Introduction
Ask any group of engineers what kills big software programs and you'll get the usual suspects: scope creep, tech debt, not enough people, shifting priorities. Those are all real. But I think they miss the biggest one: unmanaged dependencies. Working as a TPM at Citrix, I've watched fully-staffed teams with clear requirements blow past their deadlines. Not because the work was too hard. Because nobody tracked the invisible web of dependencies tying their work to a dozen other teams, services, and vendors.
Dependencies are why a "simple" feature turns into a six-month slip. They're why your critical-path team is stuck at 9 a.m. Monday, waiting on another team that doesn't even know they're blocking anyone. Honestly, dependencies are a big part of why the TPM role exists. If every team could ship in isolation, you wouldn't need someone whose whole job is seeing the full board.
I've spent years building an approach to dependency management that's helped Citrix's DaaS platform teams ship complex, multi-team work on time. This is everything I've learned — from finding dependencies to managing and resolving them. Whether you're running your first cross-team program or you've been doing this for a while, I hope you'll find something useful here.
Key Takeaways
- Dependencies — not complexity — are what actually blow up schedules in multi-team programs.
- A simple classification system helps you catch dependencies you'd otherwise miss completely.
- Running a "dependency discovery sprint" finds hidden dependencies before they block anyone.
- You can't track everything equally. Prioritize by risk so you focus where it counts.
- Clear cross-team protocols cut dependency friction by 60% or more.
- You need automation at scale. Manual tracking falls apart past five teams.
Taxonomy of Dependencies
Before you can manage dependencies, you need a common language for talking about them. I break them into four categories. Each one carries different risks, needs a different management approach, and tends to show up at different points in the program.
Technical Dependencies
These are the ones engineers think of first, and rightfully so. They show up whenever one component needs another component's functionality, interface, or output. Think API contracts between services, shared libraries and SDKs, infra provisioning, database schemas, and auth integrations.
On Citrix's DaaS platform, these are everywhere. When the session broker team ships a new version of the session allocation API, the workspace frontend team, the monitoring team, and the auto-scaling team all need that contract to stay stable. A breaking change in the broker API can ripple across four or five teams in hours. The worst part? These dependencies are often implicit. Nobody documented them, nobody agreed to them, and nobody knows they exist until something breaks in staging on a Friday afternoon.
The fix is to make implicit dependencies explicit — contract testing, interface docs, versioning. I think you should treat every cross-service API like a public API, even when both producer and consumer are internal. Semantic versioning, published changelogs, deprecation windows. It feels like overhead until you compare it to debugging mystery breakages in your integration environment.
Organizational Dependencies
These come from how your company is structured, not your code. Other teams' backlogs and priorities, vendor deliverables, security and compliance reviews, legal and procurement approvals, executive decisions — all organizational dependencies.
These are the ones that blindside TPMs the most. Your technical architecture can be perfect, but if the security review board meets once a month and you missed the submission deadline by two days? That's a four-week slip with no workaround. If a vendor's SDK update is late, no amount of internal hustle makes up for it.
You can't refactor your way out of a procurement approval cycle. You have to find these early, pad your timelines, and build relationships with the people who control the gates. Knowing the security review board chair by name and understanding their submission criteria saves more schedule time than any engineering fix ever will.
Temporal Dependencies
These are about sequencing. Some work genuinely has to happen in order — you can't deploy a microservice before the Kubernetes cluster it runs on exists. Other sequencing is softer. It'd be nice to finish user research before UI design, but an experienced designer can start with good assumptions and iterate.
The critical TPM skill here is telling hard temporal dependencies (real physical or logical constraints) from soft ones (preferences or habits). Teams constantly treat soft dependencies as hard ones, which serializes work unnecessarily. One of the most valuable things I do is question sequencing assumptions and find chances to run work in parallel.
During PI planning for Citrix's cloud infrastructure programs, I push back on sequencing all the time. "Does the monitoring integration really need to wait for the full API to be deployed, or can you build against a mock and integrate later?" Questions like that regularly unlock two to three weeks of schedule compression by turning sequential work into parallel tracks.
