← All DORA Capabilities

Streamlining Change Approval

Flow & Delivery
DIRECT DRIVER

Change approval governs how organisations balance delivery speed with risk control. In traditional models, heavyweight approval processes attempt to prevent failure by scrutinising each release. However, these mechanisms often slow delivery, increase batch sizes, and paradoxically raise risk by encouraging infrequent, complex changes.

Modern high-performing organisations shift from gatekeeping to risk-based governance. Instead of manually approving every change, they embed safeguards into engineering practices, automation, and monitoring. Low-risk changes flow quickly, while higher-risk changes receive appropriate scrutiny. At the highest maturity, approval becomes implicit, earned through reliable systems and transparent evidence, enabling rapid delivery without sacrificing safety or compliance.

Bureaucratic Gatekeeping
(Manual approvals dominate)

Description

Most changes require formal review and sign-off through hierarchical processes, regardless of risk level.


Observable Characteristics

  • Change advisory boards or formal approval meetings
  • Multiple layers of sign-off required
  • Approval cycles tied to release schedules
  • Decisions influenced by hierarchy rather than evidence
  • Limited differentiation between minor and major changes
  • Long waiting times before deployment

Outcomes & Risks

  • Slow delivery of value
  • Increased risk due to large deployments
  • Frustration among delivery teams
  • Reduced responsiveness to urgent needs
Structured but Slow Approval
(Defined processes, persistent friction)

Description

Approval workflows are documented and standardised, but still impose significant coordination overhead and delays.


Observable Characteristics

  • Formal change request procedures
  • Regular approval cycles or scheduled reviews
  • Templates and criteria for submissions
  • Some differentiation for routine changes
  • Limited automation in decision-making
  • Continued dependence on central oversight

Outcomes & Risks

  • More predictable governance
  • Continued impact on delivery speed
  • Incentive to bundle changes together
  • Difficulty scaling approval processes
Risk-Based Approval
(Controls aligned to change impact)

Description

Approval requirements vary according to the risk and nature of the change. Routine or low-risk changes can proceed quickly.


Observable Characteristics

  • Classification of changes by risk level
  • Pre-approved pathways for standard changes
  • Peer review replaces hierarchical sign-off in many cases
  • Approval integrated into development workflows
  • Compliance embedded in processes
  • Reduced reliance on central committees

Outcomes & Risks

  • Better balance between speed and control
  • Increased team autonomy
  • Reduced backlog of pending approvals
  • Requires accurate risk assessment
Evidence-Based Approval
(Decisions driven by data and safeguards)

Description

Approval decisions rely on objective indicators such as test results, performance metrics, and historical reliability rather than subjective judgement.


Observable Characteristics

  • Automated quality, security, and compliance checks
  • Risk assessed using empirical data
  • Deployment readiness evaluated continuously
  • Audit trails generated automatically
  • Minimal manual intervention required
  • Transparent decision criteria

Outcomes & Risks

  • Strong governance with minimal friction
  • Reduced operational risk despite higher deployment frequency
  • Improved compliance posture
  • Dependence on accurate metrics and tooling
Continuous Compliance and Trust-Based Governance
(Approval implicit through reliable systems)

Description

Approval becomes embedded in engineering systems and practices. Changes proceed automatically when defined controls are satisfied.


Observable Characteristics

  • Policy enforcement automated within pipelines
  • Continuous monitoring replaces pre-release gatekeeping
  • Changes approved automatically if safeguards pass
  • High-trust environment with strong accountability
  • Rapid response mechanisms for issues
  • Governance scales with delivery speed

Outcomes & Risks

  • Rapid delivery of value
  • High organisational agility
  • Sustained compliance without bureaucratic overhead
  • Competitive advantage through responsiveness
Ensure change approval processes are risk-based, efficient, and do not unnecessarily delay delivery.