Constructing Tech Governance for speed and innovation
Reframing Governance
For most people, Governance is a necessary evil. Something to prevent the worst from happening and to make the auditors happy. As a result, this regularly neglected practice is often seen as a cost that slows or inhibits innovation. Certainly not something that can be a force magnifier of innovation, that your team's most creative minds should be participating in and contributing to. In my view, this is because of a poor framing of what Governance is and does for a business.
At its best, Governance is a means of capturing, retaining and propagating knowledge. When a team learns something valuable, they want to instantiate that knowledge in their work. Common examples include a new best practice, updated guidance from a vendor, or a new deployment pattern learned at a tech community meetup. Integrating this new knowledge is very easy when it's a local process or technical change; update the tech or discuss with the team and agree to move forward. However, even these simple cases raise important questions: How do you ensure this new knowledge is integrated into the work over time? Does it require consensus across teams or business functions to be effective? Most importantly, what if it interacts with conflicting priorities or resource constraints? This is where a strong governance infrastructure becomes incredibly powerful.
Building your governance infrastructure
While working at Air NZ, I was fortunate to be a part of the Tech Governance Office. This was a small team of some of the brightest and most passionate tech professionals I have had the pleasure to work with. The primary mission of the Tech Governance Office was to help build out the governance infrastructure for the Digital team in the form of a Tech Governance Playbook. That process allowed me to see the power of Governance when used not just as a control but with the intent to empower the team to capture and propagate knowledge.
At the core of the Playbook was the Governance Content Lifecycle. This process served as the backbone of Tech Governance and captured in a simple, clear loop how content was generated, reviewed, maintained, and retired. Through this process and subsequent experience with other large organisations with similar goals, I have refined my picture of good governance infrastructure. The Lifecycle can be broken down into six steps:
Step 1: Articulate
Before you can do anything with knowledge, you need to articulate it clearly and concisely. This process is probably the point of greatest friction for the creation/capture of new knowledge. Teams struggle to get started for three main reasons:
· Lack of understanding of how to engage with a governance process
· Competing priorities leave no space to do the work
· Lack of faith that the content will be read or engaged with
As a result, the Articulation of knowledge is where much of the support for Tech Governance needs to go. The basic things to consider are:
Content Structure
Make content generation simpler with basic structures that guide users to templates that are fit for purpose. A good structure will capture all the important details without imposing unnecessary constraints. By way of example, my team often promote the following Policy vs Standard distinction:
Policies exist to ensure effective alignment of the 'how' to the 'why'. They articulate the business objective the governance content is intended to achieve. They also mitigate the risk of dogmatism and malicious compliance to overly prescriptive standards by clarifying the content's goals.
Standards capture specific technical knowledge and conventions that teams have agreed upon to drive consistency. Standards are expected to be updated regularly as methods evolve to better achieve the business objective stated in the parent policy.
Policies need a more rigorous template as they are brief and have a specific goal. Alternatively, you want only to provide guidance on how to start and minimum requirements for Standards to avoid limiting the potential value and scope.
It's also possible to support creating other governance content with helpful templates that get teams started. E.g.:
· Strategy documentation,
· Team or Product Principles
· Decision Trees/Frameworks,
· Process Documentation, and
· Best Practice Guides
Consultation and Peer Review
One of the most effective means of supporting content creation is helping contributors connect to stakeholders and peer review processes. Tech governance forums can serve as a conduit to connect people to stakeholders and peers who can review work for quality and consistency with existing content. If this doesn't exist, setting up tech governance groups with nominated governance stewards is a low-friction way of bringing people together. These allow passionate people to volunteer to participate in the governance process and reduce the burden on contributors to find and chase stakeholders. Governance groups need not be a significant time investment by Steward's long term as they become self-sustaining once they start generating value, but groups need a lot of support to get up and running. In particular, once initiated, the process needs to be viewed as important by leadership; otherwise, people will quickly shift focus to other priorities. Stewards also need to monitor attendance over time; too many meetings without proper representation and participation and the process will quickly lose momentum.
As with anything, too much structure and group meetings will devolve into a dogmatic tick box. Something people have to get through before getting to the real work. One thing I recommend is that governance forums focus primarily on generating governance content that provides teams access to the collective knowledge of the business. Avoid meetings that focus on reviewing things like individual designs or specific point solutions. To put it in the language of the current buzzwords, good Governance is focused on the guardrails, not building gates.
