T
T
The Better Way: Transformation principles for the
Search…
The Better Way: Transformation principles for the real world
Preface
Preface
Part I - The Big Picture
Introduction
Radical change
Rapid acceleration
Profound complexity
Part I Summary
Part II - The better way
Introduction
Principle one: Focus on customer value and adaptability
Principle two: Technology excellence is the strategy
Principle three: Choose product teams over project teams
Principle four: Divide and conquer
Principle five: Integrate governance, risk and compliance experts with product teams early and often
Applying the principle in practice
What good looks like
Common failure modes
Final thoughts
Principle six: Measure what matters
Part II Summary
Part III - Micro-transformation
Introduction
Step one: Design effective cross-functional teams
Step two: Create immersive working environments
Step three: Implement the Starter Kata
Step four: Thin-slice the work
Part III Summary
Conclusion
Glossary
Endnotes
Endnotes
License
Powered By GitBook
Principle five: Integrate governance, risk and compliance experts with product teams early and often
At the beginning of Part II, we explored how many organizations find it difficult to manage complex and interdependent demands that cannot be resolved by simply choosing one solution over another. When it comes to governance, risk and compliance (GRC) standards, most organizations struggle to find the right balance between speed and control.
Obviously, both speed and control are important. But when push comes to shove, most organizations play it safe. This means they often choose rigorous control and review processes as a risk mitigation strategy. This makes sense on the surface. For most organizations, there is often a continuous array of known and unknown risks related to information security, data privacy, technical architecture and internal auditing for example. While it's important to ensure appropriate control is in place, it’s more important to be mindful that lengthy and complex GRC controls may introduce another type of risk, known as the cost of delay.
In many cases, long lead times are the result of a deeply siloed and niche-based approach to risk and compliance. Product teams, for example, can often find themselves at the mercy of several subject matter experts who enforce stringent requirements that lack context and fail to weigh the actual risks at hand. This siloed approach also tends to further enforce hierarchy and limit autonomy, which only further restricts the flow of value and learning.
While many organizations tend to believe their GRC processes and standards are carved in stone, the reality is that many highly regulated companies have been able to strike the right balance between speed and control by integrating GRC as part of an end to end process.
Previous
Final thoughts
Next
Applying the principle in practice
Last modified 10mo ago
Copy link