This article, based on insights from Sarah Wells, explores how to implement effective software engineering governance that reduces risk without impeding development velocity. The central theme is that governance should be an enabling function that helps teams deliver value safely and consistently, rather than a bureaucratic bottleneck.
The Problem with Poor or No Governance
The article argues that ineffective governance creates significant problems. Traditional, slow processes like Change Advisory Boards (CABs) give a false sense of security while slowing down releases and hindering productivity. Conversely, a complete lack of governance leads to security vulnerabilities, uncontrolled cloud costs, duplicated engineering effort, and difficulty in managing the organization’s technology estate.
Key Principles for Effective Governance
To be effective, governance should be a set of principles, practices, and tools that make it easy for teams to make the right decisions. Key recommendations include:
- Build In-Tool Guardrails: Integrate governance into the development workflow. For example, requiring a service to be registered in a catalogue to receive the necessary cloud resource tags nudges engineers toward compliance seamlessly.
- Create a Clear Technical Strategy: An organizational tech radar and a well-communicated technical strategy help align teams on technology choices, preventing redundant work and the use of deprecated platforms.
- Align with DORA Capabilities: Focus on achieving fast flow and fast feedback. Any governance process that requires waiting for another team or external approval is an anti-pattern that slows down value delivery.
Conclusion and Takeaway
The primary conclusion is that organizations must reframe the purpose of governance from control to enablement. Instead of focusing on running a process (like a CAB), the goal should be reframed to achieving an outcome (like keeping the organization safe). This shift allows for modern, more effective solutions like automated checks and platform engineering, which successfully balance risk reduction with the need for speed.
Mentoring question
How does your organization’s current governance model balance risk reduction with developer velocity, and are there any ‘Change Advisory Board’-style processes that could be replaced with automated guardrails?
Source: https://www.infoq.com/news/2025/10/software-engineering-governance/
Leave a Reply