Transparency improves Governance

The article discusses IT governance and compliance, which tends to suggest more formal and rigorous processes. The authors explore how you can agile practices with in the framework of governance and compliance rules and regulations.

IT governance and compliance is about providing transparency to senior management. If you refer to <a href="/%3Ca%20href%3D""> " title="IT Governance Institute">IT Governance Institute</a>, you can find a great deal of information and pointers, including standards such as COBIT. Areas covered by governance include:

  • Business continuity and disaster recovery
  • Regulatory compliance
  • Information governance and information security
  • IT Service Management, including ITIL and Service Level Management
  • Knowledge Management, including Intellectual Capital
  • Project governance
  • Risk management

Governance is actually about good management and is not applicable only to industry sectors with high regulatory compliance requirements. Configuration management supports most of these areas.
Many people believe that Agile processes are not appropriate for situations with strong compliance requirements.  We think this view is wrong! Indeed, by increasing the transparency of our development process through appropriate use of Agile methods, we can improve governance in all areas. That said, Agile methods are not going to address all of the issues listed above.
Rather than repeat other material, we would like to reference some other articles and pull out some linkages and highlights.

Scott Ambler and Per Kroll have written an excellent series of articles, "Best practices for lean development governance":

A key point for us with regard to the difference for Lean or Agile developers is that traditional governance often focuses on command-and-control strategies.  These strive to manage and direct development project teams in an explicitmanner. Though this is a valid and effective strategy in some situations, for many organizations this approach is akin to herding cats:  you'll put a lot of work into the governance effort, but achieve very little in practice.

Lean governance focuses on collaborative strategies that strive to enable and motivate team members implicitly. For example, the traditional approach to coding guidelines would be to create them and then enforce their usage through formal inspections. The lean approach would be to write the guidelines collaboratively with your programmers, explain why it is important for everyone to adopt the guidelines, then provide tooling and support to make it as easy as possible for developers to follow those guidelines. This lean governance approach is akin to leading cats: if you’re holding a piece of raw fish, cats will follow you wherever you want to go.


In our article Lean-Agile Traceability: Strategies and Solutions we expanded on the trust and confidence mentioned above:

  • Trustworthy transparency is more valuable than tiresome traceability
  • Agile/lean methods do produce documentation where it is appropriate, but they don't produce it "by the yard" to sit on a shelf.
  • Traceability should serve the purpose of transparency, visibility and status-accounting rather than being a goal itself.

Many organizations have found that making business intelligence tools available on people's desktops and allowing them to drill down into data is much more powerful than producing static reports.  These reports are often circulated and then people have to wade through to find the information they need. Static tools lack flexibility and any changes must be developed, including all of the lead-time. SCM tools should make this information visible as simply and painlessly as possible. Issues that come up in this area include:

  • Licensing costs for access the tool:  Can you produce any form of read-only material that is cheaper than full access and also, perhaps, easier to use than the full tool?
  • Security and access control:  Agile methods lean toward more access rather than less access, yet the appropriate balance needs to be defined according to the needs of the organization.
  • Cross tool/vendor integration:  What information is stored where,

About the author

Brad Appleton's picture Brad Appleton

Brad Appleton is a software CM/ALM solution architect and lean/agile development champion at a large telecommunications company. Currently he helps projects and teams adopt and apply lean/agile development and CM/ALM practices and tools. He is coauthor of the book Software Configuration Management Patterns, a columnist for the CMCrossroads and AgileConnection communities at,  and a former section editor for The C++ Report. You can read Brad's blog at

About the author

Steve Berczuk's picture Steve Berczuk

Steve Berczuk is a Principal Engineer and Scrum Master at Fitbit. The author of Software Configuration Management Patterns: Effective Teamwork, Practical Integration, he is a recognized expert in software configuration management and agile software development. Steve is passionate about helping teams work effectively to produce quality software. He has an M.S. in operations research from Stanford University and an S.B. in Electrical Engineering from MIT, and is a certified, practicing ScrumMaster. Contact Steve at or visit and follow his blog at

About the author

Robert Cowham's picture Robert Cowham

Robert Cowham has long been interested in software configuration management while retaining the attitude of a generalist with experience and skills in many aspects of software development. A regular presenter at conferences, he authored the Agile SCM column within the CM Journal together with Brad Appleton and Steve Berczuk. His day job is as Services Director for Square Mile Systems whose main focus is on skills and techniques for infrastructure configuration management and DCIM (Data Center Infrastructure Management) - applying configuration management principles to hardware documentation and implementation as well as mapping ITIL services to the underlying layers.

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, is the place to go for what is happening in software development and delivery.  Join the conversation now!