Step 2: Endorse
A robust endorsement process provides mandate and drives alignment across teams and towards business goals. It also has the added benefit of potentially reducing the decision workload of leaders by moving many decisions from specifics to broader principles, freeing teams to move faster. More on that later.
Who should endorse
By matching governance content to the right people, endorsement can happen quickly and with the most effective level of oversight. The key things to align content and endorsement to are business context and expertise. For example, a more senior role might have the mandate to approve anything but lack the expertise or direct experience to validate a specific proposal, requiring significant time to be educated on the nuances. Alternately a delivery team may not have the business context needed to make a call on something with business-wide implications. Here is an example using the Policy vs Standards distinction described earlier:
· A policy can have far-reaching implications but little technical detail. In this case, senior leaders with the broadest business context and responsibility for a high-level alignment are the best people to endorse this.
· A standard usually focuses on a specific business process or driving consensus in technical delivery. So here, this is best endorsed by technical leads or governance groups directly. Enabling teams to be more responsive to needs at this level and avoiding the burden of educating time-poor senior leaders.
These are oversimplifications; I am not recommending rigid processes that lock in endorsement requirements to the structure of the content. The important thing is that the people hired as experts are leveraged to make decisions in their field and that leaders' own decisions that have wider implications. I recommend a forum-based approach in cases needing deep expertise with broad implications. Particularly if a choice requires or precludes significant future investment. Enable communications between leaders and experts directly and allow veto and rework requests to come from both with equal weight.
Making the most of leadership attention
Leadership attention is one of the scarcest commodities in many businesses. This problem scales directly with the size and complexity of your organisation. Good governance processes provide the assurance and transparency needed for leaders to distribute the burden of decision-making. By distributing this load, leaders can focus on vision and alignment and avoid decision bottlenecks that slow delivery and innovation.
Thoughtful design of endorsement processes can provide leaders with the means of articulating goals and expectations into principles and policies. Teams can use these to guide more local/specific decisions. Things to consider:
· Prioritise decisions that will have the greatest impact and enable teams to make decisions lower down the leadership hierarchy.
· Wherever possible, define and document principles rather than explicit decisions. These provide autonomy and alignment more consistently than interpreting individual choices.
· Align decisions to Delegated Financial Authority (DFA), and DFA to the level teams need to make decisions in their area of expertise. With DFA comes accountability, which can often be lost when teams lean on overly prescriptive Governance or senior leadership decisions.
Lower participation friction
Every day your team is generating knowledge critical to how your business runs or how it could run more effectively. One of the best ways to retain and propagate that knowledge is to provide people with the means to refine and empower it through an endorsement process.
The process must be approachable and filter out noise for this to work well. Being approachable is best achieved by leaders publicly supporting the process and recognising contributors' efforts, even when a decision is made not to endorse something. It is also worth allowing people considering contributing to sit in on the process to better understand how the review process functions. The consult and peer review processes will handle a lot of the noise. Finally, your Articulation process should support making sure people know exactly what is required of an artifact before it enters the endorsement process.
Step 3:Communicate
As you have undoubtedly experienced, content no one knows about is not very useful. Each part of the process and every contributor has a role to play in communicating governance content:
No Surprises
One of the simplest ways to ensure stakeholders are aware of governance content is to include them in the creation process. My team works to a "No Surprises" policy; if this content affects you, you should be aware of it and given the opportunity to provide feedback. There are myriad ways to make this process easier, including team-based Email Distribution Lists, communities of practice, guilds etc… but it is different for every business. The main thing is to ensure you have the means to get the message out as the content is generated.
Transparency
While it's important to communicate any specific content, it's also just as important to communicate the process that led you to make the decisions. For example, making early drafts, meeting notes and unendorsed policies available to potential contributors. Reviewing this material helps people understand the decisions made, things that have already been discussed or tried, and other considerations that may not be obvious from their position in the company.
That is not to say that people must review every historical document to contribute. But it does help when things are contested, or the original contributors have moved on. Having the content available and linked in your repository is a great way to retain the context of your decisions.
Onboarding
One of the best ways to organise governance content is by role. Of course, you will need multiple ways of finding relevant content, e.g. by issue and content type; but if you use a modern content management system, it's also worth starting with a role tag. With this tag, people can be quickly and easily directed to the most relevant content as a part of their onboarding. In many cases, simply knowing governance content exists (and there is an expectation you have read it) is enough to get people engaged.
Step 4: Measure
One of the most important questions that any governance contributor needs to consider is, "What exactly am I trying to achieve". Being clear about the intent is also reflected in the Policy vs Standard example and should remain a consistent theme throughout your governance process. This raises a follow-up question that's as, if not more important; "How do we know our Governance content has had the desired effect?".
