Enabling Agile Governance in your organisation

We are in the age of digital disruption, where a growing number of digital start-up businesses can be run from anywhere in the world. In today’s technology landscape, businesses have the ability to access a large number of potential customers, but with that advantage now available to all, the competition has evolved in other ways. The need to be more Agile and Lean in how we go from an idea to delivering value to our customers has become imperative for business survival. The high failure rate plaguing IT projects over the last few decades, has resulted in the implementation of heavy handed governance controls in many large organisations. Governance controls which have been embedded for some time can slow down an organisations ability to respond quickly, resulting in the need to exhilarate delivery and eliminate waste.

On the other hand, Agile is often mistaken with an opportunity for convenient shortcuts and the existing governance functions cringe when they hear these frameworks are going to be used. This is not the case. Agile actually works best when processes and rituals are clearly defined and transparent to everyone. Governance for projects requires defined structure, ways of working, processes and systems. Done well, it is a well-run system with the ability to scale up and down to adapt quickly to an organisation’s needs and environment. It is about defining the fastest route that brings the most value. By focusing on the things that need to go right, we apply an Agile lens on governance and how we manage risks of a project.

Below are a few principles and ways of working that can enable Agile Governance:

  1. Governance needs to focus more on ‘what must go right’ instead of ‘what can go wrong’

The reality is, no matter how many scenarios you think could go wrong, you can’t predict the future. There are always last minute surprises no one thought about. By going through the process of engaging every business unit to understand what can possibly go wrong, it significantly slows down the time it takes to deliver and takes the focus away of the critical things that need to go right.

For Agile governance, the focus needs to shift from ‘what can go wrong’ to ‘what must go right’. For this solution to be successful, for us to not break any legal and regulatory guidelines, what MUST the project do? By adopting this mindset you are focusing on the key areas where risk is higher, and not spending time on risks which may never eventuate, freeing up time to spend time with the stakeholders that are actually critical for the success of the project.

waterfallTraditional Governance

Traditional governance often tries to solve all problems up-front, looking at any possible scenario that could go wrong. Reality is, anything could go wrong, leading to a lot of time spent in areas that may not be critical and trying to convince that it will succeed.

agileAgile Governance

Think first ‘what must go right’ and who to engage. Narrow down the group you speak to and the thinking. Apply a minimum viable product mindset on governance, engage the people in the core areas where it is critical to succeed.

  1. A risk based lens to governance that is iterative, transparent and ongoing.

Risk management is often undervalued – it’s more than just a risk register. Reliance on monthly reporting of risks and issues often result in overwhelming effort for governance reporting to escalate risks and issues. In fact, risk awareness should be embedded in every meeting and every conversation. Once again, while keeping in mind the approach of what must go right, it is about understanding the impact a change will have on the business (delivered risk) and the risks that could impact on the  successful delivery of a  project (delivery risk).

For an Agile governance approach, why not display them on the project board next to your tasks? Through daily stand-ups you can call out any influencing factors; raise them early and consistently track their status. This ensures you are managing risks on a daily basis, can learn fast, and rectify any challenges as you go. This way of working can replace heavy status reports and lengthy status meetings. Keep in mind that not everyone will be able to attend every stand-up. This means it is important to work with key stakeholders to understand what they want to see to be able to make the right decisions. Make sure that the relevant information to help them make the right decision is easily accessible, for example on your walls, both physical and electronic (e.g. Kanban boards). This means that stakeholders can walk past at any time and see how the project is tracking. By having a level of consistency in the ways of working between teams, this also makes it easier for your stakeholders to read and interpret.

Team members hold frequent showcases to demonstrate the viability of the solution and gather feedback early. Sprint and release retrospectives are a great mechanism to share experiences and learnings from the last iteration. Empower like-minded staff to share knowledge and learnings through forums, such as Communities of Practice or Centres of Excellence.

waterfallTraditional Governance

Detailed planning too early based on not validated assumptions could lead to additional or bigger risks later on. Stage gates are a critical mechanism to monitor progress of a project, however, if risk management is left too late risks may turn into issues by the time we finally report them.

Learnings are often pushed to the end through a Post Implementation Review (PIR), too late and therefore too expensive for a project to change or respond.


agileAgile Governance

Visualisation of risks and a daily routine to manage risks closer to enable a more continuous process. This ensures transparency embedded within the daily ways of working, rather than relying on heavy governance reporting and preparation for additional meetings, which also includes steering committee meetings as the key channel to communicate risks.

Learnings are brought forward to the end of every sprint or release allowing for issues to be fixed as they are identified to enable continuous learning and feedback, regular knowledge sharing by empowered people; they are the ones enacting to make the change.

