January 28, 2021
Importance of Good Governance Processes in Software Development
The need for software development governance processes emerged in response to regulations like the Gramm–Leach–Bliley Act (GLBA) and the Sarbanes-Oxley Act, both enacted in response to a wave of high-profile corporate fraud cases made headlines in the 1990s and early 2000s.
In the “early days,” governance processes were designed to support centralized, on-premises software development and IT processes. In other words, how we used to work.
Today, the situation has become much more complicated. Organizations now operate in an environment defined by distributed networks, distributed teams, cloud-based everything, and a rapidly expanding big data ecosystem that’s becoming increasingly difficult to control.
Organizations are responding to these new governance challenges by embracing automated solutions, Agile governance models, and picking and choosing the frameworks that best fit an evolving set of requirements.
In this article, we’ll explain the critical role of good governance and some software development governance best practices to help you make the most out of your digital initiatives.
Why Software Governance Matters
Governance is one of the key mechanisms organizations use to ensure that a software development project aligns with business goals and complies with external regulations.
It offers a formal framework for achieving measurable progress toward strategic objectives, maintaining compliance standards, protecting data security, supporting data retention, and disaster recovery.
It encourages good behavior, supports top-down decision-making, and links the business strategy with the IT strategy and key initiatives.
Governance also aims to eliminate friction between different stakeholder groups with different (often conflicting) priorities.
Think–balancing the C-suite’s desire for predictable ROI, spending, and timelines with the tools and best practices that enable developers to deliver solutions that match those priorities.
Software Development Governance Best Practices
According to research published in the MIT Sloan Review, many digital transformation efforts fall short of expectations or fail altogether because of poor governance. Researchers found that companies struggle in several critical areas when it comes to creating structure and governance to support digital transformation projects, including:
- Aligning IT and business
- Managing growing organizational complexity
- Breaking down functional silos
- Whether or not there should be a central governance “office” to manage initiatives
- Adapting the organizational structure to the digital business model
Below, we’ll go over a few general software development governance best practices to help you avoid these pitfalls. Then, we’ll look at some frameworks that can help you modernize your strategy.
Move to a Decentralized Software Development Governance Model
Centralization refers to a setup where one centralized authority holds all decision-making power.
Typically, this means that decisions are made at the top, then communicated to the rest of the organization.
Sure, there are several good reasons for companies to centralize their software governance strategies, like faster decision-making and fewer risks. However, it’s not particularly compatible with modern software development methods and presents several barriers to a successful digital transformation initiative.
In a centralized environment, it may take longer for organizations to implement change, particularly for new initiatives that don’t yet have an established protocol. Additionally, if the organization’s central governance authority fails to provide sufficient guidance, it may lead to inconsistent performance from mid-level or frontline workers.
Instead, focus on creating a software governance model that fosters a sense of trust, autonomy, and supports a culture that values knowledge sharing. Done right, a decentralized approach allows for more collaboration, creativity, and transparency and supports Agile methodologies and distributed teams.
Select KPIs that Measure the Business Impact of Your Initiatives
Software governance provides organizations with a structure for aligning their development strategy with the overall business strategy, using a formal framework that enables them to track and measure performance against specific strategic goals.
That said, success hinges on selecting the right set of goals.
Many companies either use generic metrics to measure the performance of their governance efforts or don’t measure these initiatives at all. Instead, select KPIs that measure the impact you hope to achieve with each initiative by aligning around your strategic goals.
Jaime Salame says, “If we follow the governance model every quarter, we’re able to capture such detailed information that we see how well the work aligns with clients’ milestones, review team performance in the short-term, and look ahead what’s planned for next quarter.“
Prevent Future Silos
According to the MIT paper, companies that built transformation projects around a standardized infrastructure were more likely to be successful than those building on top of a patchwork of poorly-integrated legacy systems.
Avoid creating siloed solutions by ensuring consistency, data compatibility, and continuous integration between all digital initiatives and business processes.
When your digital governance strategy is integrated with your organization’s current rules and processes, it’ll be easier to launch new initiatives and measure their impact alongside existing systems.
Map Initiatives to Different Governance Frameworks
While most governance frameworks aim to provide transparency into various projects and initiatives, different frameworks are designed for different business objectives, be it tracking employee performance, preventing fraud, or protecting consumer data.
