 Introduction Effective governance is a critical element in fostering a successful SOA initiative. SOA promises to deliver a number of important business benefits, including faster time-to-market, lower costs, better consistency, and increased agility. But with great benefits come high risks. SOA requires fundamental changes to the planning, development, and operation of application systems, and it requires new levels of collaboration among project teams within the IT department and across lines of business. In fact, current IT practices, which typically focus on individual projects, time-to-market, and cost containment, frequently discourage SOA adoption. SOA governance helps the organization succeed with SOA by mitigating these risks through established rules, processes, and decision-making authority. A SOA governance program helps people do things according to the organization's goals and best practices. An effective governance program empowers people to handle ambiguity, balance short- and long-range goals, and reduce conflict within the organization. This following article (an excerpt from the upcoming book "SOA Governance" [REF-1] as part of the Prentice Hall Service-Oriented Computing Series from Thomas Erl) provides an introduction to governance, explains how it works, and differentiates it from management. You will find this content useful if you have not been involved in establishing a governance program before or if you would like to gain another perspective on the mechanics of governance. Governance Basics Governance is the organizational system that a society (such as a country, state, or city) or organization (such as a corporation, standards body, or open source community) uses to govern itself. Governance is a meta-decision system, for example, it is the means by which an organization makes decisions about decision-making. Within this context, governance will:
At the highest level, governance is established by the society's constitution or the organization's charter and by-laws. These founding documents prescribe top level authorities and constraints from which all other decision-making authorities derive. At deeper levels in the organization, governance prescribes policies, standards, and processes that guide and control day-to-day decision-making activities. Good governance mitigates conflict within an organization by clearly defining responsibilities and authorities. It reduces ambiguity by articulating rules, processes, and decision guidelines. It helps balance short- and long-range goals by expressing the intents and purposes of its rules. An organization establishes governance to reduce risks and to encourage its people to advance the corporation's strategy, goals, and priorities. In other words, governance is a system that helps people do what's right for the business. The System of SOA Governance SOA governance is the meta-decision system that an organization puts in place to manage and control decisions related to SOA. Executing a SOA initiative involves making many decisions that have significant ramifications for the company. For example:
Such important decisions require governance. Without governance, an organization has no control over decisions made by the people who design, develop, test, implement, and use services, and their efforts can quickly spiral into chaos. The Benefits of SOA Governance SOA governance establishes departmental or corporate standards that help ensure that service-oriented systems deliver the value they are intended to deliver. Governance standards ensure that service designers and developers effectively apply service-oriented principles and patterns when buildings systems. As described in the SOA Manifesto, it is only through the effective application of SOA principles that organizations can attain the promised benefits of SOA. SOA governance ensures more consistency of service-oriented systems. Consistent system design increases the likelihood that the SOA initiative will yield the following benefits:
Why You Can't Buy Governance When someone says "SOA governance," many people immediately think of products, such as registries, repositories, security appliances, and SOA management suites. Although these products are useful, they are just tools, and they won't give you governance. These so-called governance products actually focus more on management than governance. They can automate some processes, but they won't help you determine who gets to make decisions, and they won't help you define the rules, processes, and decision-making guidelines that are the essence of governance. Governance is fundamentally about people and practices. SOA governance is something you do, not something you buy. Governance is Not Management Although the two are closely related, governance is separate and distinct from management.
Governance does not dictate when or how to make a decision. It determines who should make the decisions and establishes limits for them. Management directs day-to-day activities and is responsible for ensuring that daily decisions made adhere to the governance rules. No matter how great, governance cannot replace management, nor can it compensate for poor management. Likewise, management cannot be a replacement for governance, nor compensate for poor governance. Furthermore, poor governance inevitably hampers the ability of good management to make decisions by clouding authority and priorities. Governance Styles Governance must reflect and compliment an organization's culture and management style.
Figure 1: A demonstration of how an organization's culture determines its governance style. The horizontal axis in Figure 3.1 represents the degree of autonomy given to separate groups in the organizations. At one end of the spectrum, all decision-making is centralized (comparable to a monarchy). At the other end of the spectrum, each group establishes its own policies and procedures (comparable to a feudal society). Many organizations opt for a federated model, which permits each business unit a degree of independence while increasing consistency and reducing contention between fiefdoms. The vertical axis in Figure 3.1 represents the degree of control imposed on decision-makers. At one end of the spectrum, rigid policies dictate required actions, and decision-makers have little freedom to apply their own judgment. Too much rigidity feels like a totalitarian society and often generates a great deal of resentment. At the other end of the spectrum, flexible policies provide suggestive guidance, leaving much to the discretion of the decision-maker. Too much flexibility can lead to anarchy. The Goldilocks Principle Most organizations strive to find a balance between centralization and decentralization; between rigidity and flexibility. They look for a model that's just right. But no single governance style is correct for all organizations. An organization must adopt a governance style that aligns with its culture and management style. Empowering People Good governance empowers people to do what's right for the business. Poor governance unnecessarily constrains or inhibits decisions, or it fails to provide enough decision-making guidance. All governance—whether good or bad—places limits on the decisions and behaviors of the people being governed. It also prescribes consequences for those choosing not to abide by limits imposed. The Mechanics of Governance Governance provides a systematic way for organizations to make decisions. Governance is implemented using:
Precepts Precepts are the essence of governance. A precept is an authoritative rule of action. Precepts determine who has authority to make decisions; they establish constraints for those decisions; and they prescribe consequences for non-compliance. Precepts codify decision-making rules using:
NOTE: Many people use the term "policy" in place of "precept", and if that terminology works better in your organization, then use it when talking to others about governance. However, keep in mind that as you develop your governance rules, a policy is just one aspect of a precept. People People make decisions in accordance to and within the constraints stipulated by the governance precepts. For a governance program to be successful, people must understand the intents and purposes of the precepts. They must understand and accept the responsibilities and authorities established by the precepts. Governance is closely associated with the organization's incentive systems. The organization must foster a culture that supports and rewards good behavior and deters and punishes poor behavior. Processes Processes provide the means and opportunities to control decisions, enforce policies, and take corrective action. Technically, processes are management activities rather than governance, but a governance system is dependent on processes to ensure compliance with its precepts. An organization is likely to use a variety of processes to support its precepts. Some processes are automatic and system-driven; others require human effort. Automatic processes often perform mundane work, such as validating artifacts to ensure they comply with required formats or templates. Many organizations also rely on workflow systems to coordinate approval processes, but rely on people to make important decisions. The processes that support these decisions typically cannot be automated:
Metrics Metrics provide the means to measure and verify compliance with precepts. Metrics also provide visibility into the progress and effectiveness of the governance system. They provide insight into the efficacy of the governance system and can indicate if a particular policy or process is too onerous. Metrics also measure trends, such as the number of violations and requests for waivers. A large number of waiver requests may indicate that a policy might not be appropriate. Conclusion
References [REF-1] "SOA Governance" by Toufic Boubez, Clive Gee, Thomas Erl, Anne Thomas Manes, Robert Moores, Robert Schneider, Leo Shuster, Andre Tost, Chris Venable, http://www.soabooks.com/governance |
