Software Engineering Governance:! a briefing!

Similar documents
Based on 2008 Survey of 255 Non-IT CEOs/Executives

The Enterprise Project Management Office

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Building the EDM Roadmap An Innovation Platform for New Product Development & Regulatory Compliance. Mark Cowan mark@cowaninc.

How To Change A Business Model

Project Management Issues in the Finance Transformation Arena

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

ESKITP Manage IT service delivery performance metrics

Intelligent Customer Function (ICF)

IT Governance: framework and case study. 22 September 2010

The Role of ITIL in IT Governance

Enterprise Risk Management & Information Technology

IT Governance. What is it and how to audit it. 21 April 2009

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Blending Corporate Governance with. Information Security

Supply chain maturity study Comparator report HSCNI

Five best practices for deploying a successful service-oriented architecture

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

The Economics of the Cloud: A View from the Field

Reliable Business Data Implementing A Successful Data Governance Strategy with Enterprise Modeling Standards

How To Improve Your Business

Open Source, Open Standards and Re Use: Government Action Plan

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

by David Hebert, Managing Director, Oracle Applications, Answerthink and Dr. David Oppenheim, Director, Delivery Services, Answerthink

How to ensure control and security when moving to SaaS/cloud applications

Integrated Stress Testing

WHITE PAPER APRIL Leading an Implementation Campaign to Address the Convergence of Healthcare Reform Initiatives

Global Technology Audit Guide. Auditing IT Governance

IT PROJECT GOVERNANCE GUIDE

Improving Project Governance

Managing the Customer Premises Equipment Lifecycle in a Rapidly Changing Environment. By Stephen D. Ambo and Thomas M. Jones

Department of Human Resources

building a business case for governance, risk and compliance

Designing a Data Governance Framework to Enable and Influence IQ Strategy

Ensuring Optimal Governance and Relationship Management Between Parties

Change Management Office Benefits and Structure

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Investing in the Infrastructure for Energy Markets

Essential Elements for Any Successful Project

Project Governance A N T I C I P A T I N G A N A U D I T

Building an effective stay back team to gain maximum value from an outsourcing agreement

Principles for An. Effective Risk Appetite Framework

Capabilities, Sample Use Cases, Case Studies

Business Architecture Scenarios

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

ICT Project Management

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Lessons Learned from MDG Monitoring From A Statistical Perspective

SOA + BPM = Agile Integrated Tax Systems. Hemant Sharma CTO, State and Local Government

Qualities of a High Perf o r m a n c e Finance Executive: An Aggregation of Skills. John Trakselis, Principal M. Wood Company

IBM 2010 校 园 蓝 色 加 油 站 之. 商 业 流 程 分 析 与 优 化 - Business Process Management and Optimization. Please input BU name. Hua Cheng chenghua@cn.ibm.

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

Delivering peace of mind in outsourcing

White Paper: AlfaPeople ITSM This whitepaper discusses how ITIL 3.0 can benefit your business.

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

IT Governance Issues in Korean Government Integrated Data Center 1

Frontier International

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance

Risk Management Strategy & Implementation Plan

IT Outsourced Services. Preliminary Survey

Wilhelmenia Ravenell IT Manager Eli Lilly and Company

The Virtual Centre Model

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

INFORMATION TECHNOLOGY FLASH REPORT

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)?

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

Risk Management Policy

A Guide to Corporate Governance for QFC Authorised Firms

Fortune 500 Medical Devices Company Addresses Unique Device Identification

University of Cambridge Information Services Committee Governance of ISC Projects Originated January 2009 (updated December 2011; awaiting further

Realizing business flexibility through integrated SOA policy management.

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Ellipse The Enterprise Asset Management (EAM) solution for asset intensive industries

Head of Engineering Job Description

The Enterprise Service Bus: Making Service-Oriented Architecture Real

IT Governance Charter

The role of Information Governance in an Enterprise Architecture Framework

Banking Application Modernization and Portfolio Management

Aligning IT to the Strategic Plan

DATA QUALITY MATURITY

#KPMG Ignite. Join the conversation

Unifying IT Vision Through Enterprise Architecture

Rethinking Your Finance Functions

Information Security Managing The Risk

Template K Implementation Requirements Instructions for RFP Response RFP #

Growing Vendor Management

COMESA Guidelines on Free and Open Source Software (FOSS)

Transcription:

Software Engineering Governance:! a briefing! Anthony Finkelstein! Computer Science! What I Intend to Do! Making the case for a new research arena! Reviewing challenges and contributions! Presenting examples!

