Home Agile SCM Transparency improves Governance

Transparency improves Governance

 PDF  | Print |  E-mail
Written by Brad Appleton, Robert Cowham and Steve Berczuk   
Wednesday, 19 March 2008 15:35

mar08transparencybigIT governance and compliance - providing transparency to senior management.

This months topic is IT governance and compliance, which tends to suggest more formal and rigorous processes. If you go to the IT Governance Institute you can get lots of information and pointers, including to standards such as COBIT. Areas covered by governance include:
  

Business continuity and disaster recovery
  • Regulatory compliance
  • Information governance and information security
  • IT Service Management, including ITIL and Service Level Management
  • Knowledge Management, including Intellectual Capital
  • Project governance
  • Risk management
Governance is really about good management - it is not just applicable to industry sectors with high regulatory compliance requirements. Configuration management supports most of these areas.

There are more than a few people who think that Agile processes are not appropriate for situations with strong compliance requirements - we think this view is wrong! Indeed by increasing the transparency of our development process through appropriate use of Agile methods, we can improve governance in all areas. That said, Agile methods are not going to address all of the issues listed above.

Rather than repeat other material, we would like to reference some other articles and pull out some linkages and highlights.

In An Agile Approach To IT Governance, Ross Pettit writes:

The term "governance" can conjure images of bureaucratic compliance processes that interfere with "doing real work." Yet it is a results-orientated practice...

The ability to both assess and forecast effectiveness and completeness makes an organization more - not less - responsive to changes in the business environment.
And he summarizes:
  • good governance reduces surprises
  • effective governance creates greater trust and confidence
  • mature governance aligns day-to-day execution with strategic decisions
Scott Ambler and Per Kroll have an excellent series of articles, "Best practices for lean development governance"

A key point for us with regards to the difference for Lean or Agile developers is:

Traditional governance often focuses on command-and-control strategies which strive to manage and direct development project teams in an explicit manner. Although this is a valid and effective strategy in some situations, for many organizations this approach is akin to herding cats -- you'll put a lot of work into the governance effort but achieve very little in practice. Lean governance focuses on collaborative strategies that strive to enable and motivate team members implicitly. For example, the traditional approach to coding guidelines would be to create them and then enforce their usage through formal inspections. The lean approach would be to write the guidelines collaboratively with your programmers, explain why it is important for everyone to adopt the guidelines, and then provide tooling and support to make it as easy as possible for developers to follow those guidelines. This lean governance approach is akin to leading cats; if you grab a piece of raw fish, cats will follow you wherever you want to go.

In our article Lean Traceability: a smattering of strategies and solutions we addressed expanded on the trust and confidence mentioned above:

  • Trustworthy Transparency is more valuable than Tiresome Traceability
  • Agile/Lean Methods do produce documentation (where it is appropriate) - but they don't produce it "by the yard" to sit on a shelf.
  • Traceability should serve the purpose of transparency, visibility and status-accounting rather than being a goal in itself.
Many organizations have found that making business intelligence tools available on people's desktops, allowing them to drill down into data, is much more powerful than producing static reports which are then circulated and that people have to wade through to find the information they need. Static tools lack flexibility and any changes must be developed - with all the lead time that implies. So we need to enable our SCM tools to make this information visible as simply and painlessly as possible. Issues that come up in this area include:

  • Licensing costs for access the tool - can you produce any form of read-only material which is cheaper than full access (and also perhaps easier to use than the full tool)?
  • Security and access control - agile methods lean towards more access rather than less access, and yet the appropriate balance needs to be defined according to the needs of the organization.
  • Cross tool/vendor integration - what information is stored where, and how is it linked? The pros and cons of integrated suites vs. best of breed solutions.
Metrics
On the subject of metrics for agile projects, Alistair Cockburn describes some useful reporting metrics in his article A governance model for agile projects.

The IT Process Institute has an interesting report (Executive Summary available for free download): ITPI Executive Snapshot - Change Configuration and Release What's really driving top performance?

This is a summary of the 60-page ITPI Change, Configuration, and Release Performance Study that provides extensive analysis and detail about specific change, configuration, and release practices that best predict top levels of performance across the 341 IT organizations studied.

While it has an ITIL/Service Management focus, it makes interesting reading:

Key Performance Drivers

These seven sets of practices which we call key performance drivers, include thirty individual practices that predict top levels of performance. They are listed from highest to lowest impact: 
  • Release scheduling and rollback-In this set of practices, IT organizations develop and maintain a fine-tuned cycle of build and test, and then release only during maintenance windows with tested rollback plans. Data about the root causes of release exceptions is fed back to systematically improve the process.
Another useful related reference is the Visible Ops Handbook by Gene Kim (one of the founders of ITPI) which costs around $20.

Conclusion
Governance is about good management.

Agile can provide it!

[Editor's note - there are actually a number of efforts underway to map Cobit and other IT Governance  related frameworks to many ALM best practices including Agile. This will not only show Agile's value in supporting compliance frameworks but likely help Agile mature into a more comprehensive framework as well. Future articles in CM Crossroads and the Agile Journal will provide details on these developing best practices!]

Brad Appleton is an enterprise SCM/ALM solution architect for a Fortune 100 technology company. He is co-author of Software Configuration Management Patterns: Effective Teamwork, Practical Integration, the "Agile SCM" column in CMCrossroads.com's CM Journal, and a former section editor for The C++ Report. Since 1987, Brad has extensive experience using, developing, and supporting SCM environments for teams of all shapes and sizes. He holds an M.S. in Software Engineering and a B.S. in Computer Science and Mathematics. You can reach Brad by email at brad@bradapp.net This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

Robert Cowham has been in software development for over 20 years in roles ranging from programming to project management. He continues his involvement in development projects but spends most of his time on SCM Consultancy and Training. He is the Chair of the Configuration Management Specialist Group of the British Computer Society, has a BSc in Computer Science from Edinburgh University and is a Chartered Engineer (CEng MBCS CITP). You can contact him at rc@vaccaperna.co.uk This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

Steve Berczuk is a Technical Lead for an Agile Software Development consulting company. He has been developing software applications since 1989, often as part of geographically distributed teams. In addition to developing software he helps teams use Software Configuration Management effectively in their development process. Steve is co-author of the book Software Configuration Management Patterns: Effective Teamwork, Practical Integration and a Certified ScrumMaster. He has an M.S. in Operations Research from Stanford University and an S.B. in Electrical Engineering from MIT. You can contact him at  steve@berczuk.com This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .

Trackback(0)

Comments (0)add comment

feedSubscribe to this comment's feed

Write comment

smaller | bigger

security image
Write the displayed characters


busy
Last Updated on Friday, 04 July 2008 10:20
 
Advertisement