Close this search box.

12 Risks of the Citizen Development Movement

Citizen Development Program

Citizen development is a cutting-edge strategy that promises businesses a competitive edge. Many organizations are already on board, with 84% employing citizen developers

But the risks of citizen development are a genuine concern. Left unmanaged, these risks can derail a citizen developer program. 

Worse yet, a failed citizen developer program can disrupt company operations. Fallout can soon impact everything from IT and business units to HR and finances.

Risk mitigation is possible with the proper management structures and strategies. By using best practices, companies can reduce risks and gain from the growth of their citizens.

What Are Citizen Developers?

Citizen developers are non-IT employees that create applications using low-code or no-code platforms. Unlike professional programmers, they write little or no code to develop applications.

They are full-time business employees first and part-time developers second. In short, they focus on resolving daily problems while going about their regular jobs.

Citizen developers lack coding skills but have intimate knowledge of business processes. This knowledge is the “secret sauce” needed to build the apps to fit their business needs. 

Low-code/no-code tools make it possible.

Low-code platforms can build apps faster than traditional development. And they often cost less than relying on IT and professional programmers. At the same time, low code helps reduce IT backlogs, allowing IT teams to focus on other priorities.

With failure rates on digital transformation efforts increasing, many organizations are turning to low-code and citizen developers to drive results.

Are Citizen Developers Risky?

Citizen developers deliver significant benefits when properly managed and supported. But they are not without risk. 

Unmanaged citizen developers can cause severe issues and expose businesses to unnecessary risks. Without guidance, monitoring, and support, they can cause more problems than they solve.

Unrestrained citizen development can cause data leakage, integration failures, and security breaches, and it can also lead to the development of poorly-designed, redundant, or obsolete apps. 

12 Ways Citizen Development Puts Your Business at Risk

Successful citizen development involves more than low-code/no-code tools and eager developer recruits. Businesses need leadership commitment, IT collaboration, and detailed governance policies and procedures.

Organizations must also recognize potential risks and install an inclusive mitigation strategy. A structured governance framework optimizes citizen developer performance while minimizing risks.

Before implementing a citizen development program, you should know these 12 common risks.

1. Excess Cost

Low-code/no-code tools cost less than traditional development tools per developer. However, costs may be higher if used improperly (duplicate apps, for instance) or if you have multiple developers (as each developer needs a license).

Low-code/no-code pricing can start as low as $10 per month and increases into the thousands. Adding hundreds of citizen developers can be expensive, even at the low end.

2. Security Concerns

New or poorly-trained citizen developers are unaware of security procedures and best practices. More experienced developers need constant monitoring to ensure compliance. 

Working outside of IT security protocols, citizen developers can develop bad habits. They may break the rules and ignore best practices. Development security while working remotely is also a concern.

They can open security gaps or disrupt other systems or databases. Specific issues can include security breaches, data corruption or leaks, and faulty integrations.

3. Lack of Accountability

IT teams within tightly-restricted environments control traditional software development. So, it’s not too hard to keep an eye on development to make sure best practices, security procedures, and quality standards are followed.

But citizen development distributes application builds throughout the business. Ultimately, it becomes much harder to track individual projects and developers.

Shadow IT and rogue development spreads. Gaps in compliance happen.

All of this increases risk.

A structured development framework is critical for tracking and managing citizen developers. It’s the most effective way to ensure accountability among dispersed developers and projects.

4. Reduced Transparency

Widely dispersed citizen development makes transparency difficult. 

Limited transparency can lead to rogue development and shadow IT. Insufficient testing also adds more risk as apps can have weak security or fail compliance checks. 

Without transparency, there are simply too many variables to track and manage. The solution is a structured development framework, and this sets up guardrails for your team to follow, ensuring compliance.

5. Subpar Application Quality

IT staff and professional programmers repeatedly test applications to ensure quality. Testing often occurs at several points of a development lifecycle and/or the end of agile sprints. 

Citizen developers focus more on speedy development than testing. Quality may suffer. And they may release subpar applications without properly testing them. Not intentionally, in most cases, but due to a lack of understanding around proper testing cycles. 

When IT collaborates with citizen developers, app quality tends to increase. This is because they leverage their background in coding to help ensure citizen developers produce quality solutions.

6. Increased Inefficiencies

Citizen development can create inefficiencies compared to conventional IT-based development. Automating inefficient processes simply makes them automated inefficiencies. 

For instance, a citizen developer can build out numerous siloed “apps” that still require manual data entry between systems. In short, they function no better than expensive spreadsheets.

To see real results, you must improve workflows first, then automate repetitive tasks.

Worse, multiple citizen developers may build multiple versions of an app for the same workflow. This creates extra work and costs that could be reduced by consolidating applications.  