Here’s a quick overview of some of the more common governance frameworks and the goals they support:
- COSO—Committee of Sponsoring Organizations of the Treadway Commission or COSO offers a general framework that focuses less on IT-specific initiatives and instead emphasizes risk-management and fraud prevention efforts.
- ITIL—ITIL, or Information Technology Infrastructure Library, outlines five best practices for ensuring that your IT infrastructure supports your business operations.
- COBIT—COBIT lays out 37 IT processes and defines the goals, metrics, and methods for measuring performance.
- FAIR—Factor Analysis of Information Risk, or FAIR, is a framework that focuses on risk assessment and cybersecurity and aims to help organizations quantify potential risks.
- CMMI—CMMI, or Capability Maturity Model Integration, scores an organization’s performance on a scale from 1-5, allowing companies to track performance over time.
Ultimately, as you start planning new initiatives, you’ll want to select a governance framework that matches the goals of that project and fits in with your internal culture and the processes your organization already uses each day.
Here are a few examples you might use to manage your software development initiatives:
Agile Software Development Governance
Agile governance describes the process of overseeing, monitoring, and guiding the Agile development process.
Rather than defining standards at the project level, Agile software development governance provides a flexible framework for ensuring alignment between projects and the organization’s goals across its entire portfolio of Agile projects.
Done right, Agile governance aligns with the principles defined in the Agile Manifesto:
- Projects must align with business goals.
Stakeholders determine and set expectations before development begins, defining performance metrics, expectations, and resources upfront. That said, while Agile software development governance aligns projects around organizational goals, this framework allows teams the freedom to make decisions/improvements during the development process.
- Flexibility and adaptability are key.
Expectations, priorities, processes, focus and collaboration styles are always changing. Ensure that your governance framework evolves along with them.
- Project monitoring must be transparent across an organization.
Insights aren’t siloed off at the top of the org chart. Transparency plays a critical role in making sure teams are aware of project deviations or any improvements in-progress. This empowers development teams to fix gaps in the process and share their successes with other teams within the organization.
- Strategy must focus on team goals and practices over documentation.
Evaluating Agile team performance should focus on behaviors and best practices, not adherence to a fixed set of rules.
Cloud governance is gaining traction as more organizations move their core business applications to the cloud.
Cloud-based systems are often built using several different technologies–think hybrid cloud or multi-cloud systems and include various services and APIs.
While organizations can often get by without a cloud governance strategy for the first couple of deployments, over time, it becomes far too difficult to manage complex systems from a simple spreadsheet.
Ultimately, you’ll want to develop a software governance strategy that allows you to get ahead of the complexity—-ideally getting set up before early on when things are easier to manage. Additionally, involve developers in the strategy early on, as they’ll be responsible for carrying out the plan.
Given that we’re at the beginning of a new decade, it’s safe to assume that data management is a top priority for your organization, regardless of industry. In other terms, if you haven’t tackled this critical area in your current governance strategy, you’ll need to update the plan ASAP.
Data governance describes the process of planning, overseeing, and controlling how an organization uses data and data-related sources. Per the Business Application Research Center (BARC), a strong data governance framework supports the following goals:
- Establishes a set of internal rules outlining appropriate data use
- Makes it easier to implement compliance requirements
- Helps organizations minimize risks and reduce costs
- Enables businesses to extract more value from their data
The organization also notes that data governance programs should be treated as an ongoing effort, always evolving to get ahead of new challenges, threats, and regulatory requirements.
Additionally, data governance is an organization-wide effort that requires stakeholder involvement at the operational, tactical, and strategic level.
Automation governance is becoming an increasingly critical element in DevOps practices.
It allows organizations to automatically track governance across the development lifecycle while also maintaining the integrity and security of all data and digital assets within a network. Further, it specifies the approved tools and security standards in place to protect the entire system.
Automation governance also defines the controls and mechanisms that enforce regulatory compliance and addresses how automation is used to perform various tasks such as automatic back-ups, recovery, testing, and configuration.
This might also include documentation that defines the artifacts that must be retained to ensure compliance and audit requirements and provide guidance around which tools are best suited for solving specific problems.
While governance spans a wide range of activities, goals, and processes—and no two organizations will follow the same framework. Ultimately, your software governance strategy should reflect where your organization is today and help you move the needle on your long-term business goals.