Resource Dependencies
These happen when multiple teams compete for the same limited resource. The obvious one is shared engineers — if your best Kubernetes person is split across three teams, each team depends on the others' willingness to share that person's time. But it goes beyond people: shared test environments, limited CI/CD capacity, specialized hardware for perf testing, even meeting room availability for planning sessions.
Resource dependencies are sneaky because they create hidden coupling between otherwise independent work. Team A and Team B might have zero technical dependencies, but if they share a staging environment and Team A's load test hogs it for a week, Team B is dead in the water — and nothing in the dependency graph shows why. I keep a resource inventory alongside my dependency map, tracking not just what depends on what, but who depends on whom and which shared resources could become bottlenecks.
Building the Dependency Map
Knowing the categories is step one. The real work starts when you actually map the dependencies in your program. A dependency map is a living doc that captures every known dependency — status, owner, risk level. Building one takes detective work, structured conversations, and systematic digging.
Techniques for Discovering Dependencies
No single method catches everything. You need several approaches, because each one reveals dependencies the others miss.
Stakeholder interviews are where I start. I sit down with the tech lead and PM of every team and ask three questions: "What do you need from other teams to deliver? What are other teams expecting from you? What could go wrong that's outside your control?" These conversations always turn up dependencies that aren't in any backlog or architecture diagram. That third question is gold — it gives people permission to voice concerns they'd otherwise keep quiet.
Architecture reviews catch technical dependencies that team members take for granted. Walk through a system diagram with engineers and they'll casually say things like "oh, we call the identity service here for token validation" or "this writes to the shared event bus." Every one of those throwaway comments is a dependency you need to track. I run these reviews with engineers from multiple teams in the same room, because cross-team discussions surface integration points that single-team reviews miss.
Backlog analysis is grindier but effective. I pull every team's backlog and look for shared epics, references to other teams, and any ticket with "blocked by," "waiting for," or "depends on." It's tedious. In one Citrix program, it surfaced fourteen cross-team dependencies that none of the interviews caught, including three on the critical path.
Tools for Visualization
Once you've found your dependencies, you need to show them in a way that makes sense to both engineers and non-technical folks. I use different tools depending on the audience.
JIRA dependency tracking with issue links (blocks/is-blocked-by) is the system of record. Every dependency gets a JIRA link so status changes flow automatically. JIRA's limitation is it's terrible for the big picture — you get lost in tickets and can't see the overall structure.
Miro or Lucidchart fills that gap. I keep a high-level diagram with teams as nodes and dependencies as directed edges. Green means healthy, yellow means at-risk, red means blocked. This diagram is the centerpiece of my weekly program reviews and honestly the most effective artifact I have for showing executives where things stand.
Custom program boards work well for PI planning and big coordination events. I build boards that map features to sprints, with lines connecting dependent features across teams. It makes sequencing dependencies instantly visible and works great for collaborative planning.
The Dependency Discovery Sprint
This is a technique I built and have run successfully across multiple programs at Citrix. At the start of a major program increment, before teams commit to sprint plans, I run a two-day focused exercise where every team maps their dependencies.
Day one is about breadth: each team independently lists every dependency they can find, using the categories above. Day two is about alignment: teams come together, compare lists, and sort out the mismatches. You'd be amazed how often Team A thinks they depend on Team B, but Team B has no idea. The reconciliation conversation is where the real value is — it forces everyone to agree on who owes what to whom, and by when.
What comes out is a vetted, agreed-upon dependency register that's the baseline for the entire increment. Every dependency has an owner, target date, risk rating, and mitigation plan. This single artifact has cut our mid-increment dependency surprises by roughly 70%.
Risk-Based Dependency Prioritization
A big enterprise program can easily have a hundred-plus cross-team dependencies. You can't give them all equal attention. The thing to understand is that dependencies follow a power law: a handful carry most of the schedule risk, and most will resolve themselves without you doing anything.
