Abstract: In order for a system to be effective, the needs of everyone involved need to be met. There are two key needs that are not met by most Agile Transformations. The needs of an executive to demonstrate control to regulatory bodies and shareholders, and the needs of Audit and Assurance to demonstrate that investments are "Safe to Fail". Come to this interactive experience report where we will describe our journey introducing an agile IT Risk Management Framework to one of the oldest and largest banks in the world. The experience report includes two training sessions we use to explain the why and the how of the IT Risk Management Framework.
When we started our journey, everyone expected us to implement a process framework like SAFe, LESS or DAD. Instead we implemented an agile IT Risk Management Framework that allows the most appropriate process frameworks to be adopted for the right context in such large organisations.
In this session, we will explain:
1. What is an IT Risk Management Framework.
2. How it was implemented in Organisation Wide Policy in a traditional bank.
3. Our experience rolling it out across twenty thousand people.
4. The feedback so far
5. Why an IT Risk Management Framework helps with Cultural Change.
6. Your next steps to implementing an IT Risk Management Framework of your own.
Learning Outcomes: - You will learn why and how to implement an agile IT Risk Management Framework. We will focus on the details that are useful to practitioners but boring for people keen to sell agile. Learn how we sold the Framework to Executives. Learn how we alleviated the fears of colleagues. Learn how we developed the skills of colleagues in Assurance and Audit. Learn how to convert risk averse process frameworks into liberating risk management frameworks.
Attachments:
