Why Governance Is Not "Bureaucracy"
Without clear rules, two things happen:
- Changes occur ad-hoc because nobody knows who decides
- Nobody feels responsible when something goes wrong
In law firms, this is particularly expensive: A faulty workflow can miss deadlines, upset clients, or cause compliance violations. The solution is not a 50-page policy but a minimal framework that works in practice.
The Problem with "Informal" Governance
Most law firms start without formal governance. This works for 1-2 simple workflows. But once multiple processes are running in production, typical problems emerge:
Symptom 1: The Workflow Owner is on Vacation
Nobody knows how the process works. Small changes get postponed. Errors go unnoticed.
Symptom 2: Too Many Cooks
Every partner has "small adjustments". After 6 months, the workflow is a patchwork that nobody understands anymore.
Symptom 3: Changes Without Testing
"This is just a small tweak" – until the workflow sends wrong emails to 200 clients.
Copy/Paste: Minimal Role Model
For each production workflow, you need exactly four roles:
| Role | Responsibility | Time Investment |
|---|---|---|
| Owner (Business) | Decides WHAT the workflow should do | 1-2h/month |
| Maintainer (Technical) | Implements, operates, monitors | 2-4h/month |
| Backup | Takes over during absence/vacation | As needed |
| Reviewer | Approval for critical changes | As needed |
Important: One person can hold multiple roles. In small firms, the Owner is often also the Reviewer. But: Owner and Maintainer should be separate – otherwise, business oversight is missing.
Copy/Paste: Change Process in 5 Steps
Every change to a production workflow goes through these steps:
1. Change Request (1 Paragraph)
What should be changed and why? No novel, one paragraph is enough.
2. Risk Assessment
- Low: Text changes, new notifications
- Medium: New fields, changed logic
- High: Data sources, integrations, delete operations
3. Test Cases (at least 3)
- Happy Path: Does the normal case work?
- Edge Case: What happens with incomplete data?
- Rollback: Can the change be reversed?
4. Deploy Window
When will the change be deployed? Not Friday 5 PM.
5. Rollback Plan
How do you get back to the previous version?
Rule: High-risk changes always require review by a second person.
KPIs for Workflow Governance
These three metrics show whether your governance works:
| KPI | Target | Warning Sign |
|---|---|---|
| Changes/Month | 2-5 | >10 (too much churn) or 0 (nobody maintains) |
| Hotfix Share | <20% | >40% (insufficient testing) |
| MTTR After Change | <4h | >24h (missing rollback) |
When to Start Governance?
Too Early: When you are still experimenting and making daily changes.
Just Right: As soon as a workflow has been stable for 2+ weeks and processes real client data.
Too Late: When the first error has occurred and nobody knows who should fix it.
Next Step
Once you have 1-2 workflows in production, governance is the difference between "runs somehow" and "works long-term". Start with the minimal role model above and expand as needed.