Assurance and Agile — two words not commonly seen together, and for good reason. The early and iterative delivery of product increments using Agile, constantly reviewed and inspected, provides vastly more oversight than any traditional assurance approach could ever hope to achieve. Inspection and Adaptation is at the heart of Agile and ensures the myth that Agile is about cutting corners on quality, is just that — a myth. There is no place shoddy work can hide in an agile approach — a focus on transparency ensures that.
保证和敏捷-这是不常见的两个词，这是有充分理由的。 不断审查和检查的，使用敏捷的产品增量的早期和迭代交付，提供了比任何传统保证方法都无法实现的更大的监督。 检查和调整是敏捷的核心，并确保了关于敏捷是在质量上偷偷摸摸的神话，那就是神话。 伪劣的工作无法以敏捷的方法掩盖-对透明度的关注确保了这一点。
So what’s the problem?
Organisational assurance processes typically mirror their traditional delivery counterparts, namely that are gated and sequential. However, whilst Agile’s inbuilt inspection processes are a step change over traditional assurance approaches, a number of problems remain:
- They don’t provide an out of the box approach for independently (outside) technical review of the deliverables or the processes, 他们没有提供开箱即用的方法来对可交付成果或流程进行独立(外部)技术审查，
- Many company’s traditional “tried and tested” assurance processes have yet to catchup or full acknowledge that Agile has arrived, even though the application of the approach is now mainstream and has been for at least a decade. 尽管该方法的应用现在已经成为主流并且已经使用了至少十年，但许多公司的传统“经过验证的”保证流程仍未赶上或完全承认敏捷已经到来。
In some business domains the above are significant concerns, for example where there are Safety or Regulatory considerations. Notwithstanding outside requirements, an independent review culture is widely considered highly desirable for a range of important reasons, including:
- Ensuring corporate knowledge of previously learned lessons are applied 确保应用先前学习的课程的企业知识
- Removing group bias that can get baked into a team 消除可能会融入团队的团队偏见
- Spreading knowledge 传播知识
- Wider cultural benefits (e.g. developing more junior staff, promoting technical excellence, fostering curiosity etc). 广泛的文化利益(例如，培养更多的下级人员，促进技术卓越，培养好奇心等)。
Approaches to assuring traditional delivery and Agile have to be different. The premise of assurance in a traditional world is typically based on phase gates and/or product maturity. Both present problems for Agile:
确保传统交付和敏捷的方法必须有所不同。 在传统世界中，保证的前提通常是基于相位门和/或产品成熟度。 两者都给敏捷带来了问题：
Phase Gates — the concept of phases/stages is central to traditional development lifecycles, and enshrines the key issue with traditional approaches, namely they result in right shifting of feedback and risk. They also bake in inflexibility and they create a culture where learning and rework is considered negatively (assurance events are to be feared). Furthermore, they foster a lack of transparency and in many cases a lack of honesty. For these reasons, utilising phase gates for Agile would not be a good direction to take and would be counter productive
阶段门 -阶段/阶段的概念是传统开发生命周期的核心，并包含了传统方法的关键问题，即它们导致反馈和风险的正确转移。 他们还忍受了僵化，并创造了一种文化，在这种文化中学习和返工被否定了(要担心会有保证事件发生)。 此外，它们导致缺乏透明度，在许多情况下还缺乏诚实。 由于这些原因，将相位门用于敏捷不是一个好的方向，并且会适得其反
Product Maturity — Product maturity often gets confused with Phase Gates, but there is an important distinction which is best illustrated by an example. A team may only ever aim to deliver a product that is of low maturity e.g. a prototype. The level of assurance therefore is not so much around phases/stages, rather it is tailored to the expectations around the deliverable. You would not expect a model of a rocket to carry the same level of assurance, as the real thing. The main challenges with product maturity based assurance in Agile is twofold. Firstly, the pace that Agile works (measured in weeks), and secondly that many Agile teams now service multiple products — operating more in a software as a service model — think ITIL rather than Prince2.
产品成熟度 -产品成熟度经常与相门混淆，但是有一个重要的区别，最好通过一个例子来说明。 团队可能只打算交付成熟度较低的产品，例如原型。 因此，保证水平不是围绕阶段/阶段而是如此，而是针对可交付成果的期望量身定制的。 您不会期望火箭模型具有与真实事物相同的保证水平。 敏捷中基于产品成熟度的保证的主要挑战是双重的。 首先，敏捷工作的步伐(以周为单位)，其次，许多敏捷团队现在服务于多种产品(在软件即服务模型中运行更多)，他们认为ITIL而不是Prince2。
In my experience, traditional assurance processes frequently struggled to keep pace with agile delivery, or simply don’t deliver value to the teams leading to a value disconnect between the two systems. Without all parties seeing the benefits of assurance, the true value of it can never be attained.
