Interestingly, and as some observers have already pointed out, the report makes significant reference to private sector agile adopters. As far as I can see, there is no reference to public sector organisations, despite the Universal Credit (UC) programme being dressed up less than a year ago to be an exemplar of agile practice in the public sector and receiving the “Agile Award”. Maybe because it’s an example of poor governance and practice. Fundamental to good governance is honesty, openness and a sense that the whole (organisational) team has a responsibility for success. Comments from the senior team, such as “we will have NO self-managing teams” or practices to set targets and promote competition between teams, were fuelled by a lack of change in behaviour at the senior level. As for governance, the UC approach saw merely the same process with a circle, quite literally, drawn in the background.
So what of the NAO report? It’s obvious there are good intentions, as there are in existing governance practices in many organisations. They state that governance is about generating value from investment – wholly aligned with agile thinking. However, they say it is for “senior management” which I disagree with. Agile adoption should change the behaviour within organisations so that people delivering solutions have ownership for the success of the project. When any aspect of a project is seen to be about one part of the organisation keeping an eye on the other because they don’t trust them (KGB style), barriers are immediately raised. Good governance needs to ensure that all people working on the project have the confidence to raise concerns and understand the need identify risk, make it visible and take action to eliminate it. Risk can often be a consequence of senior manager actions, so if responsibility for governance remains with them there’s a significant chance that this risk will not be addressed.
The first of NAO’s proposed principles for agile governance states that we should apply agile “philosophy” – only do something if it is valuable and does not introduce delay. I agree with the principle of valuable-only but disagree with avoiding delay, specifically in the context of governance. I understand the spirit of what is meant – there shouldn’t be significant delay to the general flow of product. However, there is one area of delay which can deliver value in itself and governance must apply where necessary – project initiation. It happens with agile and non-agile alike, projects are started that are not ready. Typically this goes back to poorly defined vision statements, which are then poorly articulated to teams or buried in PIDs. The consequence is that people do not know what is valuable; therefore they don’t make the best decisions or take the best actions. Universal Credit is a classic example of a programme that was never ready for hundreds of millions of pounds to be invested. If there had been good governance the programme would have started on a smaller scale or not at all. Instead, greater value was placed on political positioning (internally as well as externally), demonstrating that effort had begun.
I really like NAO’s second principle that agile delivery teams need to decide upon the metrics they will use so that they know how they are doing and can inspect and adapt with empirical evidence. I would take this further – make governance visible throughout. As an example, many teams complain that senior management do not unblock things in the way of delivery. This often translates into a belief that senior management don’t care. The only way to expose this is to make it visible. For example, measure the impact that failing infrastructure has on development productivity; display current blockers and make it clear who owns them and how long they have been stuck. While we remain with the idea that governance is about controlling untrustworthy development teams rather than it being about how we collectively understand what success means and ensure we achieve it, any amount of governance artefacts will have little or no value.
For me, the biggest and probably easiest win is in risk management, which is carried out very poorly in agile and non-agile environments, at board level and within projects. If we recognise that:
- Risks are not real – they are imaginary and no one has a monopoly on the imagination;
- Risks only go away when they either turn into reality and become issues (have an impact) or they leave our imagination;
- Risks leave our imagination because they have become insignificant (we’ve taken action) or because we have become bored with them, because they stay the same and nothing ever happens to address them;
- When risk disappears because it leaves our thoughts, falls down the agenda or becomes routine, we have serious threats;
- Only people address risks, not process, not tools, not governance, not measures then we can be realistic and embed risk management into day-to-day activity.
We work with whole teams to make governance, specifically around ensuring readiness and effective risk management, part of day-to-day activity. It is about whole teams, from senior managers through to hands-on developers. We make things visible, from vision and value through to risks and blockers, so that everyone knows the current status, as it is now. It’s when governance is divorced from delivery that projects fail.
