Policy Compliance Does Not Guarantee Success
I recently heard a story from a colleague about an EA group that created some work products with the sole purpose of meeting a stated goal. It didn’t matter whether or not those work products were used by the rest of the organization, only that the work products were produced. I suspect that these work products didn’t do much to change the state of the organization.
This story reminded me of a key point in regards to SOA Governance. This blog and my book emphasize the role of policies in SOA Governance. There’s a risk, however. If we focus to much on policy compliance and lose sight of the desired behavior, we may be no better than the EA group. Yes, we achieved 100% compliance, but if we haven’t achieved the desired behavior, such as a specific percentage reduction in the time to deliver solutions, we’re no better than the EA team at the beginning of this blog.
The other factor that must be kept in mind with policies is that they are normally a contributor to the desired outcome, but may not have a direct cause-and-effect relationship. Think about the current economic crisis. There are so many factors that influence the economy, many of them outside of the control of governmental policies, that policy compliance alone may not get us all the way to success.
The takeaway from this is that governance must be an active effort, and we can’t forget the fourth process of governance: measurement and feedback. If you are not achieving the desired behavior, you need to understand why and make adjustments as needed. These adjustments may be new policies, modifications to existing policies, different people, more education, more enforcement, or maybe a reset of expectations because some external factors have changed. Simply put, never assume that your first pass at policies for SOA governance will be both complete and accurate from the beginning. Put them in place, but also put in place efforts to measure their impact in achieving the desired behavior. After all, 100% compliance is not the goal, the goal is a quantifiable change in the way IT delivers business solutions.