Tag Archives: management

Setting up Your Programs for Success

With all the conversations about SAFe, you would think programs were a new idea. Actually, they have been used for many decades to manage very large efforts. This article discusses lessons learned from the past about how to set up a program at the beginning so it will run more smoothly throughout.

A program is one kind of construct to organize and coordinate the work of a large number of people on the same deliverable. Other constructs include value streams, products, product families/lines, and the open source model (community ownership of software with rules and governance). I have heard of programs as small as 40 people contained within one company and I have been personally involved with programs involving hundreds of people, sometimes across several companies or countries. Programs are used to manage big efforts.

Programs were developed in the defense industry to manage efforts such as putting a man on the moon, creating a new submarine, or creating an overall battlefield management system. Programs were adopted in commercial enterprises to manage efforts such as SAP implementations or creating a new tractor. Creating a mobile app does not require a program.

Programs are used to manage large complex efforts. A key technique to managing complexity is to structure the work in such a way as to get rid of as much complexity as possible. Simplify as much as possible, then manage the rest.

When planning your program, assign work to individual teams in such a way as to reduce or remove dependencies between teams. Each team should work as independently as possible. There should be little or no dependencies based on time, code, functionality or any other factor.

You can achieve this independence by assigning complete independent work packages (for example use case, user story, subsystem, component, or task) to each team. If the work packages are truly independent, you should not have very many cases where multiple teams need to work in the same code base, nor should you care much about what order the work is completed.

Any points where the teams need to cooperate should be well defined using tools such as contracts, interfaces, services, or API’s. Test harnesses and stubs can be effectively used to keep the work of the various teams as independent as possible, allowing each team to test their own code even if code they need to use from another team does not yet exist.

Teams should NOT be set up around the SDLC, i.e. a requirements team, design team, coding team, and testing team. This creates unnecessary dependencies between teams such as the coding team is waiting on designs, the testing team is waiting for code, etc. Each team should be responsible for the complete life-cycle for the work package they are assigned.

You do have to plan coordination points for releases. Teams cannot work on whatever they please. Each team has to make a commitment to deliver certain functionality at a certain time with specified quality. This is a commitment to their co-workers on the other teams. There may be other work a team does as well, but there has to be a minimum set of code they complete by a specific scheduled date in order for everything to fit together. You have to carefully manage the teams so they deliver what they promised the other teams at the time they promised to deliver it. If you do a good job defining the integration points between teams and managing their work to complete on time, then integration of the work of the various teams should be fairly straight forward.

There has to be a program level management team whose job it is to create the appropriate work packages, set up the release schedule, assign the work to the teams, define the minimum each team is required to deliver to make the release, coordinate the work of the teams, remove obstacles between teams, and be the final arbiter in situations of disagreement. People managing the program may include architects (software, system, network, data, UI, business) as well as those in more traditional management roles. You may need people at the program level to create (or help create) code that coordinates the work between teams such as test harnesses, stubs, interfaces, services, or API’s.

While you can do a whole program with one release at the end, this is very high risk. Programs tend to be lengthy and much can change from beginning to end. It is much better to plan a series of releases with time scheduled to make any needed adjustments due to change or lessons learned.

In a well structured program, you do not have to care about how each team does their work. As long as the team delivers according to their contract, it does not matter if they are onshore, offshore, or vendor, or whether they use an Agile or Waterfall type of SDLC.

Finally, the key to a well-run program is monitoring the teams and their progress with appropriate metrics, regular meetings with a representative from each team to coordinate efforts, management by walking around when you can, and quick resolution of problems when they arise.

Lean Startup Ideas for Mitigating Business Risk

All businesses exist to deliver the right product or service to market, at the right time, for the right cost. All business risk fundamentally puts one of these items in jeopardy, and so our fundamental business risks are:

  1. Failure to deliver the right product or service

  2. Failure to deliver the product or service at the right time

  3. Failure to deliver the product or service for the right return on investment (ROI)

  4. For companies in regulated industries we also have failure to comply with all laws and regulations

These risks are fundamental to business, and do not change based on the processes or procedures used to create or deliver the products or services. All risks we identify that are specific to processes or procedures must address one of these fundamental business risks.

For example, business continuity procedures help some companies, such as those that deliver SaaS or hot line support, ensure that they deliver the product or service at the right time. In this case, business continuity procedures are extremely important for staying in business because delivering the service at the right time means the service is available all the time.

In addition, we should consider the cost of controlling that risk versus the effect it has on the business risk. Controls that have a small impact on the fundamental business risks should either not be used or should be very inexpensive to implement.

As one example, many companies say they have a risk of project failure, which they define as going over schedule, over budget, or both. I have worked for a number of companies who delivered every project on time and on budget, and their products failed on some or all of the fundamental business risks. I have worked for a number of other companies who did not always deliver their projects on time or budget, but did in fact deliver the right product to market at the right time for a very nice return on investment. In these cases I observed, the risk of project failure did not have a strong correlation to a fundamental business risk. Controlling for project risk only weakly controlled for business risk.

