I assume that many of you will agree on the title of this post, since years of field experience have often made me witness a sense of fear by organisations when initiating and delivering change within their structure, despite the more recent availability (last 10-15 years) of frameworks and tools aimed at supporting transformation of business, technology and operations.

Resistance to change can propagate top-down as well as bottom-up for different reasons: it may originate from the top because of Management’s natural approach to processes and structured governance, the latter often “enhanced” by deciding to manage change like any other risk and attach to it a more-or-less long list of mitigating actions; it is also true that resistance to change can also get started from the bottom when this may end up transforming established working practices and/or existing roles and responsibilities.

While I’m a firm believer in risk management and mitigation, in my opinion (and witnessed on the field) by rigorously applying a risk management approach to change and add controls to preemptively address deviations, this will likely raise a perception of change as a potential source of (negative) impact for the business, not just among the top levels but also across the lower ranks of an organisation, with a knock-on effect on the overall confidence resulting in further feeding resistance and, next thing you know, you have inadvertently created a vicious circle.

Engineering and delivering change will benefit if the organisation, as a whole, prioritises HUMAN INTERACTION over processes.

As you may well know already, this is one of the four core values that drove the creation of the Agile Manifesto back in 2001.

Let’s then corroborate this with one example (amongst several) in my professional experience when leading change in a collaborative manner.

Five years ago I was leading an Enterprise GRC Solution delivery for the Supply Chain Management Export Control department of a large conglomerate company which, because of its multinational presence, was legally required to meet regulations in all countries were business was conducted.

This organisation requested our assistance to implement a Compliance Management solution derived from our GRC platform and enable a global central repository where processes and technical controls were documented, establish links to authoritative sources, perform risk-based scoping, execute design and operating tests, perform continuous controls monitoring and respond to identified gaps.

During the project kick-off meeting which took place at the customer’s site, we came across some potential blockers because the nature of their existing processes would have prevented having the current structure replicated and implemented in the Compliance Management platform; I asked if it was possible to extend the session, that was originally meant to stretch across the first half of the day, and make it instead a full-day session; the Executive Sponsor, wisely, agreed.

By leveraging on the technical expertise we had present there in the room (a Solution Architect and a Product Implementation Specialist), I created on-the-fly an agenda for the second half of the day to specifically deep-dive into the analysis of their existing processes and understand if there was room for change; thanks to a collaborative effort which benefited from exclusively relying on human interaction (no documentation review at this stage), we were able to pinpoint some specific limitations that would have prevented a successful implementation and roll-out of the new platform and the associated programme.

The first reaction from the audience was (legitimately) not positive and with visible frustration being manifested for becoming aware of these potential blockers only at that moment after months of scoping and assessment of requirements, so I shifted the focus of the discussion on evaluating options which in practical terms turned up to be two: either keeping the current status-quo but then face constraints in the implementation phase and undermine future model scaling, or consider change of their existing processes to make better use of the tool’s capabilities as well as ensuring a more long-term and scalable compliance model.

We then agreed to plan for a 3-day workshop in order to work together on re-designing these processes.

To cut a story short, after 18 months since the kick-off meeting, not only the organisation went live with their new Compliance Management solution, but the roll-out proved successful to the point that other departments of the company initiated similar deployments for Governance and Risk related initiatives and the Executive Sponsor not only acted as their internal ambassador but also became, in one occasion, the presenter of this case-study during a public GRC event.

Do you agree on this being an example of working to delight a Customer?

Key decisions which contributed to this collaborative success:

    1. To leverage on technology not just to drive technical innovation, but also business and operational transformation.
    2. In the crucial and early stages of this engagement I convinced all working groups to prioritise face-to-face meetings and workshops over asynchronous interaction by means of solution design and technical documentation (core value #3, COLLABORATION).
    3. The customer’s Management team and executive stakeholders took the brave decision to allow going back to the drawing board and re-design the foundations on which their organisation had been operating for years and no longer suitable for present and future business requirements (core value #4, ADAPT & CHANGE).
    4. Instead of adopting the more conventional (for the organisation) predictive/waterfall model for finalizing solution design and execute delivery, I presented the case for a more iterative and interactive engagement by releasing incremental functionality every two weeks (core value #2, EARLY SOLUTIONS).

Andrew Celi