11: Risk Mitigation through Proper Governance
The author suggests that governance is a method of reducing lists, with an intention of placing guidelines that are intended to encourage best practices to be followed and help developers to avoid known pitfalls.
(EN: The author lays it on rather thick in the introduction, and clearly has the expectation that the reader will be resistant to the concept of governance. I have skipped a good bit of propaganda and will continue to do so.)
UNDERSTANDING SOA GOVERNANCE
SOA governance establishes practices and procedures that guide the development of new services and seeks to ensure collaboration and alignment with the business and stakeholders.
This governance takes three forms: policies that require or proscribe specific practices, procedures that identify the tasks that must be attended (including documentation and communication tasks that are often overlooked), and metrics that are used to monitor the success of SOA (both technical and financial).
(EN the author also mentions guidelines and best practices, but those are actually the same as policies and procedures, respectively, except that they have not been formalized)
Then author provides a list of "tips" for successful governance:
- Governance should avoid extremes, especially the extreme between providing too much governance (which stifles creativity and slows down development) or too little (which provides insufficient guidance and control)
- The business stakeholders should be involved to prevent governance from becoming introspective or exclusive of the interests that drive IT
- Governance should have a vision and a clear sense of purpose to remain functional and escape dogmatism
- Seek to ensure that every service has an owner, who will continue to take an interest in its evolution
- Governance should be conducted according to clear and unambiguous polices rather than a case-by-case evaluation in which standards are subjectively applied
- Governance should be focused on consideration of the entire "service portfolio," taking into account the existence and interaction of the full array of services in an enterprise
- Governance should promote a common vocabulary, especially in the documentation of standards, to ensure that the various facets of the business and IT are speaking the same language
- Governance should be endowed with the ability to enforce policies and procedures within the organization. Otherwise, it has no authority and people will heed governance only when it is convenient.
- Governance should be collaborative. Placing governance in an ivory tower creates resentment and undermines cooperation. Ideally, it should be collaborative process in which all stakeholders have participation and representation.
- Governance should start small and grow incrementally. It should cover only what is needed at the time and evolve as the needs of the organization grow, rather than attempting to be predictive in controlling future development.