  1. It is not black or white; an agile approach to governance is tailored to an organisation.

It is important to understand the organisation you work for. This includes the strategy, environment, market opportunities, and customer needs. It also includes the standards, legislation, safety and other codes which apply to your organisation. An organisation needs to find a balance between the level of flexibility and standardisation that works for their business as it’s not a cookie cutter approach. For example Agile governance at a Mining company may look very different to that of a Telecommunications business. This is because of the level of compliance, standards and risks involved based on the nature of the business.

For an Agile governance approach to work, it is important to define the minimum standards for quality and consistency to make processes repeatable, faster and better. This includes a clear understanding of what success looks like (what must go right) and ensuring this is reflected through your acceptance criteria and “definition of done”. Defining this in an efficient way, requires to have the right people with the knowledge, ownership and accountability to make decisions on behalf of the business and the project involved, for example through an embedded cross-functional team.

An example of the decisions this team would make, might be around the level of accuracy required for an MVP (how soon can we get something to market or in production). A Telco may have a much higher acceptable level of risk when it comes to reporting functionality being produced manually as an MVP, given the outcome may be customers usage reporting is not monitored real time. However for a mining organisation, manual reporting functionality may not be an acceptable risk as it may mean significant impacts to real time operational functions such as shipping capacity. A way to embed this tailored level of governance in a lean way is to consider embedding quality criteria (or acceptance criteria) based on the risk tolerance level of your organisation. Agree and discuss upfront in context to your organisation “What must go right” and ensure this is met when accepting work as done.

waterfallTraditional Governance

Often a heavily dependency based escalation and reporting hierarchy leading to even the smallest decisions being made by a governance group which are not involved with the teams day to day.

Time spent and invested evaluating every eventuality which may go wrong with the solution resulting in legal and regulatory impacts.

agileAgile Governance

Self-sufficient teams with the right knowledge and authority about their organisation on the acceptable level of risks. These are specialists embedded within the day to day team who consider this in their approach and everything they do.

Time only invested considering what must go right for the solution to be effective and meet all legal, regulatory requirements.


  1. Automate risk orientated activities to get rid of the root cause.

Finally, one of the most effective approaches to Agile governance, is to reduce the number of risks you have. This doesn’t mean more governance to monitor and track the risks. This means removing the chance for this risk to occur in the first place. Ways to achieve this include automation of simple and repetitive processes. Particularly those which are high risk but have minimal degree of variability. This also helps the organisation to get faster and strengthen controls. There are many tools on the market to support automation of processes from a technical delivery perspective, which the core principles of Continuous Delivery and DevOps frameworks are based on. Continuous delivery is heavily reliant on automation of provisioning of infrastructure and environments, automated testing and monitoring. These are actually processes which enable governance and ensure a higher level of quality and stronger controls. Project dashboards can be automated with key information to provide relevant governance information. Controls can be built into the process and tested earlier.

Also if we relate this to a mining context, the automation of functions such as mining haul trucks has not only allowed mining organisations to achieve efficiencies through staff reductions, but it removes the chance of variabilities brought about by human error, gaps in training, not following rules/instructions or procedures. This does not mean that manual controls will be redundant, but it enables to focus more on what really matters. Examples of governance removed by this automation is the driving training and auditing/inspections for haul truck drivers, drug and alcohol testing, insurance in case of injury and death, etc.

waterfallTraditional Governance

Apply more gates and reporting requirements around the risk orientated activities that we see going wrong over and over again.  Or stop these activities from being completed in the first place with new rules/company policy.


agileAgile  Governance

Reducing the likelihood of these risks to occur by removing the chances for human error. Automate these and monitor once automation is initially implemented. From there tailor back the governance around these activities once automation is proven to either have made them redundant or reduced the risk.


With increased competition and pressure to deliver, it is important to focus on what actually matters for the success of a project and the success of your business. There is no cookie cutter approach for Agile Governance, it is embedded in the mindset of people and the culture of an organisation leveraging the specialist knowledge and experience of the people it has.

Often, we end up shaping our projects or business outcomes to meet the governance requirements and we lose what we need to achieve and the end outcome we really require. A Lean and transparent approach with a focus on raising and managing risks real time with self-sufficient teams, enables us to fix issues on the go. But if we find these issues re-occurring, we may want to consider automating the activity or solving the root cause to remove the risk. In short, governance should not be seen as an additional step or time burden we are trying to adhere to. Instead it should be considered daily, incrementally and through our ways of working. By doing this, we implement an Agile approach to meeting the compliance, regulatory and quality considerations important in context to our business.


Want to stay up-to-date?

Stay on trend and in the know when you sign up for our latest content