The Better Way: Transformation principles for the
  • The Better Way: Transformation principles for the real world
  • Preface
    • Preface
  • Part I - The Big Picture
    • Introduction
    • Radical change
    • Rapid acceleration
    • Profound complexity
    • Part I Summary
  • Part II - The better way
    • Introduction
    • Principle one: Focus on customer value and adaptability
      • Applying the principle in practice
      • What good looks like
      • Common failure modes
      • Final thoughts
    • Principle two: Technology excellence is the strategy
      • Applying the principle in practice
      • What good looks like
      • Common failure modes
      • Final thoughts
    • Principle three: Choose product teams over project teams
      • Applying the principle in practice
      • What good looks like
      • Common failure modes
      • Final thoughts
    • Principle four: Divide and conquer
      • Applying the principle in practice
      • What good looks like
      • Common failure modes
      • Final thoughts
    • Principle five: Integrate governance, risk and compliance experts with product teams early and often
      • Applying the principle in practice
      • What good looks like
      • Common failure modes
      • Final thoughts
    • Principle six: Measure what matters
      • Applying the principle in practice
      • What good looks like
      • Common failure modes
      • Final thoughts
    • Part II Summary
  • Part III - Micro-transformation
    • Introduction
    • Step one: Design effective cross-functional teams
      • How it works
      • Why it works
      • Final thoughts
    • Step two: Create immersive working environments
      • How it works
      • Why it works
      • Final thoughts
    • Step three: Implement the Starter Kata
      • How it works
      • Why it works
      • Final thoughts
    • Step four: Thin-slice the work
      • How it works
      • Why it works
      • Final thoughts
    • Part III Summary
  • Conclusion
  • Glossary
  • Endnotes
    • Endnotes
    • License
Powered by GitBook
On this page

Was this helpful?

  1. Part II - The better way

Principle five: Integrate governance, risk and compliance experts with product teams early and often

PreviousFinal thoughtsNextApplying the principle in practice

Last updated 3 years ago

Was this helpful?

At the beginning of , we explored how many organizations find it difficult to manage complex and interdependent demands that cannot be resolved by simply choosing one solution over another. When it comes to , risk and () standards, most organizations struggle to find the right balance between speed and control.

Obviously, both speed and control are important. But when push comes to shove, most organizations play it safe. This means they often choose rigorous control and review processes as a risk mitigation strategy. This makes sense on the surface. For most organizations, there is often a continuous array of known and unknown risks related to information security, data privacy, technical architecture and internal auditing for example. While it's important to ensure appropriate control is in place, it’s more important to be mindful that lengthy and complex GRC controls may introduce another type of risk, known as the .

In many cases, long lead times are the result of a deeply siloed and niche-based approach to risk and compliance. Product teams, for example, can often find themselves at the mercy of several subject matter experts who enforce stringent requirements that lack context and fail to weigh the actual risks at hand. This siloed approach also tends to further enforce hierarchy and limit autonomy, which only further restricts the flow of value and learning.

While many organizations tend to believe their GRC processes and standards are carved in stone, the reality is that many highly regulated companies have been able to strike the right balance between speed and control by integrating GRC as part of an end to end process.

Part II
governance
compliance
GRC
cost of delay