Don’t forget Complexity
The pride company’s take in their assurance processes has always been something of a mystery to me. Whilst companies often see them as differentiators, the reality is that the key business value doesn’t come from the assurance process, rather it comes from the skill and expertise of the assurers/reviewers and having receptive receivers for the advice. The focus of assurance should be to add value, but frequently the emphasis seems more focused on providing a superficial due dilgience excuse for middle management.
这家骄傲的公司在他们的保证程序中采取的态度对我一直都是个谜。 尽管公司通常将它们视为差异化因素，但现实情况是，关键的业务价值并非来自保证流程，而是来自于保证人/审查者的技能和专长，以及能够接受建议的接受者。 保证的重点应该是增加价值，但是通常重点似乎更多地集中在为中层管理人员提供表面的尽职调查借口。
Many coorporate assurance regimes are backed with cavanas and carefully crafted manuals and handbooks, complemented with checklists to simply things. There is clearly some value in these (e.g. as demonstrated by the WHO medical checklist (ref 1)), but in software assurance I suspect less than you might imagine. The reason for this is that Agile is popular in environments which have high degrees of uncertainty and variability. Dave Snowden’s Cynefin (ref 2) describes these domains as “Complex” and this is the domain of emergent practice. Novelty and flexibility of delivery is often the differentiator, therefore applying a rigid checklist just results in many considerations being recorded as not applicable (n/a) with massive checklists that cover every possible delivery scenario.
许多公司保证制度都以卡瓦纳，精心制作的手册和手册为后盾，并附有简单清单。 这些显然有一些价值(例如，世卫组织医疗检查表(参考资料1)所证明的)，但是在软件保证方面，我怀疑的程度比您想象的要少。 原因是敏捷在具有高度不确定性和可变性的环境中流行。 Dave Snowden的Cynefin(参考文献2)将这些领域描述为“复杂”，这是紧急实践的领域。 交付的新颖性和灵活性通常是与众不同的，因此，应用严格的检查表只会导致许多考虑事项被记录为不适用(n / a)，而大量检查表涵盖了所有可能的交付情况。
This is also ignoring the obvious fact that the products themselves could have very different considerations dependent on the market they exist in. For example, assuring a medical device is likely to require a very different set of expertise than assuring an aviation product. This takes us full circle back to the real assurance asset, namely “Individuals (reviewers — suitably qualified, experienced and knowledgable) and interactions (between the reviewers and the delivery teams), over processes and tools”. Sounds familiar? If should, as it is the first line from the Agile manifesto.
这也忽略了显而易见的事实，即产品本身取决于其所处的市场而可能具有非常不同的考虑因素。例如，确保医疗设备可能需要与保证航空产品不同的专业知识。 这使我们将整个圈子带回到了真正的保证资产，即“ 在流程和工具上的个人(审阅者-具有适当的资格，经验和知识)和互动(审阅者与交付团队之间) ”。 听起来很熟悉？ 如果应该的话，因为这是敏捷宣言的第一行。
Agile Assurance Requirements
There are three key considerations around understanding the success of Agile deliveries:
- The success of Agile is heavily dependent on having appropriately skilled, empowered and motivated teams. Team’s will have micro cultures, and these cultures will be heavily influenced by the wider environment, 敏捷的成功在很大程度上取决于拥有适当技能，能力和动力的团队。 团队将具有微观文化，而这些文化将受到更广泛环境的严重影响，
- Iterative (Agile) process are by their nature, highly repetitive and repeatable, but they must retain the ability to be adaptive — so change should be expected. It is distinctly unagile to prevent process adaptations (including sometimes quite radical ones). There is value in assuring that customisation/optimisation of working practices is taking place, 迭代(敏捷)过程本质上具有高度重复性和可重复性，但它们必须保留自适应能力，因此应该期待变化。 阻止流程调整(有时包括非常激进的调整)显然是不灵活的。 确保对工作实践进行定制/优化是有价值的，
- The products being delivered by an Agile team are highly predicated on interactions between the development team and the product owner, and the context that they are operating in. 敏捷团队交付的产品高度依赖于开发团队与产品所有者之间的互动以及他们所处的环境。
What does this tell us about assurance of agile deliveries? Well, the key conclusion is that we need a multi-pronged approach:
Requirement 1 — We need to understand the health of the team and the environment within which it operates— the best teams will proactively do this, but a team health check is likely to be a key leading indicator of how well things are going
Requirement 2 — With a healthy team, we need to check that the deliver processes are suitably robust and free to inspect and adapt to meet the delivery challenges. Processes should be empirical.
