Agile Methods as a Risk Management Strategy Tool - A Fintech Case Study

FinTech companies are subjected to same regulations than traditional financial organisations but due to their novelty, these organisations can experiment with unorthodox ways to strategically manage software development risk and ensure compliance with the regulations of the financial industry. Our case study presents an example of an Australian FinTech organisation, which has successfully applied Extreme Programming method as their company-wide risk management strategy tool. The Agile methods application encompasses the different layers of risk management; method, people and process. This study discusses how Agile development method practices are utilised to respond to risks and to ensure compliance. The case organisation is shown to address both the regulatory requirements as well as fulfil the bases for risk management approach and tailoring frameworks proposed in the literature. Finally, we present a theory of strategic risk management via Agile methods. This theory illustrates how method application influences other aspects of strategic risk management.

[1]  Klaas-Jan Stol,et al.  Scaling agile methods to regulated environments: An industry case study , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[2]  van Theo Dellen,et al.  Strategic Human Resource Development , 2003 .

[3]  Nicholas Berente,et al.  Pair Programming vs. Solo Programming: What Do We Know After 15 Years of Research? , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[4]  S. Morling,et al.  The Australian economy and the global downturn, Part 1: Reasons for resilience , 2011 .

[5]  Alistair Cockburn,et al.  Agile Software Development: The Business of Innovation , 2001, Computer.

[6]  Barney Tan,et al.  Nurturing a FinTech ecosystem: The case of a youth microloan startup in China , 2017, Int. J. Inf. Manag..

[7]  Alberto Sillitti,et al.  Pair Programming and Software Defects - An Industrial Case Study , 2011, XP.

[8]  Kalle Lyytinen,et al.  Components of Software Development Risk: How to Address Them? A Project Manager Survey , 2000, IEEE Trans. Software Eng..

[9]  Michael Hüttermann DevOps for Developers , 2012, Apress.

[10]  Geoff Walsham,et al.  Interpretive case studies in IS research: nature and method , 1995 .

[11]  Barry W. Boehm,et al.  A spiral model of software development and enhancement , 1986, Computer.

[12]  Anurag Sharma Professional as Agent: Knowledge Asymmetry in Agency Exchange , 1997 .

[13]  Lars Mathiassen,et al.  Managing Risk in Software Process Improvement: An Action Research Approach , 2004, MIS Q..

[14]  Kalle Lyytinen,et al.  Attention Shaping and Software Risk - A Categorical Analysis of Four Classical Risk Management Approaches , 1998, Inf. Syst. Res..

[15]  Tamara Dinev,et al.  Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[16]  Kent L. Beck,et al.  Embracing Change with Extreme Programming , 1999, Computer.

[17]  Ye Guo,et al.  Blockchain application and outlook in the banking industry , 2016, Financial Innovation.

[18]  J. Barberis,et al.  The FINTECH Book: The Financial Technology Handbook for Investors, Entrepreneurs and Visionaries , 2016 .

[19]  Suzanne Rivard,et al.  Toward an Assessment of Software Development Risk , 1993, J. Manag. Inf. Syst..

[20]  Geoff Walsham,et al.  Doing interpretive research , 2006, Eur. J. Inf. Syst..

[21]  Jez Humble,et al.  Continuous Delivery: Reliable Software Releases Through Build, Test, and Deployment Automation , 2010 .

[22]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[23]  Laurie Williams,et al.  The costs and benefits of pair programming , 2001 .

[24]  Eun-Mi Park,et al.  A Study on Financing Security for Smartphones Using Text Mining , 2018, Wirel. Pers. Commun..

[25]  Thomas Puschmann Fintech , 2017, Bus. Inf. Syst. Eng..

[26]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[27]  Scott E. Donaldson,et al.  Successful Software Development , 2001 .

[28]  Edgar R. Weippl,et al.  A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC) , 2010, Communications and Multimedia Security.

[29]  Fergal McCaffery,et al.  Barriers to Adopting Agile Practices When Developing Medical Device Software , 2012, SPICE.

[30]  Milen Ivanov,et al.  IT project management control and the Control Objectives for IT and related Technology (CobiT) framework , 2011 .

[31]  Jan Jürjens,et al.  Information security management and the human aspect in organizations , 2017, Inf. Comput. Secur..

[32]  Imran Gulamhuseinwala,et al.  FinTech is Gaining Traction and Young, High-Income Users are the Early Adopters , 2015 .

[33]  A. Strauss,et al.  Basics of qualitative research: Grounded theory procedures and techniques. , 1993 .

[34]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..