Your governance team - which may be called an oversight, audit, or control team/tribe/group/function - will monitor and guide teams throughout your organization. The goal is to enable them to succeed by removing or at least reducing any barriers that they may experience, to motivate them to do “the right thing” for your organization and your customers, and to ensure that they remain compliant with appropriate legal regulations and guidance. To accomplish this your governance team will:
- Coordinate organizational governance efforts. In short, someone needs to govern the governors to ensure that your architectural governance, financial governance, people management/human resource (HR) governance strategies, security governance, and others are consistent, coherent, and pragmatic.
- Identify mandatory regulations. Your governance team will work closely with Legal to identify applicable industry regulations. Note that regulations will vary by geographic territory and will evolve over time, so be prepared to do this work on an ongoing basis.
- Identify voluntary regulations. Your organization may choose to willingly adopt Capability Maturity Model Integration (CMMI) guidance and even some of the International Organization for Standardization (ISO) regulations due to marketing reasons. Many customer organizations will only do business with companies who are compliant with certain industry regulations, insisting that their vendors are ISO 9003 or CMMI-3 compliant for example.
- Facilitate the development of compliancy strategies. A key to the DA™ governance process blade is that your governance team actively collaborates with the target audience to evolve your enterprise guidance, it doesn’t dictate procedures from their ivory tower.
- Ensure regulatory compliancy. This should be kept as streamlined as possible. A significant portion of regulatory compliancy can often be automated, particularly in the software/IT realm. For example, automated regression testing often satisfies verification requirements; a combination of behavior-driven development (BDD) and test-driven development (TDD) provide traceability from requirements to design to code to tests; and continuous deployment (CD) strategies can provide evidence of separation of concerns.
- Educate people in compliance. An important enabler of compliance is the education and coaching of people so that they understand the compliancy strategy in the first place.
- Run internal audits. The control team will be responsible for running internal audits to ensure compliancy, the goal being to ensure that a value stream or even a corporate division will pass an external audit.