要求2 –在一个健康的团队中，我们需要检查交付过程是否适当健壮，可以自由检查和适应交付挑战。 过程应该是经验性的。
Requirement 3 — As context is critical in understanding the products being delivered by an Agile team, any independent assurance of them has to be seen as delivering domain specific high value insights. This value has to be recognised by the wider team including the business stakeholders (e.g. the product owner) and utilise the standard mechanism for work prioritisation (e.g. the backlog)
要求3 –由于上下文对于理解敏捷团队交付的产品至关重要，因此，对它们的任何独立保证都必须视为交付特定领域的高价值见解。 包括业务利益相关者(例如产品所有者)在内的更广泛的团队必须认识到这一价值，并利用标准机制确定工作优先级(例如积压)
Delivering Requirement 1 — Health check
Team Health is a relatively simple thing to gauge (there are numerous health check tools on the market — although many also stray into Requirement 2); a competent Scrum Master should be able to provide evidence of this. However, a mature organisational culture of respect and trust will be required if actually team health results are to be more widely shared and made transparent across a large organisation.
团队健康状况的衡量相对简单(市场上有很多健康状况检查工具，尽管许多也误入了要求2)； 胜任的Scrum Master应该能够提供证据。 但是，如果要在整个大型组织中更广泛地共享团队健康成果并使其透明化，就需要一种成熟的尊重和信任的组织文化。
Delivering Requirement 2 — Applying an Agile Framework/Approach
Armed with the output of the health check. checking that an agile mindset and processes are being utilised is also straightforward activity. Subject matter knowledge of Agile is required, but knowledge of the delivery domain is not. Independent assurance is likely to take the form of conversations with Scrum Masters (who themselves act as a kind of independent agile assurance capacity), observing key events, and looking at evidence such as retrospective write ups, metrics etc. Also, checking DevOps style metrics around things such as cycle time will shine a light on how much automation has been embraced. Agile Coaching functions are typically effective at providing this assurance capability.
具备运行状况检查的输出。 检查是否正在使用敏捷的思维方式和流程也是很简单的活动。 要求具备敏捷知识，但是不需要有关交付领域的知识。 独立保证很可能采取与Scrum Masters对话的形式(Scrum Master本身是一种独立的敏捷保证能力)，观察关键事件，并查看诸如追溯记录，指标等证据。此外，还要检查DevOps风格指标诸如周期时间之类的事情将使人们了解已经接受了多少自动化。 敏捷教练功能通常可以有效地提供这种保证能力。
Delivering Requirement 3 — Advise on the Product
Having assured the environment and the processes, the job of assuring the products being produced, should be straightforward. Reflecting an iterative process, the Scaled Agile Framework recommends this is done at regular intervals — in the case of SAFe at the end of the Program Increment (ref 3). Whilst this synchronisation point is unique to SAFe, all Agile methods operate to a very predicable cadence. Therefore slotting in a reoccurring assurance review every n-sprint is a simple scheduling problem — much simpler to accomplish than in the much more chaotic and unpredictable world of traditional sequential (waterfall) deliveries.
在确保环境和过程之后，确保所生产产品的工作应该很简单。 反映迭代过程，可伸缩敏捷框架建议以固定的时间间隔执行此操作-对于SAFe，在程序增量末尾(参考3)。 尽管此同步点是SAFe特有的，但所有敏捷方法的运行步调都非常可预测。 因此，每隔n次冲刺进行一次重复的保证书审查是一个简单的调度问题—与在传统的顺序(瀑布式)交付方式更加混乱和不可预测的世界中相比，要容易得多。
The frequency of the assurance events will need to take into account:
- the batch size of what will be reviewed (too much content to review may result in more shallow assurance), together with 将要审核的内容的批次大小(要审核的内容太多可能会导致更浅的保证)，以及
- the implications of delayed feedback (will it be practical to address certain comments if “too much water has gone under the bridge”). 延迟反馈的含义(如果“桥下流了太多水”，对某些评论进行实践是否可行)？
Critically, the value and frequency of assurance events is also likely to be governed by a number of other important factors. A quick prototype with limited quality aspirations may never fully benefit from independent assurance, where as a safety critical medical device deserves much more oversight.