To answer this question, you need to think carefully about metrics that reflect the desired outcome. These need to be practical things to measure and represent the business goals of the policy rather than just simple adherence. The best metrics are a combination of qualitative and quantitative. How efficient, robust, and available is X, as well as how well is X adhering to the applicable Policy or Standard? For Example:
Asset tagging:
You not only need to measure "Are my assets tagged" but how much effort is going into tagging (a decent proxy for the cost) and are proposed benefits from each tag being realised. By thinking about what each tag is supposed to achieve up front, it's possible to lay out simple metrics for each. With this data, you can compare coverage to the realisation of the associated benefit. If they don't track, you know you may need to rethink your policy/standard. This data also supports trimming the number of tags and tagging methods to those generating real value, reducing the burden on tech teams.
I am not a measurement absolutist; I believe some things are worth stating in governance content that are not practical to measure, but this should be the exception rather than the rule. If it is important enough to articulate and endorse, it's important enough to track if possible.
Step 5: Automate
If you can't articulate things as first business goals, then standards and patterns, you will probably run into trouble trying to drive efficient automation across your business. Initially, setting up automation services is almost always more expensive and time-consuming than manually doing the work. Furthermore, without Tech Governance Infrastructure, your team has no way of aligning towards a set of agreed patterns or no way to discover existing patterns. In that case, they will often end up setting up bespoke methods, not capitalising on the existing capabilities of the business.
Articulating business goals as delivery patterns will also identify opportunities to automate. A particularly strong example of this comes from Public Cloud use and standardising specific efficiency expectations as a documented standard. Here is an example drawn from a recent engagement with a client:
Storage Life Cycle:
As a part of a broader Cloud migration initiative, one of our customers was experiencing a significant blowout in storage costs. The issue had been compounding for months, and the team struggled to prioritise reviewing what was stored.
As an alternative, we proposed leveraging the existing Backup and Retention standards and focusing on data retention timeframes. We advised teams that these would be technically enforced and then leveraged cloud native tooling to purge all data that didn't meet the standard. A standards-led approach was considerably faster than a case-by-case review and addressed the issue at the source, preventing considerable costs down the line.
Step 6: Improve/Evolve/Retire
As your team learns new things, they will not only need to add to your body of knowledge but regularly update or retire existing content. Unfortunately, maintaining content is often the most neglected aspect of Governance because reviewing content is not a regular part of a team's workflow or culture. By encouraging teams to participate and supporting them with the ideas above, they will have more incentive to keep content up to date. That said, it's still important to make the process easy and build inflection points to regularly bring stakeholders' focus back to issues.
Reducing the friction for people to update, evolve or retire outdated content is mostly about two things:
1. Provide clear instructions on how the update process works and how to leverage the content generation loop. If people understand how the process works, it is far more likely they will work through governance structures to solve problems rather than create independent processes or workarounds.
2. Make sure meetings/rituals that support the process are reliable. These are the things that drive the content creation process and embed the expectation of good Governance into a culture. They also have the added benefit of encouraging people who participate to seek out opportunities for discussion and improvement.
Providing inflection points is usually addressed by adding review dates to content and having governance stewards kick off review processes when these fall due. It is important to avoid arbitrary review dates where possible. Aligning them to other business processes or changes (like product upgrade cycles) is often a good way to avoid people just going through the motions during a review. Grouping related reviews together can also raise the profile and provide more opportunities for more fundamental improvements and evolutions of systems.
The other important inflection points are associated with significant changes to teams or team structure. Often governance content is aligned to business structures, particularly at the standards/patterns level. So it's a good idea to instigate a review of relevant standards and even policy when there is a leadership change or a restructuring of the team.
Summary
There are loads of proscriptive governance frameworks available, many of which capture the learnings and experiences of smart, capable people. In practice, I found that Governance needs to reflect how your business functions, which is likely to be a bespoke enterprise for every organisation. The main things that stay the same from business to business are the principles that make it effective. So, to sum up, here are what I believe to be the core principles of good Governance:
1. Focus on capturing, retaining, and propagating knowledge
2. Create a robust tech governance infrastructure that reduces effort and encourages participation
3. Transparency is critical to efficiency and speed
4. Respect and reward people's time and attention
5. Leaders' actions define the culture, and the culture sustains the effort
I would love feedback on these and anything else mentioned in this write-up. If you or your team are wondering how to build these ideas into your Cloud Financial Management practice, please reach out. We would love to help.