Impact x Probability Matrix
I score every dependency on two axes. Impact: what happens if it's late? Does it block one team for a day, or does it stop the whole program for a month? Probability: how likely is it to slip? Is the delivering team confident and well-staffed, or stretched thin and juggling other priorities?
Plot those on a simple 2x2 and you get four quadrants. High-impact, high-probability: your top priority, needs daily attention and active mitigation. High-impact, low-probability: build a contingency plan but don't check on it daily. Low-impact, high-probability: annoying — try to eliminate these through scope changes or workarounds. Low-impact, low-probability: just keep an eye on them.
Critical Path Analysis
Risk prioritization doesn't work without critical path analysis. A dependency off the critical path has built-in buffer — if it slips a week, the program might not slip at all. A dependency on the critical path has zero buffer. Any slip hits the program directly.
I maintain a critical path analysis for every major program and update it weekly. The critical path shifts constantly as work moves forward, dependencies resolve, and new risks pop up. When a dependency lands on the critical path, it gets an immediate bump in attention regardless of where it sits on the risk matrix.
Classifying Dependencies
Beyond the risk matrix, I sort dependencies into three operational buckets. Hard blockers: no workaround exists. If the auth service isn't ready, you can't ship a feature that needs authentication. Period. Soft dependencies: a workaround exists but it hurts. You could ship without the new monitoring integration, but you'd be flying blind in production. Nice-to-haves: they'd improve things but aren't required. You'd like to use the new design system components, but the old ones work fine.
This classification drives your management approach. Hard blockers need proactive management, early warnings, and pre-agreed escalation paths. Soft dependencies need workaround plans documented ahead of time so you can switch to plan B fast. Nice-to-haves get tracked but not actively managed — if they happen, great, if not, you move on.
Communicating Dependency Risk to Executives
Executives don't care about your dependency matrix. They want three things: are we on track, what could derail us, and what are you doing about it. I use a simple stoplight dashboard that rolls up the detailed analysis into program-level risk indicators. Each major deliverable gets green, yellow, or red based on its dependencies, and I write a brief narrative for anything that isn't green. Quick, respects their time, and gives them enough to make decisions about escalations, resourcing, and scope trade-offs.
Cross-Team Dependency Protocols
Finding and prioritizing dependencies isn't enough. You also need clear rules for how teams work together on shared dependencies. Without them, dependency management becomes ad-hoc Slack messages, hallway conversations, and hope. Hope is not a strategy.
Establishing Contracts Between Teams
Every significant cross-team dependency should have an explicit contract. For technical ones, that means API contract tests in CI, interface specs in version control, shared SLAs for uptime/latency/throughput, and agreed versioning and deprecation policies.
For organizational dependencies, contracts look different: written agreements on review timelines, documented escalation paths, commitment letters from vendors. Match the formality to the risk. A critical-path API dependency deserves a formal interface spec. A low-risk shared utility library dependency? A quick Confluence page is fine.
The Dependency Handshake
I've built a ritual I call the "dependency handshake" that's now standard practice in my programs at Citrix. When we spot a new cross-team dependency, I set up a quick meeting between the dependent team and the providing team. Both teams acknowledge the dependency and why it matters. They agree on a delivery timeline with milestones. They set an escalation path if the timeline slips. They name an owner on each side for communication. And they agree on a check-in cadence — weekly syncs, bi-weekly async updates, or daily standups for critical-path stuff.
The whole thing takes thirty minutes and produces a one-page summary both teams sign off on. Small investment, huge payoff. When a dependency starts slipping, there's zero ambiguity about who talks to whom, what the escalation path is, or what was promised. It turns a vague expectation into a real commitment.
Synchronous vs. Asynchronous Coordination
A common TPM mistake: defaulting to weekly meetings for every cross-team dependency. Meetings are expensive. Most dependencies don't need real-time discussion every week. I use a tiered approach.
Critical-path dependencies with active risk get synchronous check-ins — daily standups or twice-weekly syncs. Healthy critical-path dependencies get weekly async updates through a structured Slack or Teams template. Off-critical-path stuff gets bi-weekly or monthly checks, usually just a line item in a broader program review. This keeps communication flowing without drowning teams in meetings. The key is adjusting cadence as risk changes. Something healthy last month might need daily attention this month.
