This month's column is contributed by Charles Ames, vice president at Seagull Software.

No one wants to be governed. However, we all want to live and work in stable, productive organizations, and the constitution of such organizations is what we refer to "governance." It is what gives them their shape and character and preserves them from chaos.

If you are like me, you may have wondered how the term "governance" - a term generally associated with political intrigue and corporate scandal - came to be used in IT. You may even have dismissed governance as the latest fad, or worse, as the latest marketing attempt to reenergize tired products by giving them a new name.

Although there is a degree of truth in each of these notions, dismissing IT governance altogether would be a mistake. As an umbrella term, it provides a useful context for thinking about the various disciplines that can measurably improve application development and system operations.

In this column we'll explore the role of governance in application development, system operations and IT portfolio management, and we'll identify specific technologies and techniques that can be useful in implementing a governance program.

What is Governance?

Governance is an elusive term. This is somewhat appropriate, because it is used to refer to some rather elusive concepts. Although the problems addressed by IT governance are as old as IT itself, popular usage of the term is relatively new, first gaining prominence in the aftermath of the corporate governance scandals of the early 2000 decade.

Governance, according to the Oxford English Dictionary, is the act of "controlling, directing, or regulating" the actions of an entity, such as a corporation or a state. IT governance, then, is the act of regulating IT processes.

How do we ensure that our systems are operating properly? How do we roll out new system capabilities? How do we prioritize and manage application development, allocate capital for procurements and decide when to phase out aging systems? These are all questions that should be answered by an IT governance program.

An effective governance program can help an organization ensure that its IT resources remain focused on priorities, service level commitments are fulfilled and decisions are well-informed.

Lessons from Control Theory

All control processes follow the same basic pattern whether the entity being controlled is a valve, a space probe or an economy. There are actuators that exert influence; sensors that monitor the state; managers whose function is to interpret information from the sensors, compare it to a goal and activate the actuators to correct the entity's state toward the goal; and an executive whose role is to set the goals. Figure 1 illustrates these entities and their relationship to one another.

Figure 1 : Basic Control Loop

Control loops are almost always deeply nested, with each sensor and actuator representing another system that has its own internal control loop. Think of a corporation, with a CEO as the top level executive;, senior management team as manager; sales, marketing and development as actuators; and accounting as a sensor. Each department then has a similar structure internally aimed at achieving the goals of that particular department.

Every control system has a set of rules, policies, and constraints that govern its operation. Control Theory calls these collectively the control law, and they correspond to what we would call our governance policies in an IT Governance program.

How often do you analyze sensors and use actuators to make corrections? How "hard" do you push in order to get the system moving toward the goal? How close to the goal do you need to be in order to consider that goal to be achieved?

Figure 2 : Control System Behavior Over Time

IT Governance

There are at least three distinct control loops that apply to any organization's information technology infrastructure, one each for application development, system operation, and IT portfolio management. IT governance is that act of defining and enforcing the processes, policies and rules that govern activities in each of these areas.

Design-time Governance - Guiding Application Development. Design-time governance adds structure and discipline of an organization's application development practice. Source code control, repository, issue tracking, and project planning and management software as well as analysis and testing tools, can be useful in implementing and enforcing elements of a governance program. In addition, policies such as instituting code reviews and testing programs are part of a governance program.

Runtime Governance. Runtime governance is concerned with the operation of production systems. Business activity monitoring (BAM) software can play the role of sensor and business rules management (BRM) software can play the role of manager whereas security software might be thought of as an actuator, preventing access to unauthorized users.

Portfolio Management. Build versus buy; replace versus upgrade; in-house versus outsource. These are some of the decisions considered as part of IT portfolio management, and these decisions can be informed by asset portfolio management software that provides information about usage and interdependencies to support accurate impact and cost analyses.

There are governance issues to be considered across the entire IT lifecycle. The control loop is a useful metaphor for analyzing governance requirements and planning an IT governance program. An effective IT governance program can help an organization keep its IT resources focused on priorities, keep service level commitments are fulfilled, and make decisions are well-informed.

Charles Ames is an entrepreneur, software executive, and frequent author on emerging technologies and trends. After 10 years at NASA's Jet Propulsion Laboratory, Ames founded and led a business process management company that was later acquired by Seagull Software. He now serves as a vice president at Seagull Software, helping to define Seagull's SOA strategy.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access