Citizen developers often lack a big-picture perspective. Working with IT and leadership, they can get a better understanding of what solutions the business needs to be successful.

7. Compliance Oversights

IT usually ensures compliance with industry standards and regulatory requirements. Managing compliance risk is part of their job.

Citizen developers are usually less concerned with compliance. It’s not their focus, and they may not even be aware of relevant standards or regulations.

IT needs to take the lead in compliance monitoring and management compliance. Usually part of a structured management framework, it helps reduce oversights.

8. Application Sprawl

When citizen developers become more prevalent within an organization, apps can multiply. The situation can lead to wasteful duplicate development efforts and redundant apps.

The best solution is to regulate app development, updates, and deactivation. A structured Center of Excellence (CoE) is a good approach. 

A CoE keeps an inventory and maintains a repository of all active apps. It can also limit the number of apps in development and service.

Reining in application sprawl cuts waste and helps ensure that only high-quality apps are in use. And it avoids the chaos that can result when anyone can build any app they want. 

9. Disinterested “Citizens”

People often push back against technology. Some “citizens” don’t want to be developers. They may dislike technology or see citizen development as more work at the same pay. 

Still, others will be on the fence but come around with the proper encouragement. While all employees don’t need to get on board, citizen development works best if you get buy-in from the right employees.

Leadership plays a key role by promoting the benefits of acting as an empowered citizen developer. Financial rewards and promotions can help. Even formal recognition of successful app launches will prompt more employees to step forward.

10. Vendor Lock-In

Many low-code/no-code tools create apps that are only usable with that platform. The resulting vendor lock-in dictates maintaining a platform license for as long as apps are in use. 

All underlying code resides within the original low-code/no-code platform. As a result, they lack portability to other platforms. 

Vendor lock-in is a concern for many organizations and 37% of companies avoid it. Choosing a platform that allows app portability can help ease this concern. Ensuring access to source code also helps.

11. Low-Code/No-code Limitations

Low-code/no-code platforms excel at developing relatively simple business applications quickly and inexpensively. But they have their limitations.

For one, they are not well-suited to creating complex applications. Most are template-based, so customization is a problem. They may also suffer from lackluster processing speed and high resource overhead. Vendor lock-in can limit your deployment options.

Standardizing on one platform helps compensate for low-code/no-code limitations. Matching platform capabilities to your organization’s requirements are essential. 

Training your citizen developers is a must.

12. Unrealistic Expectations

Adopting appropriate expectations is essential to successful citizen development. A well-planned and supported citizen development program provides significant business benefits. But it’s not an instant solution to every challenge.

It won’t replace your IT department or cut the need for professional software engineers. And it will only be successful with the proper resources and governance.

Realistic expectations recognize the planning and work needed for successful citizen development. Expecting it to be a quick fix is counterproductive and can stunt its development.

How to Reduce the Citizen Development Risk

The risks created by citizen developers can impact a business in significant ways. Faulty digital solutions cause transformations to fail. But implementing a proven risk mitigation strategy can effectively manage these impacts. 

Effective governance and a structured management framework are key components of this strategy. And it should aim to support and monitor citizen developers simultaneously. This dual focus is critical to optimizing their effectiveness while reining in potential abuses.

Governance and Frameworks

The cornerstone of citizen developer governance is a structured and comprehensive management framework. It includes appropriate policies, procedures, and technical resources.

A framework should include all key stakeholders, including leadership, IT, and citizen developers. Each stakeholder group plays a role in boosting developer productivity while reducing risks. 

IT contribution is the most important. Close collaboration with developers is just the start. More IT responsibilities include monitoring, platform selection, training, and support.

Support for Citizen Development Programs

Supporting citizen developers is as essential to program success as monitoring and governance. And all key stakeholders serve a role in citizen developer support. 

At a minimum, comprehensive citizen development support should include the following:

  • IT Collaboration. As previously discussed, IT collaboration is critical to making citizen developers successful. IT has the skills and experience developers need to build the best apps. They are the experts on security, integration, QA, and more, so their cooperation and guidance are essential.
  • Culture and Community Building. Building a supportive citizen developer community makes app development easier. A culture that recognizes and rewards developer successes spurs momentum. And it encourages more employees to become citizen developers.
  • Resources and Training. It’s hard to overstate the importance of training for citizen developers. Many developers are technology novices. Proper training and access to documentation, pre-built app templates, and modules are critical.
  • Tech Support. Especially at the onset of a program, citizen developers need a go-to help resource. A dedicated citizen developer help desk is fundamental.
Jason Skidmore
HR certification - woman smiling holding a certificate
man playing chess representing strategic resource management

Explore our topics