustration with the process. Typically the auditee views the audit as an interruption from their day job. Minimizing interruptions is good for everyone. Suppose that instead, an organization encourages teams of auditors to focus their work such that they complete a test control before another is started. In that case, they will be able to provide corrective action reports for each of the practices on an ongoing basis. This focus, enabled by limiting the team’s work in progress, will allow the organization to begin remediation before the entire audit is completed. The ability to begin remediation early on becomes even more critical as an organization achieves maturity levels 3, 4, or 5. My experience when providing Scrum training to internal auditors in banking and retail organizations was that these organizations didn’t embrace a collaborative team concept. For the most part, each auditor worked independently on fieldwork and reporting for specific controls with little collaboration with the other auditors.. If we agree that Internal Audit is a complex endeavor and Auditing Cybersecurity Compliance is even more so, would we still want to take the “big batch” approach of Scoping, Planning, Fieldwork, Closure, and Monitoring? Or would it make more sense to break the work into smaller parts to focus on one control at a time, embracing a collaborative team effort to focus on completing work on a control-by-control basis? Does this approach to audit and compliance sound interesting to you? Applied Professional Scrum is an excellent 2-day workshop that will help your audit teams understand the benefit of using the Scrum Framework to solve complex problems. Next month, I will be offering a new Applied Professional Scrum class, adding a third day focused on building an initial Product Backlog for a CMMC Maturity Level 1 Compliance effort. Contact me if you would like to learn more about using Professional Scrum to guide your compliance efforts! Read About the Details of Applying Professional Scrum for CMMC Compliance.