Microsoft Power Platform: The elements of a strong governance strategy

December 9, 2021

Low-code, citizen app-building is an excellent way to meet your organization’s mobile and desktop app requirements while alleviating the strain on IT. In this three-part series, we explore how Microsoft Power Platforms can streamline your efforts—and how to deploy the solution effectively. You can find the first article of the series here.

Paul Witherow, PMP, MBA, is a Partner and leads MNP Digital’s Customer Platforms COE, which includes our Digital Experience, CRM, and Low Code Application Development solution teams. Drawing on more than 25 years of management, strategic advisory and systems integration experience, Paul leads strategic change initiatives and technology-enabled transformation.

In our last article about the Microsoft Power Platform, we spoke about how Power Apps can empower citizen developers across your organization to build their very own apps. Perhaps by now you’ve done some additional research, weighed the benefits and decided you’d like to streamline your organizational app-building efforts with the help of Microsoft Power Platform’s Power Apps.

The question now is: how do you get started? This is what we call the “deployment paradox”. While it may be possible to simply turn on the tools, and allow members of your organization to just start building, that approach comes with some hefty risks. For instance, it could create a “wild west scenario” that results in the development of apps that lack effective security, fail to integrate essential KPIs or violate company policies. Not surprisingly, this approach isn’t exactly optimal.

Ruling that option out, then, you’re essentially left with three other routes of deployment:

Designate organizational “app champions”. These subject matter experts should have above-average Power Platform knowledge and a preliminary understanding of the organizational rules they need to follow to create functional apps. As champions, they are the ones who would lead your app development efforts. The trouble with this option is, because these champions aren’t trained in IT, they could have varying standards—and potentially miss opportunities for scale.

Make citizen app-building an IT responsibility. While members of your organization can build the apps, this deployment option ensures every app is run by IT before it goes live. The problem here? It doesn’t resolve the original problem that led to citizen app-building in the first place: the IT bottleneck.

Create a Centre of Enablement. With this option, IT still has influence over the quality of apps produced by the organization—but, to reduce the department’s involvement and avoid an IT bottleneck, other areas of the business are involved as well. With the right set-up, a Centre of Enablement (COE) can help organizations reduce risk and increase platform ROI by supporting citizen development across the enterprise.

Centre of Enablement: Defined

The Centre of Enablement is an organizational structure that enables the distributed development of applications. It centralizes in-house development skills, talent and expertise in a way that makes this information more accessible to citizen developers, while enhancing clarity, focus and consistency around the organization’s app-building goals.

Specifically, the COE works by creating a simple and streamlined support structure for business units, as well as by providing opportunities for teams to develop their expertise and skills. It also offers enhanced visibility into company-wide app-building efforts and activities—to create a more coordinated digital framework.

Building a COE typically occurs in two phases. The first involves developing a clear app classification and compliance framework, while the second step is spent building a multi-disciplinary COE team.

First things first: App classification

Every app created by your organization must meet all compliance and security standards—and, depending on what type of app you’re creating, those standards will likely vary from app to app. For this reason, one of the first things you must do before opening the doors to citizen-led app-building is to have a method for defining the risk profile of every app.

Teal quotation marks
"One of the first things you must do before opening the doors to citizen-led app-building is to have a method for defining the risk profile of every app."

This first stage in the app-building process will encourage developers to ask a series of questions to clarify the potential compliance requirements of an app by making note of the amount of sensitive data used (e.g., personal, strategic, financial, operational), the potential risks of security and data breaches, and the business risks if the app is, for some reason, not available.

Ideally, an organization will put together between eight and 10 controls that will help developers automatically classify their respective apps and move seamlessly into the compliance framework.

Next up: The compliance framework

Once a developer has a sound understanding of whether they’re building a high-, medium- or low-risk app, they’ll move into the compliance framework—and follow a series of mandatory, compliance-related processes outlined by the organization. These processes will vary depending on the app’s classification level.

So, for example, if an app is determined to be reasonably high-risk in regard to, say, data privacy breaches, the compliance framework may require the citizen developer to first engage relevant organizational teams to help conduct a design review. From there, the citizen developer may be free to develop the app, but, once again, have to engage other team members to conduct a pre-deployment review. After the app is up and running, the compliance framework may mandate ongoing post-deployment check-ups.

A high-profile application central to business operations could warrant a different compliance process. In this case, the app might have to undergo a technical review, in-depth user-training and—if it’s going to be rolled out enterprise-wide—widespread rollout.

Want to learn from
MNP Digital's experts?

Check out our “5 Power Platform apps that are changing the public sector” on-demand webinar.

Building the COE team

Once you have the right app classification system and compliance framework in place, it’s time to build your Centre of Enablement team. The purpose of the team is to educate and support your citizen developers. Additionally, its aim is to create a community of users, enforce standards and compliance, provide data stewardship and simply preserve the overall health of the platform.

This team will be central to your Power App deployment—and make sure it reflects the culture and scale of your organization. Depending on your needs, your COE team may include the following roles:

  • Standards and compliance, responsible for developing, supporting and enforcing the app classification and compliance framework
  • Steering, responsible for establishing your organization’s mandate, vision and goals of the Power Apps tool
  • Education support and communications, responsible for fostering a community of users by sharing information
  • Development, responsible for creating and centralizing resources like data connectors and accelerators, reusable code, libraries of portals and API connectors
  • Data stewardship, responsible for the provisioning of the Centre of Enablement and educating citizen developers on the availability and nature of the data that’s available to be consumed by the apps
  • Management, responsible for overseeing the Microsoft Centre of Excellence (and features of Microsoft Power Platform) to see what connections are being used, who’s sharing it or who’s accessing these applications and auditing that information

As we mentioned above, every organization is different. Depending on your size and scale, you may not find it necessary to fill every one of these positions.

From enablement to excellence

While an app classification system, compliance framework and Centre of Enablement team are all elements of a sound governance framework—and integral for the effective deployment of Microsoft Power Apps across your organization—the Microsoft Centre of Excellence can help you truly empower your governing body and take your app-building efforts to the next level.

We’ll explain how the Centre of Excellence can help increase visibility into your app-building efforts in our third and final installment of this Microsoft Power Platform series. In the meantime, if you have additional questions about how to deploy Power Apps in your organization—or if you’d like to learn more about the solution’s capabilities—contact the MNP Digital team.

Connect with us to get started

Our team of dedicated professionals can help you determine which options are best for you and how adopting these kinds of solutions could transform the way your organization works. For more information, and for extra support along the way, contact our team.