My thanks to Martin Burns, Erik Gibson and David Morris for great challenges and questions about the Framework:
- Is the Framework a Trojan Horse? – No. Quite the opposite. The Framework makes it easy for control functions to clearly identify whether an investment is operating within the risk limits. The framework consists of risk management constraints that also act as enabling constraints that encourage improvement. Once control functions become familiar with the framework, they will start to appreciate that their existing SDLC style stage gate processes are not as effective.
- Does the Framework Support Incremental Implementation? – Yes. Organisations should start by getting good at the team level. The framework specifies the limits that team level investments should operate within in order to be effectively risk managed. If an organisation choose to go full in and create a multi-team program level “Flagship” agile project, the Framework will constrain it so that it does not become a rogue Water-Scrum-Fall or Scrum-Fail project. The control framework can identify those risk factors that are out of limits and as such require more careful monitoring.
- Does an investment need to to fully comply with the Framework before it can be considered safe? The framework acknowledges that organisations will need to go on a journey. The framework introduces limits, and the processes for monitoring the organisations journey towards compliance. e.g. Each investment needs a weighted lead time of a month or less, unless all of the executives have committed to be within the limit within an agreed timescale AND CAN DEMONSTRATE PROGRESS TOWARDS THE GOAL. Simply saying you’ll do it is not enough, you need to demonstrate you are on the journey and take the limit seriously. As Martin puts it, they just need to deliver.
- Does the framework compete with Safe. DAD and LESS? Quite the opposite. The framework compliments the scaled Agile frameworks. Safe, DAD and LESS can be plugged into the framework. Organisations have a clear idea about which controls am approach covers and what else they need, like Cynefin, Real Options and Beyond Budgeting.
- Is the Framework commercially available? Not yet. If anything, the framework will be available as an open source framework. That way, it can evolve to identify new controls and limits that might be needed to cater for contexts that were not originally considered. Associated with the framework would be a list of methods and tools with associated strengths and weaknesses describing the context where each method and tool has a sweet spot, and where each may create risk for the organisation. Expect a wikipedia style process with approapriate editing controls.
- Does an organisation need to reach a certain level of maturity before they can adopt the framework? The framework is a good game in “Reality is Broken” terms. An organisation can adopt it at a very low level of maturity and have transparency that it has a lot of risks that are not managed effectively. As the organisation matures, it can use the framework to demonstrate progress. Rather than maturity levels, the framework can be used to build a backlog of targeted improvements. The backlog could be ordered using a WSJF style process where the value is the amount of risk reduction.
- Does the framework require a big up front implementation of a process. Quite the opposite. The framework shows the risk hot spots that the organisation needs to address. The organisation can incrementally adopt methods and tools to address the risks and then choose the level of control that is necessary according to the context of the investment. The same organisation might have different levels of control depending on the context. e.g. A mission critical investment might be required to operate within more limits than a small innovative investment. The framework creates transparency into risk and helps the organisation choose their preferred adoption path for a scaled agile framework. It helps people who are not experts understand how to pick and choose the best elements from each approach. Philosophically, its similar to Alistair Cockburn’s Crystal Methodology for organisations. Risk limits for how an organisation creates transparency around the improvement backlog are covered in he “Deliver Value” and “Governance” control.
- Will certification be available? If people want to pay me money, I will happily give them a certificate that they can sign saying that they are “Aware of” and “Value” the framework. Ideal for “control” professionals.