Why Projects Fail! User Involvement! Clear Business Objectives! Controlled Scope! Standard Software Structure! Firm Basic Requirements! Formal Methodology! Reliable Estimates! From Standish Group CHAOS Reports! 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 Why does history repeats itself?! One of the large unanswered questions in software engineering!

Flawed techniques Inherent difficulty!!response: new techniques! Ignorance Poor training!!response: make it easier, improve transfer! Laziness Ill will!!response: improved control frameworks! An Alternative Theory!!That organisations are unable to avoid these problems because of structural issues and in particular problems (mismatches) at the interface between the structure of the business organisation and the organisation of software development!

Specifically!! Complex system ownership!! Misalignments in incentives!! Difficulties in securing accountability for critical decisions! This theory is supported by some informal observations illustrated later in this briefing! the relationships between business structures and software engineering are poorly understood and under-researched, for example the relationship between commercial procurement practice and software development!

!The core area of concern here is what has become known as governance!!!i will use the term Software Engineering Governance to capture my focus on software development! Definition(s)! Software Engineering Governance is the set of structures, processes and policies by which the software development and deployment function within an organisation is directed and controlled so as to yield business value and to mitigate risk! Often erroneously thought to be principally about regulatory compliance

Related to!!software Engineering Governance is a component part of Corporate Governance - the set of structures, processes and policies by which an organisation is directed and controlled so as to!! align interests and incentives in the interest of the organisation as a whole within a framework of openness and transparency! Key Themes! A shared notion of business value! Mitigation of risk! Alignment of interests and incentives!

Legislation!!Large corporate failures in the late 1990s focused attention on governance, giving rise to legislation (eg SOX). This attention necessarily trickles down to the software function as a major means by which a business obtains value and a locus of cost and risk! Observation!!The centrality of software systems to organisational performance is increasing significantly faster than development risk is decreasing!!it is a critical organisational arena in which misalignments of interests and incentives manifest themselves!

Regulatory Pressure is Important!!This is one of the few arenas where senior executive management are directly engaged.!!!looking at governance is timely changes in enterprise architectures and software development methods raise new challenges and existing structures and processes are failing.!

!New enterprise architectures (based for example on SOA) decouple services, processes and platform cutting across existing business structures.!!federated data management, integration and messaging change patterns of information ownership and control that have been a dominant means of structuring enterprises.!

!Outsourcing and external service provisioning move control across enterprise boundaries and alter the touch-points within enterprises.!!agile development changes lines of management control and accountability. Self organising teams present particular governance difficulties.!

!Software Engineering (research at least) tends to adopt a project by project, product by product focus!!it is important to distinguish governance from the direct managerial control mechanisms necessary to ensure low-level good practice is followed! e.g. Adherence to mandated processes, use of libraries and configuration management, interface control, metrics gathering and so on

!This only becomes a governance concern where their absence reflects some underlying differences in the determination of risk or in the incentives of the parties engaged.! Hence audit and monitoring!!the State-of-the-Art standards and best practice frameworks!

!ISO/IEC 38500: 2008 Corporate governance of information technology!!and national variants and precursors!!cobit: Control Objectives for Information and Related Technology (ISACA - Information Systems Audit & Control Association and ITGI - IT Governance Institute! The inevitable maturity model! And of course! IT Governance Institute Board Briefing on IT Governance

Strategic alignment! Value delivery! Resource management! Risk management! Performance measures! ITGI focal areas for governance! All of which directly impinge on Software Engineering Lifecycle!!There is a need for governance at every stage of the life of the system. The balance of attention shifts across focal areas as development proceeds.! Requirements Architecture Design Implement Operate Model Assemble Deploy Manage Strategic Alignment" Value Delivery" Resource" Mgt" Risk Mgt" Performance Measures"

Research! Software Development Governance 2008 & 2009:! Yael Dubinsky & Phillipe Kruchten! Emerging definitions and scoping challenge! Bottom-up vs Top-down tension! Small number of agreed principles! Slightly large number of useful techniques! Key research contribution:!!peter Weill & Jeanne Ross!! IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press (2004).! Note the connection between performance and governance

10 Principles of IT Governance! 1. Actively design governance! 2. Know when to redesign! 3. Involve senior managers! 4. Make choices! 5. Clarify the exception handling process! 10 Principles of IT Governance! 6.! Provide the right incentives! 7.! Assign ownership and accountability for governance! 8.! Design governance at multiple organisational levels! 9.!Provide transparency and education! 10.! Implement common mechanisms!!across assets!

