Establishing the right governance model is as critical as any other factor in implementing agile operations in your organization. It's broadly recognized, if still poorly reflected in actual practice, that management support for almost any significant initiative is a critical component for success. Governance represents the effort to establish that support by interaction between the IT department and business leadership on a functional level (this is opposed to the more theoretical interaction typical between CIOs, CEOs, and CFOs, where much detail is often absent from strategic and operational discussions).
This idea often seems an anathema to dedicated agile proponents, as "governance" brings up thoughts of mindless paperwork, rubberstamping, and endless unproductive meetings that are precisely the reason they prefer agile to waterfall in the first place. But if every crisis represents an opportunity, it is also true that every new governance structure represents a way to get governance right. Bringing agile thoughts and theories to governance can transform that process as radically as it has transformed software engineering.
This thought may require a substantial departure from more traditional views of the governance role. But one of the primary values for technical staff in bringing in a governance process is in the ability to use it to distribute responsibility. IT has long functioned as a sort of shaman outside the mainstream of the business. Business leaders bring problems or issue to IT, and the CIO disappears into the medicine tent to chant over the fire and make strange sacrifices to unknown gods. At the end of the day, he either emerges with a working solution, or comes out with a lot of blood on his hands and no good result. Understandably, this leads to a lot of finger-pointing at the IT medicine men. But little is mentioned of whether or not the original problem or issue was even solvable by IT, or to what extent the tribe supported the shaman in his efforts.
Governance allows, and indeed should mandate, interaction between the two during all parts of the process. The shared responsibility of making the decisions involved along the way, and securing the resources necessary for success, allow IT to both illustrate the difficulties inherent in many business requests (and in fact the extent to which those requests are driven by issues that are non-technical in nature) and to share ownership for the outcomes.
It is a mark of the relative recency of formal IT governance efforts and the historical confusion over IT standards and practices that the concept is still fluid enough that agile proponents can take a hand in shaping the implementation in many organizations. On the other hand, it can also make it difficult to discuss with any degree of consistency. For my purposes, I will assert that, whatever particular form it takes, governance boils down to ensuring IT efforts are aligned with the organization's main effort. Where many implementations interpret this as "oversight" I prefer to regard it as "steering." Governance models that take an after-the-fact, audit-based approach are not particularly useful; it's like trying to keep your car on the road only using the rear-view mirror. Governance efforts have to be proactive and involved at the outset to accomplish anything important.
Although I don't agree with all the characterizations of governance in Ross Pettit's "An Agile Approach To IT Governance" I think he identifies an important tenet for implementing an agile governance model: "It has to be part of the furniture." In other words, it can't simply be oversight, or exceptions-based, but must be integral to operations in order to be used, or useful.
Pettit goes on to name three keys to ensuring the governance process meets that goal:
•It must not be burdensome to staff or operations
•Participation must be broad-based
•Communication must occur in the stakeholder's "native language"
The first may seem obvious to agile proponents, but management has traditionally been considerably more sanguine with launching grand efforts to the great inconvenience of their staff. The second is similarly challenging for many traditional management types, who revel in exclusivity. The third may be where you find your fans; an almost universal wish among business leadership for the last thirty years in corporate America has been for the IT department to learn how to "speak English." But these three keys are mutually supporting; the underlying premise is that more interaction will provide better communication, and at the end of the day, communication is the secret sauce to agile success.
They also possess the virtue of being nearly unworkable if they are not done with agility in mind. Try a traditional sort of governance committee meeting that has broad-based participation from staff in all areas and at all levels, where all technical conversation has to be laboriously translated into business terms understandable outside the IT department, which is not burdensome to nearly everyone involved. It can't be done. The only way to meet Pettit's requirements are by being agile.
As with agile development, there are any number of approaches one might take to creating an agile governance model. Perhaps it's comprised of project or function clusters, where staff and management involved with a particular product or need are brought together around it, but not necessarily consulted for unrelated efforts. Perhaps it's blended intimately with the existing corporate command structure, mingling technical and line staff in purely functional departments or project teams. It should certainly make use of proven agile tenets such as emphasizing people over process, function over form, and collaboration over competition. How you make that happen in any given environment, where the reverse has probably long been the case, is of course the "do magic" part of the equation.
One suggestion, however, would be to draw on the experience of the many traditional organizations that have implemented lean techniques into their management practices. These are case studies that no MBA will be unfamiliar with. Equating the agile "collaboration" value with the Toyota Way principle "Make decisions slowly by consensus" might help you get through to someone who otherwise thinks of agile as involving ballet (you can substitute "iteratively" for "slowly" to help make your point). Efforts to require business leadership to share in the responsibility for making decisions with input directly from technical and business staff should echo "Go and see for yourself" and "Grow leaders who thoroughly understand the work...." When you get down to it, much that we espouse as "agile" principle is simply a sort of common sense. The heavy lifting of establishing these principles as a basis for sound management function has already been done by researchers and business schools around the country. Tying ground-up agile IT practices to those principles is relatively trivial after that.
As a final note, while governance can be useful and even critical to the success of agile operations efforts, it needs to be justified before being launched. The problems that have been described don't exist in every organization. In many where they do exist, they may exist in only a small subset of the operation. I have trouble imagining a significant and sustainable organization that would not benefit from agile IT governance over the long run. That does not preclude starting small with such efforts, however, and ensuring that those efforts meet the needs of the organization as a whole as they are undertaken. This sort of meta-governance, as it were, may be the real key to successful governance: knowing when it's needed and when it is not, and having the courage to hold off or roll back the unnecessary, may make all the difference between a working, agile governance effort and a paper-generating time-waster where no one involved knows what to do or why.