Your Control team, although some organizations adopt the Spotify term “control tribe”, will collaborate closely with Finance and Legal. The aim is to monitor and guide teams, enabling them to succeed by removing or at least reducing any barriers that they may experience. To accomplish this your control team will:

  1. Coordinate organizational governance efforts. In short, someone needs to govern the governors to ensure that your IT governance, Financial Governance, People Management/Human Resource (HR) Governance strategies, and others are consistent and coherent.
  2. Identify mandatory regulations. Your control tribe will work closely with Legal to identify applicable industry regulations. Note that regulations will vary by geographic territory and will evolve over time, so be prepared to do this work on an ongoing basis.
  3. Identify voluntary regulations. Your organization may choose to willingly adopt Capability Maturity Model Integration (CMMI) guidance and even some of the International Organization for Standardization (ISO) regulations due to marketing reasons. Many customer organizations will only do business with companies who are compliant with certain industry regulations, insisting that their vendors are ISO 9003 or CMMI-3 compliant for example. As an aside, the DA toolkit not only exceeds the advice called out in CMMIit provides a more pragmatic approach to process maturity in our opinion.
  4. Facilitate the development of compliancy strategies. A key to the Disciplined Agile Control process blade is that your control team actively collaborates with the target audience to evolve your enterprise guidance, it doesn’t dictate procedures from their ivory tower.
  5. Ensure regulatory compliancy. This should be kept as light-weight as possible. A significant portion of regulatory compliancy can often be automated. For example, automated regression testing often satisfies verification requirements; a combination of behavior-driven development (BDD) and test-driven development (TDD) provide traceability from requirements to design to code to tests; and continuous deployment (CD) strategies can provide evidence of separation of concerns. Or, use of agile tools such as Jile or Microsoft’s Azure DevOps can also provide similar traceability. An important enabler of compliance is the education and coaching of people so that they understand the compliancy strategy in the first place
  6. Run internal audits. The control team will be responsible for running internal audits to ensure compliancy, the goal being to ensure that a value stream or even a corporate division will pass an external audit.

Supporting Strategies

Many of the IT Governance strategies apply to Control:

  • Lead by example
  • Prefer motivation over command and control
  • Prefer enablement over audit
  • Communicate continuously
  • Streamline collaboration
  • Be transparent
  • Enable continuous improvement
  • Consider both the long and short term
  • Take a holistic approach

Additionally, the following strategies enable a Disciplined Agile approach to Control:

  1. Ensure personal safety and experimentation. Senior leadership needs to promote a “can do” and “no blame” culture where it is not only safe but highly desirable to learn via experimentation. Senior leadership should be there to help when things don’t work out and to celebrate the learnings from both successes and failures.
  2. Promote self-organizing teams. Senior leadership should push decision making authority down to the execution level, with teams being responsible for customer outcomes. An implication is that teams need fast access to resources and must be able to grow or shrink as needed, with senior leadership playing an enabling role in doing so. In a DAE, teams are not only allowed to self-organize they are pushed to do so. Leaders should challenge local strategies and plans, motivating teams to improve and excel and to ensure risks are properly considered.
  3. Prefer guidelines over edicts. Plans and procedures don’t hold organizations together, instead clear purpose and values do. People are not going to read detailed procedures, and even if they do it’s unlikely that they will follow them to the letter. With self-organizing teams leaders may fear that teams will get creative in some way and cause trouble, and to ease that fear you need to create clear and pragmatic guidelines within which people should operate.
  4. Create sandboxes. Sandboxesare safe places for people to play, that have clear and reasonable boundaries with which teams can operate [SenseRespond]. Because sandbox boundaries can be hard to anticipate you will find that teams will often stumble across a prohibition or another team’s boundary and will then have to work through what the boundaries and interfaces actually are.
  5. Mission command over rigid instructions. There is a style of military leadership called “mission command” that defines the operational goals that a team is to achieve and then puts as much responsibility and authority into the hands of the team as possible [Bungay]. Mission command is based on several principles: Do not command more than necessary, or plan beyond foreseeable circumstances; Communicate to every team as much of the higher intent as is necessary to achieve the purpose; and ensure that everyone retains freedom of decision within bounds (their sandboxes).
  6. Collect actionable metrics. A good metricprovides insight, it motivates you to change your behavior. If you don’t use a metric to improve or make better decisions then it is a vanity metric and therefore overhead [LeanAnalytics]. BUT, at the same time you can’t manage solely by the numbers. Instead use metrics to identify where you need to have conversations about what is(n’t) happening.
  7. Prefer real-time automated intelligence. Throughout this book we’ve discussed concepts such as development intelligence, operational intelligence, and IT intelligence. The real goal of course is business intelligence (BI) where you can quickly identify emerging trends, make predictions, and take prompt action in an informed manner. Effective BI can also provide an “early warning” strategy for identifying potential marketplace changes. Will you always get it right? No, but you will make better decisions more often than if you didn’t have BI. An important nuance is that the purpose of measurement is to reduce uncertainty, it isn’t to gain certainty.
  8. Measure customer outcomes. A DAE measures outcomes, not outputs because you cannot guide effectively without confronting the facts. Key performance indicators (KPIs) such as total customer profitability, cycle time, attrition, and market share are all outcome based. Because it is difficult to forecast accurately, your predictive KPIs should be quoted in ranges that reflect the uncertainty of the base data.
  9. Manage for throughput over utilization. As Tom DeMarco recommends in his book Slack, if you want to maximize the throughput of a team (and thereby reduce time to respond to opportunities) you need to have slack time built into the way that you work. When people are fully utilized they are more likely to become bottlenecks for the people they are supposed to collaborate with, and they have no capacity to quickly respond to a new opportunity when it arises. The principles are to Optimize Flow and Be Awesome, not Fully Utilize Staff and Be Busy.
  10. Transparency for everyone enables control. Allowing everyone to see the same information at the same time will enable people to ask the right questions and make the right decisions. This includes giving people access to strategic, competitive, and market information that would have only been available to executives in traditional organizations. How can keeping people ignorant be a good idea? Furthermore, keep numbers in their raw state – when you “fudge them” or modify them to look good you reduce the opportunity to have open and honest discussions about what is really going on. The good news is that when everyone sees the numbers at the same time there is little opportunity for people to fudge the numbers.
  11. Provide audit guidance to teams. People fear being audited, rightly or wrongly. Although audits can be a great learning opportunity for teams to identify where they’ve missed addressing important risks this is often overshadowed by the threat that they will get in trouble and may even be punished. A Disciplined Agile control team will provide pragmatic advice to teams about what they need to do to pass audits, ideally providing real-world examples of how teams passed audits within your organization in the past.
  12. Govern by exception. Executives should look for exceptions or unusual patterns and trends that might reflect changes in customer behavior or poor behavior on the part of teams.