Your governance team - which may be called an oversight, audit, or control team/tribe/group/function - will monitor and guide teams throughout your organization. The goal is to enable them to succeed by removing or at least reducing any barriers that they may experience, to motivate them to do “the right thing” for your organization and your customers, and to ensure that they remain compliant with appropriate legal regulations and guidance. To accomplish this your governance team will:
- Coordinate organizational governance efforts. In short, someone needs to govern the governors to ensure that your architectural governance, financial governance, people management/human resource (HR) governance strategies, security governance, and others are consistent, coherent, and pragmatic.
- Identify mandatory regulations. Your governance team will work closely with Legal to identify applicable industry regulations. Note that regulations will vary by geographic territory and will evolve over time, so be prepared to do this work on an ongoing basis.
- Identify voluntary regulations. Your organization may choose to willingly adopt Capability Maturity Model Integration (CMMI) guidance and even some of the International Organization for Standardization (ISO) regulations due to marketing reasons. Many customer organizations will only do business with companies who are compliant with certain industry regulations, insisting that their vendors are ISO 9003 or CMMI-3 compliant for example. As an aside, the Disciplined Agile (DA) tool kit not only exceeds the advice called out in CMMI it provides a more pragmatic approach to process maturity in our opinion.
- Facilitate the development of compliancy strategies. A key to the Disciplined Agile Control process blade is that your control team actively collaborates with the target audience to evolve your enterprise guidance, it doesn’t dictate procedures from their ivory tower.
- Ensure regulatory compliancy. This should be kept as streamlined as possible. A significant portion of regulatory compliancy can often be automated, particularly in the software/IT realm. For example, automated regression testing often satisfies verification requirements; a combination of behavior-driven development (BDD) and test-driven development (TDD) provide traceability from requirements to design to code to tests; and continuous deployment (CD) strategies can provide evidence of separation of concerns. Or, use of agile management tools such as Jile or Microsoft Teams can also provide similar traceability.
- Educate people in compliance. An important enabler of compliance is the education and coaching of people so that they understand the compliancy strategy in the first place
- Run internal audits. The control team will be responsible for running internal audits to ensure compliancy, the goal being to ensure that a value stream or even a corporate division will pass an external audit.
There are many common agile strategies that apply to governance:
- Lead by example
- Prefer motivation over command and control
- Prefer enablement over audit
- Communicate continuously
- Streamline collaboration
- Be transparent
- Enable continuous improvement
- Consider both the long and short term
- Take a holistic approach
Additionally, the following strategies enable a Disciplined Agile approach to governance:
- Ensure personal safety and experimentation. Senior leadership needs to promote a “can do” and “no blame” culture where it is not only safe but highly desirable to learn via experimentation. Senior leadership should be there to help when things don’t work out and to celebrate the learnings from both successes and failures. Create psychological safety and ensure diversity is an important promise of the DA Mindset.
- Promote self-organizing teams. Senior leadership should push decision making authority down to the execution level, with teams being responsible for customer outcomes. An implication is that teams need fast access to resources and must be able to grow or shrink as needed, with senior leadership playing an enabling role in doing so. In a DAE, teams are not only allowed to self-organize they are pushed to do so. Leaders should challenge local strategies and plans, motivating teams to improve and excel and to ensure risks are properly considered. Create semi-autonomous self-organizing teams is one of the guidelines of the DA Mindset.
- Prefer guidelines over edicts. Plans and procedures don’t hold organizations together, instead clear purpose and values do. People are not going to read detailed procedures, and even if they do it’s unlikely that they will follow them to the letter. With self-organizing teams, leaders may fear that teams will get creative in some way and cause trouble, and to ease that fear you need to create clear and pragmatic guidelines within which people should operate.
- Create sandboxes. Sandboxes are safe places for people to play, that have clear and reasonable boundaries with which teams can operate. Because sandbox boundaries can be hard to anticipate you will find that teams will often stumble across a prohibition or another team’s boundary and will then have to work through what the boundaries and interfaces actually are.
- Mission command over rigid instructions. There is a style of military leadership called “mission command” that defines the operational goals that a team is to achieve and then puts as much responsibility and authority into the hands of the team as possible. Mission command is based on several principles: Do not command more than necessary, or plan beyond foreseeable circumstances; Communicate to every team as much of the higher intent as is necessary to achieve the purpose; and ensure that everyone retains freedom of decision within bounds (their sandboxes).
- Collect actionable metrics. A good metric provides insight, it motivates you to change your behavior. If you don’t use a metric to improve or make better decisions then it is a vanity metric and therefore overhead. BUT, at the same time you can’t manage solely by the numbers. Instead use metrics to identify where you need to have conversations about what is(n’t) happening. Adopt measures to improve outcomes is a guideline of the DA Mindset.
- Prefer real-time automated intelligence. The real goal of course is business intelligence (BI) where you can quickly identify emerging trends, make predictions, and take prompt action in an informed manner. Effective BI can also provide an “early warning” strategy for identifying potential marketplace changes. Will you always get it right? No, but you will make better decisions more often than if you didn’t have BI. An important nuance is that the purpose of measurement is to reduce uncertainty, it isn’t to gain certainty.
- Measure customer outcomes. A DAE measures outcomes, not outputs because you cannot guide effectively without confronting the facts. Key performance indicators (KPIs) such as total customer profitability, cycle time, attrition, and market share are all outcome based. Because it is difficult to forecast accurately, your predictive KPIs should be quoted in ranges that reflect the uncertainty of the base data.
- Manage for throughput over utilization. As Tom DeMarco recommends in his book Slack, if you want to maximize the throughput of a team (and thereby reduce time to respond to opportunities) you need to have slack time built into the way that you work. When people are fully utilized they are more likely to become bottlenecks for the people they are supposed to collaborate with, and they have no capacity to quickly respond to a new opportunity when it arises. The principles are to Optimize Flow and Be Awesome, not Fully Utilize Staff and Be Busy.
- Transparency for everyone enables control. Allowing everyone to see the same information at the same time will enable people to ask the right questions and make the right decisions. This includes giving people access to strategic, competitive, and market information that would have only been available to executives in traditional organizations. How can keeping people ignorant be a good idea? Furthermore, keep numbers in their raw state – when you “fudge them” or modify them to look good you reduce the opportunity to have open and honest discussions about what is really going on. The good news is that when everyone sees the numbers at the same time there is little opportunity for people to fudge the numbers. Make all work and workflow visible is a principle of the DA Mindset.
- Provide audit guidance to teams. People fear being audited, rightly or wrongly. Although audits can be a great learning opportunity for teams to identify where they’ve missed addressing important risks this is often overshadowed by the threat that they will get in trouble and may even be punished. A Disciplined Agile governance team will provide pragmatic advice to teams about what they need to do to pass audits, ideally providing real-world examples of how teams passed audits within your organization in the past.
- Govern by exception. Executives should look for exceptions or unusual patterns and trends that might reflect changes in customer behavior or poor behavior on the part of teams.