In order to reduce operational risks, organizations put in CONTROLS, typically via Change Management processes. The outputs typically feed into the compliance/audit personnel needs, and satisfy them, but the legacy audit mindset CONFLICTS with the DevOps team mindset.
Therefore to minimize this friction, see my #1 tip in this post on how to work with the change management processes, and teams. I will be sharing more tips in my next posts.
TIP #1 – TALK to your Audit/Compliance team
-
ASK – Why does your audit team need the Change information?
-
ASK – What will they do with the Change information?
-
ASK – What level of granularity of data about the Change is required?
-
ASK – Are there alternate sources of the same Change data?
-
ASK – When do they need this Change information?
Speaking the same language (audit-speak) and asking them questions, will give you as an IT team a better understanding of the Audit/Compliance process. You may be surprised by the technical nature of the various ACTS (Financial \ Healthcare etc.) and start to appreciate them even.
So just go ahead and START a conversation with your Audit/Compliance team members now, and you might be pleasantly surprised.
Subscribe for more tips in my next post, and feel free to share your feedback here.