Let’s face it; IT governance suffers from an image problem.
Most software developers see the role of IT governance as a big brother-type of function that oversees their code or is an unnecessary extra step in the development process. Meanwhile, IT managers see value in the way that governance can proactively identify potential glitches before a product is shipped.
Yet when it comes to adopting and enforcing governance as a strategy and a tactical component within the software development process, there are often disconnects. These disconnects are usually related to how much governance to apply, where and when to enforce policies, how governance fits into the overall development process, and whether or not it’s actually going to help with the arduous task of manually reviewing code.
These factors can weigh heavily against the decision to make governance a department- or even company-wide initiative.
In many companies, governance is often viewed as an optional insurance policy. Since it’s not mandated, it’s usually introduced only after a significant product shortcoming. For example, consider the following real world scenarios that were a result of faulty software:
- Linac radiation machines that are used to treat cancer patients were programmed inaccurately resulting in radiation poisoning.
- New Hampshire resident Josh Muszynski goes into a gas station and uses his debit card to purchase a package of cigarettes and is accidentally charged $23 quadrillion dollars.
- Terrorists go undetected as they cross borders from Ireland to Great Britain.
Now these interesting real-world scenarios may seem like flukes, and to some degree they are, yet there are thousands of glitches that occur everyday that hold up productivity and cost companies money. Just consider the commonplace stories about flight delays, ATM errors and erroneous utility bills.
Of course, preventing these types of glitches through IT governance is not as simple as creating policies and putting mechanisms in place to ensure that developers are following agreed-upon procedures. There is a significant amount of complexity that comes into play when you consider IT governance within the context of legacy applications, integration efforts, enterprise-wide SOA initiatives, and extending web services to the cloud.
Yet the bottom line is this – governance is nearly impossible to justify if the developers aren’t on board from a technical, business and cultural perspective.
But how do we as a development community abandon some of the widely misunderstood perceptions about IT governance and make it a proactive – not reactive—part of the development process? Here are three approaches to consider from a cultural point of view.
- Put development efforts into real world context. When it comes to preventing malfunctioning products or system-wide errors, put the role of IT governance into the context of how we live our everyday lives and the types of headline glitches that can impact how a company is viewed externally.
- Set expectations for the developers. Be clear that creating and instituting governance policies is not an attempt to catch mistakes and penalize offenders. Rather, it’s a way to eliminate redundant aspects of the job, create better code and accelerate career paths.
- Establish requirements with the IT governance vendor. Each company needs to determine how much governance is appropriate depending on their technology needs, corporate culture, and external compliance regulations. By setting the parameters up front with regard to how and where governance will be applied, which aspects will be automated, and when alerts can be overridden eliminates the issues associated with an all or nothing view of governance.
With this mindset, developers begin to understand how important every keystroke can be when it comes to software development. In development environments that aren’t directly linked to the consumer experience, there is still a real-world connection to the efforts that are underway. Examples of this include applications that are used to oversee manufacturing supply chains or are a critical part of the back-end of a Wall Street trading platform. If you follow the development path of the software, chances are that the code that is written today will touch our work or personal lives in some way.
The role of IT governance will increase in relevance in the near future. This will be largely driven by our continued reliance on technology in our personal and business lives as well as the introduction of new code into legacy environments that are a result of mergers, integration projects, SOA initiatives or cloud computing strategies.
The more connected and integrated we are, the higher the likelihood that glitches can proliferate through our infrastructures and networks – and the greater the role IT governance will play as an integral part of preventing those glitches. Though the first step to deriving any value from IT governance investments will be through the cultural adoption among the developer community.