At a recent client meeting, the Chief Architect arrived a few minutes late, clearly upset. When asked what was bothering him, he muttered “Governance is a four letter word”. I am sure that many readers have shared that sentiment at some time, but it needn’t be that way.
Organizations who have adopted BPM as their platform for IT development have an opportunity to both simplify and improve their IT Governance and Compliance processes. All of the advantages which BPM brings to your core business processes are just as applicable to IT Governance.
Governance is defined on several levels. At the enterprise level governance deals with strategic alignment, project prioritization, approval and funding. At the project level, the focus is on ensuring that previously approved projects are executed effectively, in accordance with established policies and that they meet the approved objectives. While BPM has a place in all levels of governance, in this article, we will limit our discussion to project level governance.
In too many organizations, Governance policies and procedures are defined in manuals stored in file cabinets. Even when they are easily accessible on-line, it requires each employee to make the effort to find the applicable policies and then follow them. Employees often miss updates to policies and continue to follow old ones, or they simply fail to find all relevant policies. It is not that the employees are lazy or incompetent, but rather that their employers are putting an unreasonable burden on them. This is bad for the organization and de-moralizing for the employees. It is one reason governance leaves a bad taste in so many mouths.
Providing automated process support for key policies replaces this culture with one where a system guides the employees through the approved process, makes the relevant documents available when needed, and automatically captures an audit trail of all actions taken. By making it much easier to correctly follow the policies, better compliance is achieved with less effort. When compliance is simple, people don’t complain. There are commercial Governance applications available, but if you don’t already have one, you should consider building a BPM based solution optimized to your organization.
BPM provides several capabilities which are very well aligned with the requirements of effective IT Governance.
-
First of course, is the process itself. With an explicit representation of the governance processes, all stakeholders can be confident that the approved policies and procedures are observed. The process model allows all stakeholders to agree that the implementation matches the defined policies and procedures in a way that is not possible with either a purchased solution or traditional development.
-
Most BPM platforms either include native document management or provide interfaces to dedicated CMS systems. These can be used to deliver supporting policy and procedure documents to each person when they need it and also to capture meeting minutes and other key governance artifacts created in the process, making them easily available in a single location.
-
Reporting on the process activity and history is a key component of any BPM platform. It is also the same information required for compliance reporting.
The essence of IT Project Governance is establishment and enforcement of Policies and Procedures that ensure alignment between Organizational goals and IT results. To achieve enforcement, it is necessary to control and measure the key activities of the organization. Governance policies define who is allowed to make certain decisions and to constrain management behaviors. A BPM based solution facilitates all of these objectives.
Governance is often divided into two categories: Governing Activities and Governed Activities. The purpose of the governing processes is to ensure that the approved development methodology has been followed completely and correctly. Governing Processes include Approval of Deployments, Monitoring Compliance and managing Dispensations. All of these are natural candidates for BPM implementations. Implementing Governance in BPM immediately improves it. Manual steps and hand-offs are now managed as processes. Deviation from approved procedures is less likely and more easily detected. Effective governance requires strict consistency of application, BPM can ensure that happens.
The Governed Process is the entire development lifecycle. We do not necessarily advocate using BPM to manage the entire lifecycle, but some milestones are potential candidates. Using a BPM solution to manage and document key milestones helps ensure that the approved lifecycle is faithfully followed. For example, having a process for review meetings can automate the capture of attendance and the document management capabilities of most BPM platforms can store the minutes. Having this information in BPM streamlines the approval process as approvers have all of the information available in one system.
In most organizations there are some people who resist the governance processes all of the time and a larger number who do when under pressure. Yet it is exactly those high pressure situations where governance is most needed. Automating the key activities prevents circumventing governance while at the same time making it easier to comply. Using BPM to manage and monitor those activities provides consistent results and a clear record of all activities.
We have described above how and why BPM can be used to implement a basic IT Governance solution. This is only the beginning as BPM also provides the foundation for continuous improvement. It can provide direct feedback on the effectiveness of Policies and Procedures. If, for example, a large percentage of dispensation requests are related to one policy, that could be a sign that the policy is not optimal. Without an automated governance system, recognition of this would depend on intuition and the memory of key participants. Decisions on changes to the Governance policies will be based on factual evidence of their past effectiveness.
If your organization already has an effective, automated governance process, congratulations are in order. If not then perhaps it is time to leverage the BPM platform and expertise that you already have to improve your governance. Then Governance will no longer be a four letter word in your office.