Dependency Resolution Patterns
Even with perfect mapping and protocols, dependencies will get stuck. What separates good TPMs from great ones isn't whether dependencies ever become blockers — it's how fast and creatively you unblock them. Here are the resolution patterns I reach for most.
Resequencing Work
Often the simplest fix is just changing the order of work. If Team A is blocked by Team B, can Team A pull other work forward and come back to the blocked item later? This only works if teams keep a healthy backlog with items that can be resequenced without a big ramp-up cost. I tell all my teams to always have at least two sprints worth of "pull-forward" work identified and ready.
Creating Shims and Adapters
When one team is waiting on another team's API, you can often build a shim or adapter that lets development move in parallel. The dependent team codes against a thin interface that abstracts the real dependency, then swaps in the actual implementation when it's ready. Works great for technical dependencies and can compress timelines a lot. The risk is the shim doesn't perfectly match the real behavior, so you need thorough integration testing once the actual dependency lands.
Parallel Development with Mocks
Similar idea: both teams agree on an interface contract upfront, then each develops against a mock of the other's service. This works when the interface is well-defined and stable. It falls apart when the interface is still changing. I only recommend it after teams have gone through contract negotiation and have a high-confidence spec.
Scope Negotiation
Sometimes the fastest way to fix a dependency is to kill it. Can you cut scope so the dependency goes away? Can you ship an MVP that skips the dependency and add the full thing later? This takes close partnership with product management, but it's one of the most powerful tools you have. A smaller feature shipped on time almost always beats a bigger feature shipped late.
Resource Sharing
When a dependency is stuck because the providing team doesn't have capacity, you can lend engineers from the blocked team to help speed things up. You need to coordinate carefully so the loaned engineers are actually productive in an unfamiliar codebase. In my experience, it works well when the providing team has clear, well-scoped tasks that a good engineer can pick up without too much ramp-up.
The TPM as Dependency Unblocking Machine
Across all of these, the TPM's job is the same: see the blocker before it goes critical, pick the right resolution approach, run the conversations to make it happen, and follow through until it's done. I sometimes think of the TPM as a "dependency unblocking machine." Your value is directly tied to how fast you spot blockers and clear them. Every day a dependency stays unresolved is a day of lost productivity — and that cost compounds across every team affected.
Tooling and Automation
Manual dependency tracking works fine for 3-5 teams. Beyond that, you need tooling and automation to keep up with how fast things change. Investing in dependency management infrastructure pays for itself many times over.
Building Dependency Dashboards
A dependency dashboard gives you one view of all tracked dependencies across the program. At Citrix, I built a custom JIRA dashboard that pulls dependency data from every team in the DaaS platform program. It shows dependency counts by status (on track, at risk, blocked), critical-path dependencies with delivery dates, a burndown chart for dependency resolution, and a team-level breakdown of who has the most open dependencies.
It's the first thing I check every morning and the main artifact in my weekly reviews. Takes about two hours to set up with JIRA's built-in widgets and some custom JQL queries, but it saves me hours every week I'd otherwise spend manually pulling status from team boards.
Automated Dependency Health Checks
I also set up automated health checks that run daily and flag dependencies needing attention. Deadline proximity alerts for dependencies approaching their target date without being resolved. Staleness detection for anything not updated in more than a week. Risk escalation triggers that auto-bump priority when the owning team reports a slip. Cross-reference checks that verify both sides of a dependency agree on the current status.
These are JIRA automation rules combined with Slack integrations posting to a dedicated dependencies channel. They make sure nothing falls through the cracks, even when I'm heads-down on something else.
Communication Integrations
Dependency status should flow through the channels teams already use. I set up Slack or Teams integrations that post daily dependency summaries to team channels, DM dependency owners when their items need attention, and create threaded updates so context stays preserved and searchable. The goal is making dependency management feel like part of the normal workflow, not extra admin work. When dependency info comes to people where they already are, they actually keep it updated.
