Our series on improving oversight of public sector digital projects continues by examining what we’re trying to achieve.

Organisations are set up for a purpose, and are given money to fund the work towards that (whether that’s from the taxpayer, members or shareholders). Therefore there is a need to check that they are working well towards that purpose, spending the money wisely and correctly, and not generating adverse side effects.

Doing things, doing the right things, and doing things right.

So, organisations themselves have stakeholders — and a governance process to report to those stakeholders.

In order to fulfil the organisation’s purpose in a manageable way, a structure is set up with departments, agencies, programmes and teams — and often various other levels in between — to delegate the work, and the responsibility.

Therefore they also need governance at various levels of the organisation, to feed up into the overall organisational governance.

Within this series of blog posts, for reasons set out in the first post about where the current friction is between agile ways of working and governance, I’m going to focus on the first rung of governance: the governance of delivery teams and their projects. I believe we can then demonstrate a healthier approach to governance that can move up the organisation later. We can’t realistically start in the middle or at the top.

Governance also happens at various stages in the lifecycle of work. I’m going to focus in this series on governance of live transformation projects. We can save the earlier and later stages for another time. I’m also focusing on ‘digital’ projects, because that’s where the most change has already happened for delivery teams, causing the greatest cultural gap with stakeholders. Another time we can look at broadening the reach of these approaches.

A chart showing that our focus will be on first-level governance, at the project delivery stage
A chart showing that our focus will be on first-level governance, at the project delivery stage

Reviewing prior work

Clients will know that I always insist on searching widely for prior work, so that our own work can start by standing on the shoulders of what has gone before, rather than pretending we need to invent everything ourselves. So, let's examine the prior work on defining good governance...

ISO definition of governance

The International Standards Organisation set out this definition of governance in 2008:

[Governance is] for senior management to gain and give assurance that investment generates value to the business and reduce the risk of bad outcomes.
(ISO/IEC 38500 Corporate Governance of Information Technology, June 2008)

It’s a pretty good start, but it’s very much from the old ‘Taylorism’ school of management. Its key failing is that it focuses only on what senior managers are supposed to do for the organisation above them, and therefore sets them up to just gather data from those below them, and hold teams to account. It doesn’t provide for governance to play in part in serving the teams that are expected to deliver the value, and collaborating as part of the process.

You might argue that this is covered implicit, as it ought to be in place in order to deliver value and reduce risk — but my observations throughout my research showed that most governance interpreted these two very narrowly. They took maximising value to be cost savings or delivering a policy objective. They took risk to be about overspend, delays, security. And they focused on the surface of these rather than digging too deep. I think there’s a need to be explicit about the important things between these two headliners.

Based on research that I’ll cover in the next posts in this series, I suggest that supporting the team, rather than simply reporting to the organisation, is a vital part of healthy governance. It’s not just a two-way model, it’s a collaborative one-team model.

So how can we update the definition a little? There’s already been some good thinking done by other organisations that we can learn from…

NAO Governance Principles

An image of the cover of the National Audit Office report ‘Governance for Agile delivery’
An image of the cover of the National Audit Office report ‘Governance for Agile delivery’

So where do we turn for insight into hipster, agile, cool new approaches to teams and management? That’s right — the National Audit Office!

Way back in 2012, the NAO produced a report, Governance for Agile delivery, in which they set out these principles:

  • Governance should mirror the philosophy of Agile methods — only do a task if it brings value to the business and does not introduce delays.
  • Agile delivery teams should decide on the empirical performance metrics they will use, and self-monitor.
  • Senior management, external assessors, business users and the ICT team should be partners in quality, and this collaborative approach is an essential change in mindset.
  • External assessment or reviews of Agile delivery should focus on the teams’ behaviours and not just processes and documentation.

I think these are superb insights, that are highly relevant now.

GDS Governance Principles

A screenshot of the Government Service Manual page with the Governance principles developed by GDS
The Government Service Manual page with the Governance principles developed by GDS

Following the NAO principles above, a team at the Government Digital Service (GDS) did some work on governance in 2014, resulting in the governance principles in the service manual:

  • Don’t slow down delivery
  • Decisions when they’re needed, at the right level
  • Do it with the right people
  • Go see for yourself
  • Only do it if it adds value
  • Trust and verify

Again, these are insightful principles. They build well on the NAO work, and are based on user research with stakeholders and teams. They’re very useful for us to work from.

I believe we can build our healthy governance practices ontop of these principles.

Our definition of governance

As a result of the learning above, I suggest the following as a ‘good enough for now’ next iteration of the definition of governance that we can work with for this series:

Governance is for senior management to gain and give assurance that:

  • investment is generating the maximum possible value for the organisation
  • the risk of bad outcomes is minimised
  • delivery teams have suitable people, time, money and resources, aligned with expectations
  • teams have healthy behaviours and practices, and can work in psychological safety
  • in collaboration with delivery teams and stakeholders.

In the rest of this series we can work to this definition, supported by the NAO and GDS principles above.

Coming Up

In the coming weeks, I’ll publish the following blog posts in this series:

  • The mission
  • What is governance for? (this post)
  • Understanding stakeholders
  • Understanding teams
  • Maximising value
  • Reducing risk
  • People, time, money and resources
  • Behaviours, practices and safety
  • Assurance
  • Continuous Improvement
  • Implementation and next steps

To follow along, either subscribe to the Convivio newsletter, down in the footer of this page, or follow us on twitter at @convivio where we’ll announce each new post.

If you want to discuss with me or send ideas, feedback, or anything except abuse, I’m on Twitter as @steveparks. DMs are open for anything you can’t say in public, or you can email me at steve.parks@convivio.com.

And I’d be very grateful if you spread the word to other geeks like us, interested in good governance of public sector digital services. Thanks!

Main photo of brightly coloured umbrellas hanging beneath a cloudy sky, by Alejandro Garrido Navarro

This post was originally published at our Medium blog at https://blog.weareconvivio.com/healthy-governance-for-digital-services-2-what-is-governance-for-986313f4edc0