Governance is a critical aspect of any organisation, ensuring that we operate safely and effectively. However, I’ve observed that excessive governance can often hinder our ability to seize opportunities and respond to unexpected challenges. When surprises arise, be it a market shift, a product issue, or an internal complication, the time and cost to rectify these problems can escalate dramatically.
The Pitfalls of Over-Governance
From my experience, I’ve seen that much of the governance we encounter is self-imposed. This is particularly true in organisations that operate in silos or have a dedicated governance department. Here’s the crux of the issue: when governance becomes a separate entity, it often leads to local optimisation rather than system optimisation.
- Local Optimisation: This occurs when we focus on improving one aspect of the organisation without considering the broader implications. For instance, imagine a cog in a machine that’s struggling to turn because it’s jammed against other cogs. If we decide to remove the teeth from this cog to make it spin freely, we’ve achieved a local optimisation. However, this cog is now ineffective in driving the entire system.
This scenario is all too common when governance is treated as an isolated function. Decisions made in an ivory tower can lead to regulations that, while well-intentioned, fail to add value to the organisation as a whole.
Compliance vs. Overzealous Governance
Take the example of compliance regulations, such as the Sarbanes-Oxley Act (SOX). The intent behind SOX is to ensure transparency and accountability, but many organisations misinterpret this as a need to exceed the minimum requirements.
- Minimum Compliance: The SOX audit requires organisations to trace actions within their systems, but it doesn’t mandate that this process be user-friendly. A simple log file suffices. Yet, I’ve seen organisations burdened with excessive documentation and processes, all in the name of compliance.
In one instance, I worked with a US-based organisation that had a stringent compliance framework. Every meeting required notes to be sent to compliance for review. During a discussion about transitioning to Team Foundation Server, compliance personnel insisted on maintaining change request logs.
I invited them to observe how Azure DevOps functions, which maintains a complete history of every work item. When I asked if this was sufficient for compliance, they confirmed it was. We eliminated the need for change request work items entirely, streamlining the process and reducing unnecessary overhead.
Lean Governance: A Path Forward
This experience highlights the importance of lean governance. We must regularly assess our processes to identify and eliminate waste. Here are some strategies I recommend:
-
Organisational Hygiene: Regularly review policies and procedures to ensure they still serve a purpose. Often, we create policies out of fear, only to find they’re no longer relevant.
-
Compliance as Code: Where possible, integrate compliance requirements directly into your product. This approach minimises the effort needed to meet regulations while ensuring that compliance is maintained.
-
Focus on Value: Always ask whether a process adds value to the overall system. If it doesn’t, it’s time to reconsider its necessity.
Conclusion
In conclusion, while governance is essential for organisational safety, it’s crucial to strike a balance. We must avoid the trap of overzealous compliance that stifles innovation and agility. By embracing lean governance principles, we can create a more efficient, responsive organisation that is well-equipped to navigate the complexities of today’s business landscape. Remember, the goal is to meet compliance with the minimum amount of work required, no more, no less.