Scaling Dependency Management
What works for three teams doesn't work for thirty. As programs grow, dependency management has to evolve from something you do yourself into a structured, layered practice.
Hierarchical Dependency Management
At scale, I use a three-tier hierarchy. Team-level dependencies are handled by the scrum master or tech lead — intra-team stuff and simple cross-team dependencies that can be resolved with a quick conversation. Program-level dependencies are mine as the TPM — cross-team dependencies on the critical path or involving three or more teams. Portfolio-level dependencies go to a portfolio manager or PMO lead — dependencies between programs or business units that need executive coordination.
The key is clear escalation criteria between tiers. A team-level dependency that stays unresolved for more than one sprint goes to the program level. A program-level dependency that needs budget or org changes goes to portfolio level. Document these rules and get buy-in so escalation is routine, not political.
The Role of the RTE vs. the TPM
In SAFe organizations, there's often confusion about how the Release Train Engineer (RTE) and TPM roles relate when it comes to dependencies. The way I see it, it's mostly about scope. The RTE owns dependencies within a single Agile Release Train (ART), keeping inter-team dependencies resolved within the PI cadence. The TPM owns dependencies across ARTs and with external entities — the cross-train and program-level stuff that doesn't fit neatly into SAFe ceremonies.
When both roles exist, you have to collaborate closely. The RTE surfaces cross-train dependencies to me, and I give the RTE broader program context to help them prioritize within-train. I meet with RTEs weekly to share dependency intel and make sure nothing falls into the gap between our scopes.
Anti-Patterns to Avoid
There are patterns I've seen undermine programs over and over. Recognizing them in your own org is the first step toward fixing them.
Dependency Hoarding
Some teams declare dependencies on everything as a way to hedge their commitments. "We can't deliver X until Team B finishes Y" becomes a universal excuse, even when the dependency is flimsy or a workaround exists. The fix is to challenge every declared dependency: "What happens if this is never met?" If the answer is "we find another way," it's not a real dependency. It's a preference.
Over-Centralization
The flip side: the TPM tries to personally manage every dependency. This makes you a single point of failure and a bottleneck. At scale, you have to delegate to team leads and scrum masters, saving your attention for the highest-risk items. Trust your teams with routine dependencies and build the systems that help them handle those well.
Ignoring Soft Dependencies
It's easy to focus only on hard technical blockers and ignore soft dependencies that collectively slow the whole program down. A team that's technically unblocked but waiting for a UX review, a doc update, and a test environment refresh isn't actually moving at full speed. Track soft dependencies alongside hard ones, even if you manage them with a lighter touch.
Optimistic Timelines for External Dependencies
External dependencies — vendors, partner teams in other business units, open-source communities — almost always take longer than you think. Build buffer into any timeline that depends on an outside entity, and have a plan B ready. My rule of thumb: take the vendor's estimated delivery date, add 50%, and plan around that. Sounds cynical. It's been remarkably accurate.
Treating Dependencies as Static
A dependency map from the start of a program increment is already stale by the end of sprint one. Dependencies shift, new ones appear, old ones resolve, risk levels change. Your dependency register needs weekly maintenance. It's a living document, not a planning artifact you create once and forget. Update it at the same cadence as your delivery cycles.
Conclusion
Dependency management isn't glamorous. It doesn't produce visible features, it doesn't directly generate revenue, and it rarely gets recognition outside the program team. But it's the foundation of predictable delivery at scale. Every program I've run that shipped on time had good dependency management. Every one that missed had dependency management failures, even when other things went wrong too.
Everything in this guide — the taxonomy, the discovery process, the prioritization, the protocols, the tooling — comes from years of doing this on real programs at Citrix. Take what fits your situation, adapt what doesn't, and keep investing in how you manage dependencies. The payoff is programs that ship on time, teams that trust each other, and stakeholders who can count on you.
If you're a TPM looking to have more impact, start with dependencies. Map them. Manage them. Resolve them. Get this right and everything else about your program gets easier.