What that tells me is instead of assuming that the project lifecycle is the problem, we should do a root cause analysis to determine the actual problem. Maybe we are running projects poorly. Or maybe we are failing in marketing and sales. We should find the real problem and invest in controls that have a strong correlation with product success.

What is a control? By definition a control is a process that reduces risk. Typically a control is a mitigation strategy that is formalized. Documents are not controls. Documents are also not evidence that a process was followed. We all know of delivery teams who did not follow a specified process but created the document that “proved” they did at the end of the project. I have seen many documents that were supposed to prove that a process was followed, that were merely copies from another effort. Many times, the project name was not changed throughout the document, nor the dates when the work was supposed to have been done.

A control is a process. Therefore, if you want to audit for the control, you have to audit the process. Most of the time, that will mean observing the process as it is being done. If all the auditors do is look for a document that says the process was done, then you have incurred cost with zero benefit. If your company is typical, your people never have enough time to do everything, so they will cut processes that are only audited by document and do the fastest job possible to produce the required documents. Since the process is most likely not being done, either the process is not necessary to control for risk or you have been lucky.

Given all that, what are associated risks and mitigations for the fundamental business risks? Below are some examples of possible risks and mitigations for the fundamental business risks listed above. The mitigations are heavily influenced by Agile and Lean Startup thinking, so may or may not be appropriate for your business.

Business risk: Failure to deliver the right product or service

Associated Risk Mitigation
Your market is not well-defined Leadership in the company should go through an exercise of defining the market for each product and service. They might be the same, they might be different. It is not good enough to say “Our market is men.” Or “Our market is middle-aged people.” It is almost certainly true that those markets are too big. Get specific.
You do not understand your market Company leadership should ideally be from your target market or have a close relationship with your target market. You can also use focus groups, advisory boards, and other techniques to get a better understanding, but there is no substitute for personal knowledge.
The product or service is poorly defined This is common early in product development, but must be mitigated before the product or service goes to market. The best mitigation is to do a little, test it with users, based on feedback do a little more, test again, and continue this until you have a viable product. Whatever prototyping you do, find the least expensive, fastest way to do it.
The users do not want the product or service The best mitigation is to get real users involved in developing the product or service. Not just one group of users (you end up developing something just for them), but bring in many different groups of users over time who represent the breadth of your market.

Business risk: Failure to deliver the product or service at the right time

Associated Risk Mitigation
You deliver too early Find real users who are connectors and recommenders. Get them involved in the development process. Encourage them to help prepare the market for the coming product.
You deliver too late Identify a minimum viable product. Develop that first, and keep it always ready to go. You can release that at any time if you have to quickly go to market and follow up with additional features later.
You deliver too often Solicit feedback from real users all the time – forums, blogs, Facebook page, etc. They will tell you if they are getting overwhelmed. When possible, track the use of the different product features. If you are delivering new features and no one is using them, you are probably delivering too often.
You deliver too infrequently The same as delivering too late, always have something new ready to go. Solicit feedback from real users all the time. They will tell you if they are tired of waiting for new features.

Business risk: Failure to deliver the product or service for the right return on investment (ROI)

Associated Risk Mitigation
The size of your market is smaller than you thought Discover if there is a broader market who can also make use of your product or service. Cut back on your product plans to match the size of your market.
Your market is not finding out about your product or does not see the value in it Assuming you have identified the right market and product, then along with traditional marketing, find connectors and recommenders, get them involved in developing your product, encourage them to recommend your product to others. Also, look for related products where you can piggyback your marketing efforts. Joint marketing with another company could be quite effective.
The cost of development was too high when compared to sales or other benefit received (low ROI) Identify the root cause. Were you overly ambitious compared to market demand? Then you need to cut back on your development efforts. Was the development process inefficient (heavy process, too many people, too many metrics, too many meetings, not enough experience in the development team)? Bring in someone to help improve your process. Was the failure in the sales team – not enough sales to recover the cost of development? Maybe you need more experienced sales people, or they need better training on the product and benefits, or they need coaching on sales techniques.

Business risk: Failure to comply with all laws and regulations

Associated Risk Mitigation
Discovery of non-compliance and the consequences of it (product removed from market, product reworked, fines, prosecution, restitution) Educate your workforce on the laws and regulations. Review product and service offerings with lawyers, regulators, and other experts as appropriate. Keep records of all recommendations by lawyers, regulators, and experts. Be aware when there are changes and have your product and service offerings reviewed for compliance with new laws and regulations. Be sure all product and service offerings are updated within the time frame allowed.

I hope this article has you thinking more about how to control for risk. Doing the same thing “everyone else” is doing may not be the right thing for your company. Go back to the fundamental risks and discover the best way for your company to reduce them.