To be effective at governance, we embrace these philosophies:
- Holistic governance. You want to enable lean, appropriate governance across all aspects of your organization. Rather than addressing individual functional governance areas, such as security governance, data governance, financial governance, and others separately you instead want to address them holistically. When you address governance areas separately the individual governance strategies may be inconsistent and at odds with one another and they very often prove to be overly burdensome in total. Furthermore, the way that you govern an individual team or group must reflect their way of working (WoW) – an agile team should be governed in an agile manner, a serial team in a serial manner, and so on.
- Short- and long-term balance. Governance must balance short-term needs of enabling teams to achieve their outcomes with the long-term strategy of growing, enhancing, and protecting your organization.
- Protect the organization. An important aim of governance is to keep your organization safe, to address enterprise risks effectively.
- Motivation over management. Many of the people working for your organization are intellectual or highly-skilled workers, and as such generally don’t respond well to being told what to do. But they can be motivated, and once motivated will actively work on what they’ve been motivated to do. An aim of lean governance is to motivate people to do the “right thing”. One way to do this is to communicate very clearly what your organization is trying to achieve. Another way to motivate people is to ask tough questions such as: What value is there in doing that? What can we do to increase value? How can we eliminate waste in what we’re doing? and What will we learn by doing that?
- Enablement over audit. Psychology shows that people, when given the choice, will usually take the easy path. This tells us that if we want people to do something, or to work in a given manner, then if we make it very easy to do so then they likely will. For example, if you want software developers to follow common coding conventions then provide easy to understand and straightforward guidelines. Better yet, provide code analysis tools that they can include in the continuous integration (CI) tooling that provides feedback that they can act on. The traditional approach would be to rely on code inspections or code audits to ensure that conventions were being followed. This approach is not onerous and thus less likely to be followed. Yes, you may still need to run the occasional audit, particularly when you’re working in a regulatory environment, but you should do so only as a last resort.
- Govern by risk, not by artifacts. Traditional governance often focuses on the review of common artifacts such as documents and plans. Because it is relatively easy for teams to create the artifacts that you want to see, in practice there is very little governance value in reviewing these artifacts. Disciplined Agile governance instead focuses on addressing common risks such as ensuring there is an agreed to vision for what the team should accomplish, that their strategy has been proven to be viable early in the lifecycle, and that the team has produced sufficient business value for their stakeholders.
- Trust but verify. Agile is based on trust, but you still need to verify that the right thing is happening within your organization. Verification is enabled via radical transparency, which is the result of the DA™ mindset promise “Make all work and workflow visible.”
- Enable continual improvement. Agile enterprises are learning organizations that actively seek to improve on a continual basis. Your governance strategy must enable this, rewarding teams for experimenting (even when those experiments “fail”) and for improving, and potentially punishing those teams that don’t. If you’re not continually improving you’re actually falling behind.
- Automate, automate, automate. Modern tools generate data, lots of data. This data can be leveraged to provide visibility into the work and workflow of your teams, enabling more effective monitoring. Artificial intelligence (AI) technologies can also be deployed to assist your governance activities.