Implications for Software Engineering! Incorporate governance design in process configuration and management activities! Consider governance when introducing significant architectural or process changes! Direct senior management attention to implications of changes! Implications for Software Engineering! Provide a structure for highlighting conflicting goals! Develop coherent structures from Board-level downwards! Expose rather than hide governance! Lead the governance debate within the enterprise!

Structures typically in place! Board level - strategic investment management! Executive level - business case scrutiny and requirements management! Group level - technical authority! Operational level - monitoring execution of key decisions, risk and compliance! Operational level - design review and architecture compliance! Enterprise Architecture Challenges! Because business logic is shared outside traditional silos the potential company -wide impact of any given service becomes greatly increased! Complex ownership of services and relationships! Difficulties of aggregating services on a shared platform that delivers the appropriate non-functional properties!

Why is SOA governance particularly difficult?! Ease of creating and using rogue web services! Incoherent architecture arising from services developed in projects chartered to solve conflicting business problems! adapted from Laurent, 2007! Symptoms of Poor Governance! Single use services and point-to-point connections! Proliferation of redundant services and data types! Inconsistent implementation of cross -cutting capabilities (security, reliability, transactions, logging, routing, filtering)! adapted from Manes, 2007!

Case studies (close to home)! CAPSA and its Implementation!!Report to the Audit Committee and the Board of Scrutiny of the University of Cambridge (October 2001)! Experience points clearly to the intimate relationship between governance and successful system development and deployment! Lesson learned!an organisation with a flawed governance structure cannot articulate its requirements, charter a project, identify appropriately skilled staff, manage the concomitant change process, determine if the project has been successful or even deal with the consequences of failure!

Case studies (close to home)!!abc is a large, research-intensive, metropolitan university in the UK. It has a dedicated and professional IT services function that engages in small-scale development and large-scale customisation and deployment projects.!!a participant-observer! I have strong sense that the biggest problems I encountered have their origins at the interface between governance and requirements engineering! Example I! Left Field! Annual Review! Budget! Forecasting! Complex processes with substantial IT implications introduced as it were out of left field, that is from other lines of governance.! Challenge: how can process and business governance arrangements be meshed with software governance!

Technical Fix! Example II! Common Timetable! Decisions driven down to too low a level in the governance structure leaving the technology to leverage the change. Inadequate intermediate level structures to mediate between strategic intent and execution! Challenge: how to ensure decisions and responsibility for changes are made at the right level within the organisation! Example III! CEOs iphone! Research! Database! Failure to maintain the integrity of the planning and governance process in the face of senior management decision making! Challenge: how to find structures that are responsive and preserve strategic leadership but also support a stable, planned and directed programme!

Example IV! Nobody s baby! CoI! Declarations! Orphan processes that are not strongly owned and thus never receive the necessary advocacy to have their requirements heard! Challenge: to identify and to promote orphans, particularly if they are high aggregate value, or low-hanging fruit! Example V! Favoured Sons! Staff! Recruitment! Very strong ownership of a cross-cutting process by a single organisational player distorting the governance process! Challenge: to put in place mechanisms that enable collective ownership without diluting value!

Example VI! Handling Failure! Student! Records! Success has many fathers, failure is an orphan.! Challenge: to build governance arrangements that can take risks and assume responsibility without inducing a blame culture. These arrangements continuing when a project is perceived to have failed.!!it seems easier to know what not to do than actually what should be done. There are some governance anti-patterns implicit in the examples I have presented.!

Known Barriers! Shifts in decision rights and associated power! Resistance to accept accountability! Inability to obtain sufficient business involvement! Particular complexity with federated and outsourced business structures! What we do know!!centralised governance for architecture and platform, decentralised for services and applications, lightweight (with central oversight) for processes!

With management focusing on business goals that cross-cut system structures means we need to rethink reporting!!use cost transparency and charge back as a key lever to effect change! Providing a clear mechanism for making business value visible! This is another area that is unexplored from a research standpoint

Risk & Compliance!!Substantial growth in risk and compliance audit, most notably in the area of security! Tendency to more negative governance than positive governance!disaggregated risk management process risk, architectural risk, operational risk and business risk not correlated! Audit and compliance instruments not compatible with software development methods

Software Economics Software Development Methods Security Engineering Strategic Management governance a new research challenge? Law & Regulation Policy Modelling & Analysis Stakeholder Analysis Corporate Governance Risk Management

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information