FREE email newsletters 
Understanding IT Governance
Integration Consortium
Information Management Online, September 21, 2006
This month's column is contributed by Charles Ames, vice president at Seagull Software.
No one wants to be governed. However, we all want to live and work in stable, productive organizations, and the constitution of such organizations is what we refer to "governance." It is what gives them their shape and character and preserves them from chaos.
If you are like me, you may have wondered how the term "governance" - a term generally associated with political intrigue and corporate scandal - came to be used in IT. You may even have dismissed governance as the latest fad, or worse, as the latest marketing attempt to reenergize tired products by giving them a new name.
Advertisement
Although there is a degree of truth in each of these notions, dismissing IT governance altogether would be a mistake. As an umbrella term, it provides a useful context for thinking about the various disciplines that can measurably improve application development and system operations.
In this column we'll explore the role of governance in application development, system operations and IT portfolio management, and we'll identify specific technologies and techniques that can be useful in implementing a governance program.
What is Governance?
Governance is an elusive term. This is somewhat appropriate, because it is used to refer to some rather elusive concepts. Although the problems addressed by IT governance are as old as IT itself, popular usage of the term is relatively new, first gaining prominence in the aftermath of the corporate governance scandals of the early 2000 decade.
Governance, according to the Oxford English Dictionary, is the act of "controlling, directing, or regulating" the actions of an entity, such as a corporation or a state. IT governance, then, is the act of regulating IT processes.
How do we ensure that our systems are operating properly? How do we roll out new system capabilities? How do we prioritize and manage application development, allocate capital for procurements and decide when to phase out aging systems? These are all questions that should be answered by an IT governance program.
An effective governance program can help an organization ensure that its IT resources remain focused on priorities, service level commitments are fulfilled and decisions are well-informed.
Lessons from Control Theory
All control processes follow the same basic pattern whether the entity being controlled is a valve, a space probe or an economy. There are actuators that exert influence; sensors that monitor the state; managers whose function is to interpret information from the sensors, compare it to a goal and activate the actuators to correct the entity's state toward the goal; and an executive whose role is to set the goals. Figure 1 illustrates these entities and their relationship to one another.
Figure 1 : Basic Control Loop
Control loops are almost always deeply nested, with each sensor and actuator representing another system that has its own internal control loop. Think of a corporation, with a CEO as the top level executive;, senior management team as manager; sales, marketing and development as actuators; and accounting as a sensor. Each department then has a similar structure internally aimed at achieving the goals of that particular department.
Every control system has a set of rules, policies, and constraints that govern its operation. Control Theory calls these collectively the control law, and they correspond to what we would call our governance policies in an IT Governance program.
How often do you analyze sensors and use actuators to make corrections? How "hard" do you push in order to get the system moving toward the goal? How close to the goal do you need to be in order to consider that goal to be achieved?
Figure 2 : Control System Behavior Over Time
IT Governance
There are at least three distinct control loops that apply to any organization's information technology infrastructure, one each for application development, system operation, and IT portfolio management. IT governance is that act of defining and enforcing the processes, policies and rules that govern activities in each of these areas.
Design-time Governance - Guiding Application Development. Design-time governance adds structure and discipline of an organization's application development practice. Source code control, repository, issue tracking, and project planning and management software as well as analysis and testing tools, can be useful in implementing and enforcing elements of a governance program. In addition, policies such as instituting code reviews and testing programs are part of a governance program.
Runtime Governance. Runtime governance is concerned with the operation of production systems. Business activity monitoring (BAM) software can play the role of sensor and business rules management (BRM) software can play the role of manager whereas security software might be thought of as an actuator, preventing access to unauthorized users.
Portfolio Management. Build versus buy; replace versus upgrade; in-house versus outsource. These are some of the decisions considered as part of IT portfolio management, and these decisions can be informed by asset portfolio management software that provides information about usage and interdependencies to support accurate impact and cost analyses.
There are governance issues to be considered across the entire IT lifecycle. The control loop is a useful metaphor for analyzing governance requirements and planning an IT governance program. An effective IT governance program can help an organization keep its IT resources focused on priorities, keep service level commitments are fulfilled, and make decisions are well-informed.
Charles Ames is an entrepreneur, software executive, and frequent author on emerging technologies and trends. After 10 years at NASA's Jet Propulsion Laboratory, Ames founded and led a business process management company that was later acquired by Seagull Software. He now serves as a vice president at Seagull Software, helping to define Seagull's SOA strategy.
The Integration Consortium is a non-profit, leading industry body responsible for influencing the direction of the integration industry. Its members champion Integration Acumen by establishing standards, guidelines, best practices, research and the articulation of strategic and measurable business benefits. The Integration Consortium's motto is "Forging Integration Value." The mission of the member-driven Integration Consortium is to establish universal seamless integration which engages industry stakeholders from the business and technology community. Among the sectors represented in the Integration Consortium membership are end-user corporations, independent software vendors (ISVs), hardware vendors, system integrators, academic institutions, non-profit institutions and individual members as well as various industry leaders. Information on the Integration Consortium is available at www.integrationconsortium.org.
For more information on related topics, visit the following channels:
