|
Governing governance
To understand governance, you first need to define it.
by Daniel Linstedt
Of the many flavors of governance that exist, three have garnered significant attention in the past year: IT governance, data governance and service-oriented architecture (SOA) governance. As happens all too often,
the meaning of these terms—unclear to begin with—has been blurred by imprecise and varying usage. Never one to shrink from a challenge, I've set out in this article to clarify these governance areas and set some basic acceptable definitions.
Setting the stage
Governance means to control, govern or lend order to—either in process, method or architecture. It should define the way we manage, monitor and measure different aspects of
our organizations.
The Software Engineering Institute (SEI) has been given the national mandate to advance
the state of the practice of software engineering in the United States and to serve as a national resource in software engineering and technology. The Capability Maturity Model (CMM) from the SEI describes the principles and practices underlying software process maturity. It is a
five-level model intended to help software developers understand and improve the maturity of their software processes in terms
of an evolutionary path from ad hoc, chaotic processes (Level 1, initial) to mature, disciplined software processes (Level 5, optimizing).
SEI/CMM includes the requirement to measure and quantify many business processes and procedures, along with providing repeatable, reliable and higher-quality outputs. Level 5 of SEI/CMM—the optimizing level—is the highest ranked. Attaining this level implies that an organization has implemented good practices on a firm foundation and that the organization has ever-improving capabilities.
Commercial software users have now taken on parts of the SEI/CMM Level 5 approach and tackled some of the government-mandated compliance requirements. Most have taken a modified version of the result and labeled it governance. Governance represents the needs of the management side of the house. Organizations can and will be held liable for their actions by the government in one form or another. SEI/CMM brings the ability to measure the success levels of the governance efforts.
For public companies, the bottom line in governance is that anything that affects profitability must be addressed and adhered to, measured, quantified and justified. Governance is equally important for private companies that still need to understand where their money is going and remain competitive in the market.
Now that we've established the meaning
and importance of governance, let's get more granular. Although some limited clear-cut definitions exist for IT governance, I was unable to turn up anything on the notions of data governance. Service-oriented architecture governance is fairly new and thus has different interpretations. Accordingly, I'll apply my background and understanding of SEI/CMM to focus in on definitions of the three governance areas listed above.
IT governance
Let's start with the easiest one first. The context of our previously established definition of governance, in conjunction with the SEI/CMM paradigm for monitoring, measuring and controlling, yields a fairly straightforward definition of IT governance. In the words of Jeanne Ross and Peter Weill of the Massachusetts Institute
of Technology's Sloane School of Business,
IT governance ensures that IT-related decisions match company-wide objectives by establishing mechanisms for linking objectives to measurable goals. IT governance is the decision rights and accountability framework for encouraging desirable behavior in the use of IT.
IT governance basically means the right of
the organization to:
 | Constantly align |
| Set vision and direction |
| Convert IT from cost center to profit center |
| Hold IT accountable to the organization |
| Make goals and objectives measurable |
IT projects are filled with data, data and more data. A good IT governance initiative provides metrics about that data and what it contains.
In other words, good IT governance is about turning data into information. Parts of an IT governance initiative also lead to data management and, thus, data governance.
Data governance
Unfortunately, data governance is not as clear-cut as IT governance. A definition does not appear to exist that follows an SEI/CMM paradigm for monitoring, measuring and controlling data, let alone access points, information (meaning) and value of the data (treating data as an asset). Searching under data governance on the Web finds companies claiming to have data governance or claiming that they've implemented data governance—yet they're unable to define exactly what data governance means to them.
Based on what I've read and learned over the years, my definition would be:
Data governance consists of the people involved in corporate processes and procedures that ensure data value (alignment), quality improvement (information), single shared definitions and availability
at the right time to the right people.
Data governance is not a feature, it's a process by which we control the access and security of the information we own and
manage. It includes metadata, unstructured data, registries and ontologies, and is a big
part of repeatable and compliant success.
It is important to avoid confusing data governance with data management. Data management consists of the management of data, access points to that data and management of its metadata. Data management is part of the role of data governance, but the process of data governance is to exercise control over the data within a corporate alignment. Data,
in this accepted definition, consists of any information captured within a computerized system that can be represented in graphical, text or speech form.
Data governance initiatives are the responsibility of the entire enterprise. Data is everywhere; without governance, access to data is generally neither monitored nor measured.
With the exception of master data management (MDM) and data steward efforts, companies without true data governance initiatives in place typically do not establish consistent definitions of data and how to use it. It is important to note that such efforts do not constitute data governance, however. Data governance consists of establishing individuals to oversee the integration and administration of data processes into the enterprise.
We hope that data governance will become more clearly defined as we move forward into the execution of compliance initiatives such
as Sarbanes-Oxley, HIPPA and so on. It will be interesting to see how data governance plays
a role in unstructured data and where it is applied in SOA and Web services.
SOA governance
Service-oriented architecture is a conceptual architecture used to build applications and business processes at a component level. It involves using existing packaged or homegrown programs and data resources as components from which to assemble new applications.
Because SOA is architecturally based, applying the SEI/CMM paradigm becomes a bit more challenging. According to ZapThink, an IT advisory and analysis firm, "There is a common misconception that SOA governance is governance of an SOA, as though SOA were one more IT asset in need of governance in the organization. That belief, however, indicates a fundamental misunderstanding of the role of SOA."
Their definition of SOA governance reads:
Fundamentally, SOA is enterprise architecture—when an enterprise adopts SOA, it should approach the organization of all of its IT assets from an SOA perspective. As such, service orientation provides a broad organizing principle for all aspects of IT
in the company—including IT governance. That's why we say SOA governance is IT governance in
the context of SOA, rather than governance of SOA.
SOA governance specialist WebLayers has a different view:
SOA governance is the ability to ensure that all of the independent efforts (whether in the design, development, deployment or operations of a service) come together to meet the enterprise SOA requirements. These efforts include SOA policies, auditing and conformance, management (track, review, improve) and integration.
While SOA is architecture, implementation
of the pieces of the SOA is best suited to vendors offering the complete package. Getting to SOA requires real-time investment; getting to SOA governance requires the same level of dedication and backing at the executive level.
In order to have SOA governance, enterprises must have a firm grasp of governance at different levels of IT, data and processes (both business and mechanical). The same type
of control and monitoring needs to be implemented as part of SOA governance and should be built from well-established IT governance and data governance initiatives.
Initial definitions such as these demand further discussion. We need to understand
the process of IT/data/SOA governance and
to determine what that governance means
to the enterprise and how to apply it.
Linking the process of governance with the application of SEI/CMM principles provides a powerful formula that companies can use to establish best practices. By executing on and monitoring those practices, enterprises can establish a clear path to success. T
Daniel Linstedt is CTO for the consulting firm Myers-Holum (www.MyersHolum.com). He can be reached at Daniel.Linstedt@MyersHolum.com.
© Teradata Magazine-June 2006
back to top
|
Quick Links
Print
Send to colleague
PDF
E-mail us