However, this grossly simplifies the number of relevant factors to consider. The criticality of a product may also be influenced by how much money is being invested in it (e.g. it could be make or break for an organisation), it could be that the regulatory environment the product is operating in has some harsh sanctions for failure, or it could simply be that the risk to reputation or relationships is too great for an organisation to jeopardise. Politics and money are important considerations. Alistair Cockburn, an Agile Manifesto signatory, recognised this an in his Crystal framework in which he presented a tailored set of processes based using what he described as “Criticality” (ref 4).
但是，这大大简化了要考虑的相关因素的数量。 产品的关键性还可能受其投入多少资金的影响(例如，某个组织的成败可能)，可能是该产品所处的法规环境对失败采取了严厉的制裁措施，或仅仅是声誉或人际关系面临的风险太大，以致组织无法危及。 政治和金钱是重要的考虑因素。 敏捷宣言的签署人Alistair Cockburn在他的Crystal框架中认识到了这一点，在该框架中，他根据自己所说的“关键性”(见参考文献4)提出了一套量身定制的过程。
Therefore, to get value from product assurance, careful upfront assessment is required to establish who would be appropriate assurers (reviewers — suitably qualified, experienced and knowledgable) and how frequent these assurance events should be. Traditionally assurance functions have been good at the latter, but poor at the former.
因此，为了从产品保证中获得价值，需要进行仔细的前期评估，以确定谁将是合适的保证人( 审阅者-适当的资格，经验和知识渊博 ) 以及这些保证事件应该多久一次。 传统上 保证职能在后者方面是好的，但在前者方面却很差。
The ultimate destination
With the above being said, I see assurance, even as described above as a sticking plaster for ubiquitous corporate failings. These failing are a lack of curiosity within the organisation and its workforce, and a suboptimal ability to share experience and knowledge. In a utopian world, teams would have easy access to experts to advise them, and teams would have the thirst for feedback by engaging experts at appropriate points in time. In this utopian would, assurers would be proactive, and armed with a highly transparent organisation, would sprinkle their magic where it delivered most value. Communities of practice would organically emerge and develop/offer guidance on best practice to teams.
综上所述，即使如上所述，我也可以确信，这是无处不在的公司倒闭的症结所在。 这些失败是由于组织及其员工缺乏好奇心，以及分享经验和知识的能力不足。 在一个乌托邦式的世界中，团队将很容易获得专家的意见，而团队也希望通过在适当的时间与专家互动来获得反馈。 在这种乌托邦式的氛围中，保证者将积极进取，并拥有高度透明的组织，将他们的魔力撒在能带来最大价值的地方。 实践社区将有机地出现，并为团队制定/提供最佳实践指导。
This utopian view aligns with Teal organisational design (ref 5), which would be considered a novel concept and an unrealistic end state for most current executives. Hierarchies, politics, self interest, economics, compounded by limitations on human social networks (Dunbar’s number — ref 6) ensure that progress towards that level of empowerment is slow at best. For the time being, we must operate in a hybrid world — a world where Agile and traditional organisational design has to work together. Assurance is only one cross cutting concern, but an important one. Assurance in an Agile world is not as difficult or as challenging as many seem to believe it is — and tracking team health and nuturing an Agile Coaching function are on the path to become a more dynamic organisations.
这种乌托邦式的观点与蒂尔组织的设计相吻合(参考文献5)，对于大多数现任高管来说，这被认为是一个新颖的概念和不现实的最终状态。 等级制度，政治，个人利益，经济学以及人类社会网络的限制(Dunbar的数字—参考文献6)加在一起，确保在实现这一授权水平方面的进展充其量是缓慢的。 暂时，我们必须在一个混合世界中运作-在这个世界中，敏捷和传统组织设计必须协同工作。 保证只是一个跨领域的关注，而是重要的。 敏捷世界中的保证并不像许多人所认为的那样困难或具有挑战性，并且跟踪团队的健康状况并培养敏捷教练职能正在成为一个更具活力的组织。
In most respects Agile makes assurance much simpler and predicable. But to get value from assurance processes in the modern world, we must refresh our approach and shake off the last remaining vestiges of traditional delivery thinking. At the very least, we must consign the notion of phase gates to history.
在大多数方面，敏捷使保证更加简单和可预测。 但是，要从现代保证流程中获取价值，我们必须更新方法，摆脱传统交付思想的最后遗留痕迹。 至少，我们必须将相位门的概念赋予历史。
References/Follow on reading: