Project Management & Governance for Citizen Developer, Pt. II

21 September 2022

This blog is the second part of a series by Dermot Hore, Auxilion's Senior Programme Management Consultant, on the Project Management Institute's Citizen Developer Handbook. You can find Part I here. 

Hyper-Agile SDLC

What’s in a name? I have real difficulty with “Agile”- not that it doesn’t work, of course it does, it’s just that I have seen it used so many times as an excuse to not ‘manage’ a project. Having said that, people’s attitudes have changed and, as a way of working, it is just as likely to deliver a project as any other method. But I still have scars, so you can imagine my reaction to a new delivery module called ‘Hyper-Agile SDLC.’

The Citizen Development handbook, from the Project Management Institute, has 10 commandments guidelines for using the suggested new delivery model when implementing low-code/no-code software projects. Some of them might cause a slight raising of the eyebrow.

The Guidelines that hit the headlines:

  • Use the minimum number of phases
  • Citizen developers should not be bound by lengthy project charters and administrative controls
  • Minimum documentation is required
  • Citizen developers possess broad freedom for ideation and prototyping
  • The business retains autonomy for all ideation and solution design

On the other hand, the guidebook also outlines:

  • Design and implementation of the operating model happens in parallel with application design
  • Citizen developers are bound to quality assurance, resilience and security controls
  • Citizen developers enlist the support of IT developers when needed (but it does say 'only when needed')
  • Citizen developers have responsibility to understand the purpose and benefits of IT control and if/when/why IT should be consulted
  • The business considers business/operational risk and value early in the SDLC

You can see from the above that Hyper-Agile SDLC does try to balance the freedom offered by having a business user creating an application with the absolute need to govern the work. The delivery model is illustrated as follows


Source: Project Management Institute Citizen Developer Handbook


The first decision point (Step 2) is a spot assessment. Assuming the project is appropriate for Citizen Development then this is the track that should be followed and, yes, the handbook does layout the criteria for this decision. It may be the case that a more appropriate decision would be an Assisted Path – Citizen Development, but assistance is provided by a competency centre and a ‘squad’ is assembled. Finally- and this is fairly obvious- the project might not be suitable at all for a Citizen Development approach, in which case you can use a traditional PM methodology, be it Waterfall, Agile or Disciplined Agile- whatever the standard in your organisation. The key message here is that there are significant advantages to Citizen Development, but often, it is completely the wrong approach. The important thing is developing the ability to identify situations where it is, or is not, the correct approach.

The development track suggested by the handbook is selected based on an assessment of Risk and Technical Complexity.


Source: Project Management Institute Citizen Developer Handbook

This clearly calls out that application developments that are not technically complex and considered to have a low level of risk are candidates for a low-code/no-code development and as either of these parameters increase other delivery approaches should be considered.

There is a relatively detailed section in the handbook that defines High/Medium/Low criteria for risks under the following headings

  • Security
  • IT Architecture
  • Reputational
  • Operational Risk
  • Regulatory
  • Financial

On the technical complexity front it really depends on the level of experience your developers have in terms of citizen development or traditional IT development.

Finally, the PMI have highlighted a key aspect of any software development project that is often left to the end or is an afterthought: handover to support, who will maintain the application when it is released into production. How do you make sure the application, not developed by a professional developer, doesn’t break anything or actually cause more harm than good? While the handbook does not go into a lot of detail on this topic, it is addressed. Maintenance is broken into four classifications:

Maintenance Type Maintenance Description Maintenance Performed By (Most of the Time)

A fault occurs and maintenance tasks are performed to rectify it so that the application can be restored to operational parameters

Citizen Developer

The environment changes and maintenance tasks are performed to modify the application in order to adapt to the new situation

Citizen Developer

New enhancements are added to the application that are either functional or non-functional

Competency Centre or IT Department 

Scheduled maintenance tasks are performed to maintain the application, detect possible defects, and fix them before a fault occurs

Competency Centre or IT Department 

Source: Project Management Institute Citizen Developer Handbook 

Hyper-Agile SDLC is one topic covered as part of the delivery model defined in the Citizen Development handbook from the PMI. There are two other topics

  • Ideation – In essence, Business Analysis. Citizen developers take on the job of identifying the business need, digging into the detail to understand the functionality needed, and then move on to creating applications and, as outlined above, performing aspects of maintenance
  • And Sustainability Assessment – there are a set of tools defined that you could use to assess if you should use Citizen Development or not for an identified project

    More on all of these topics to follow in future blogs!

Sign up for our updates


Experience the difference in our thinking

Let's talk