Pursuing Business Agility Outside of IT: Challenges and Rewards

January 12, 2023


Ahmed Sidky

In tech, agility is about streamlining, finding the right product, and building it in the most nimble and flexible way possible. 

When we talk about business agility outside of tech, in the back office departments, we're mainly talking about risk and human dynamics. We’re asking ourselves, “How agile can we be given the constraints that we have?” 

At Riot Games, we decided to find out. The president wanted the organization to absorb more risk in order to gain more agility. The way to do this was to have the back office functions–HR, legal, and finance–start taking on a little more risk in the way they operate. This required a major mindset shift because departments like HR, legal, and finance typically want to minimize risk for the organization, not absorb it.

Guidelines, Guardrails, and Safeguards

We started using new terminology to categorize our HR, legal, and finance policies and systems. We called them guidelines, guardrails, and safeguards. Our goal was to use these three levels to ensure the organization’s policies were giving people as much freedom and flexibility as possible. 


Guidelines are recommendations that we expect people to follow. We don’t enforce consequences if people go outside the guideline. But we do monitor all deviations and report them to the relevant business unit. The leaders in the department know the context or situation better. If they see that these deviations from the guidelines are okay, then great. That's empowering. 

The company president was very clear that we want to default to having all protective measures in the guideline category. If there's a higher risk to the organization, a fairness issue, or it's illegal, then we’ll talk about upgrading the protective measure to a guardrail or safeguard. We want as many guidelines as possible and as few safeguards as we need. 


Guardrails are general policies for which there is some flexibility. Think of it like a guardrail on the highway: we’re going to give you space, but we’re also putting up guardrails to define what is acceptable. Exceptions may exist, but we'll talk about them. 

Guardrails are actively monitored. If we see consistent or unjustified deviations, then we're going to discuss consequences. Because again, we’re running an organization here. We can't say that everything is a free-for-all. That's chaos. Plus, we still need to protect fairness and we need to follow the law. 


Safeguards are protective measures that everyone is expected to follow and are built into our systems. Think of it like the catalytic converter on your car or ABS brakes; they're built into the system. You don't have to think about it because it’s built-in. 

In Practice 

Here’s an example of how an expense policy might look at each of these three levels. An expense policy guideline, which would have the most agility, would be: “Spend our money like it's your money." We'll track extravagant spends; we'll tell department leads about them. But it's a guideline. 

A guardrail would be: "Meals should be no more than $70. For meals over that limit, we'll track and report." For people who repeatedly spend more than the limit without good reason, we’ll implement a consequence, maybe for those individuals their expense policy will be a safeguard not a guardrail anymore. The safeguard is only necessary for a select few, instead of changing the whole policy for everyone. 

At the safeguard level, the expense policy would be: Everyone is reimbursed at a maximum of $70. It's built into the system. If you spend $100, you’re only going to be reimbursed $70. Because this safeguard is built-in, it reduces friction, overhead, and debate. 

The goal is to create as few safeguards as possible because we want to give agility, autonomy, and empowerment to people in the organization. 

Balancing Autonomy and Risk 

At every opportunity, the president has emphasized that we want to start all policies as a guideline. At the start, people were worried. They thought a lot of guidelines actually needed to be guardrails. But the president insisted that we sit and debate any policy that we wanted to turn into a guardrail. He wanted everyone to be sure it actually needed to be a guardrail because elevating it to a guardrail would reduce agility. 

It took time for people to come around because the organization had operated for years and years with a conservative risk profile. Now we wanted the mindset to be, "Everything is a yes, except the things with a guardrail or safeguard." This mindset is important because it gives employees and the business the space and support needed to win with our players. That's the kind of transformation across finance, legal, and HR that we needed. 

It’s really important for leaders that are pursuing business agility to empathize with the size of the mindset shift. Their role is not to say it once, but to say it every single day and every single time. 

Having our president be such a champion for this– that’s what really started to drive the change. 

Start With Mindset 

ICAgile has always talked about changing people's mindsets first, even within tech. But within tech, you can get away with starting with the rituals and processes, and hoping that mindset shifts will come later. 

However, outside of tech, you must start with the mindset. Why? Because we aren’t talking about how people work, we're talking about the work people produce. You need the HR people to think from a totally different vantage point. Instead of protecting the organization, they need to think about how to enable agility, flexibility, and resilience in the organization. 

For example, agility in HR is not about the HR team working in two-week iterations or creating backlogs. Instead, it’s about how the HR team enables agility inside the entire organization. How does HR set up rules, regulations, job architecture, and reward systems that support agility? 

The Challenges and Rewards of Agility Outside of IT 

Agility outside of IT is so hard because it’s intangible. If it was about something tangible, we, as humans, can put it in a box, and give it a name. We can say, "Build this tool, deploy this thing and we're done." But outside of IT, agility is about changing how people think, changing behaviors, and changing beliefs. 

How do you do that? It takes a lot of time, patience, learning, and coaching. 

When the back office enables agility in the organization, people can feel it. They feel the freedom and flexibility, and they think, “Okay, the organization has my back, so I can deliver value to the customer.” 

These organizations can also pivot quickly because they’ve built more resilient systems. They anticipate change and when they have to make changes, fewer things break. Operations are smoother and more effective. There’s a culture of empowerment, creativity, and collaboration that enables the organization to adapt to change, overcome challenges, and deliver more value to the customer.

Learn How ICAgile Can Support Your Transformation

Elevate Your Learning

Join our community of agile learners and get the latest news and resources delivered straight to your inbox.

* indicates required
Business Agility Foundations, Agile Finance, Agility in Finance, Agile HR, Agility in HR

About the author

Ahmed Sidky | ICAgile, President of ICAgile
Ahmed Sidky, Ph.D. is the Head of Business Agility at Riot Games where he leads a team of 70 agile delivery leaders. Ahmed is a well-known thought leader in the Agile community and is currently serving as the President of the International Consortium for Agile (ICAgile). Throughout his career, Ahmed led a number of Fortune 100 companies through large-scale agile transformations using his culture-led transformation approach, which focuses on changing and introducing organizational habits critical to sustaining agility. He is the co-author of “Becoming Agile in an Imperfect World,” and is a seasoned speaker who has made several keynote appearances worldwide speaking on topics such as the agile mindset, how to create lean high-performing habits within teams, and how to transform organization in a manner that achieves sustainable organizational agility.