If you are clear about what governance means then you can skip the next section. However, if you have heard the term – Corporate Governance, SOA Governance, IT Governance – but you are not exactly sure about what it really means, then here is an explanation.
Suppose you are interested that an entity works in a way you want it to work. If you are managing the entity then you have the necessity authority to ensure it. However, you don’t manage the entity directly then what do you do? To do anything you need to have some authority or influence over the entity. You can discuss with the management team of the entity and come to an agreement on what needs to be done. Then you also come to an agreement on how to ensure that what you have agreed is followed.
In other words, you lay down a governance framework. Let us look at an example.
Government wants the corporate to follow certain guidelines – some dos and don’ts. But, government do not and cannot manage each and every corporate directly. So, they have in place Sarbanes–Oxley Act or SOX which is also known as ‘Public Company Accounting Reform and Investor Protection Act’ or ‘Corporate and Auditing Accountability and Responsibility Act’. This is corporate governance. Similarly, you also have Basel II for banks, which try to ensure that banks don’t take too much risk with money invested with them.
To put governance in place you need to have:
- Discipline = Commitment to adhere to procedures, processes, and authority structures
- Transparency = Actions and decision support available for inspection
- Independence = Mechanisms to minimize or avoid potential conflicts of interest
- Accountability = Groups who take actions or make decisions are authorized and accountable
- Responsibility = Contracted party to act responsibly
- Fairness = No unfair advantage to any one particular party
How does TOGAF Define Architecture Governance?
If you had gone through my earlier posts (What is TOGAF?, Defining Requirement and Planning a project) you would realize that TOGAF is not about solution design or application development. It provides a set of guidelines of what the final solution should adhere to. That is what the Architecture Governance all about. It talks about:
- Control: Implementing a system of controls over the creation and monitoring of all architectural components and activities, to ensure the effective introduction, implementation, and evolution of architectures within the organization
- Compliance: Implementing a system to ensure compliance with internal and external standards and regulatory obligations
- Management: Establishing processes that support effective management of the above processes within agreed parameters
- Accountability: Developing practices that ensure accountability to a clearly identified stakeholder community, both inside and outside the organization
How do you enforce the governance?
TOGAF will normally be initiated by CIO, but for it to succeed broad support from the rest of the organization is needed.
So the aim is to get the authority from top management in the Preliminary Phase. To ensure that the authority is recognized by the rest of the organization an “Architecture Board” in constituted. TOGAF recommends that the board should 4 to 5 permanent members, the upper limit being 10. The important point is to include all the important people in the organization.
TOGAF also recommends that there is an “Architecture Contract” for all the work that needs to be executed. Architecture Contracts are joint agreements between development partners and sponsors on the deliverables, quality, and fitness-for-purpose.
What does the Architecture Board do?
It acts as the approving and controlling authority for the following:
- Consistency between sub-architectures
- Identifying re-usable components
- Flexibility of enterprise architecture; to meet business needs and utilize new technologies
- Enforcement of Architecture Compliance
- Improving the maturity level of architecture discipline within the organization
- Ensuring that the discipline of architecture-based development is adopted
- Providing the basis for all decision-making with regard to changes to the architectures
- Supporting a visible escalation capability for out-of-bounds decisions
The Meaning of Architecture Compliance
Finally, I find the following representation of “what different types of compliance are” to quiet nice:
No relation between Standard & Implementation
There is overlap between Standard & Implementation properly
Implementation is a subset of Standard and is done properly
Standard only covers part of implementation but that part is done properly
Implementation is exactly as per Standard
The square indicates that overlap has deviation