Upload
jason-bloomberg
View
265
Download
2
Embed Size (px)
DESCRIPTION
Organizations have numerous, disparate ways of leveraging IT to automate or otherwise support the variety of business processes that constitute the operation of the business, typically focused on achieving business outcomes through continual optimization. But when the organization seeks to be innovative, the story gets tricky when they treat innovation itself as a set of business processes. Innovation requires disruption, thus requiring a different management approach from traditional BPM-friendly "better-faster-cheaper" management techniques that drive optimization but limit innovation and resilience. As a result, we're faced with the dilemma: invest heavily in custom integration to govern all our processes, thus sacrificing the agility drivers of innovation and resilience, or govern many of the processes manually in a piecemeal fashion, risking holes in our compliance. The answer: cross-process governance that leverages dynamic constraint satisfaction. Implement technology that is able to interpret and apply diverse metadata across the organization, including policies, rules, and other governance-related information, maintaining compliance "on the edges," while disruptive innovation takes place as needed across the organization.
Citation preview
Copyright © 2014, Intellyx, LLC
1
Cross-Process Governance
How to Balance Agility & Compliance
Jason Bloomberg
President
@theebizwizard
About Jason Bloomberg
• President of Intellyx
• Advise companies on their digital transformation initiatives & help vendors communicate their agility stories
• Write for Forbes, Wired, & DevX on Digital Transformation
• Buy my latest book, The Agile Architecture Revolution
Copyright © 2014, Intellyx, LLC2
How do You Manage?
• Each Line of Business/Division has its own goals & business outcomes
• LoB Management drives toward optimizing those outcomes
• Maximize shareholder value/profit/revenue
• Better-Faster-Cheaper, then repeat
Copyright © 2014, Intellyx, LLC3
Photo
Cre
dit:
Kenny L
oule
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/k
wl/
The Problem with Better-Faster-Cheaper
• BFC pushes technology and the organization to its breaking point
• Less able to deal with disruption, leading to failure when the unexpected happens
• Failure can occur anywhere
• Resilience eventually becomes top priority
Copyright © 2014, Intellyx, LLC4
Photo
Cre
dit:
Frits
Ahle
feld
t-Laurv
ightt
ps:/
/ww
w.f
lickr.
com
/photo
s/h
ikin
gart
ist/
Optimization vs. Innovation
Copyright © 2014, Intellyx, LLC5
InnovationDisrupt status quo
to allow human creativity to
flourish
OptimizationEstablish
feedback loops that maximize
business outcome
Innovativeness
• The ability to introduce change into the business environment in order to achieve a strategicadvantage
– New products or services
– Expand market share
– Enter new markets
Copyright © 2014, Intellyx, LLC6
Photo
Cre
dit:
Kay K
im h
ttps:/
/ww
w.f
lickr.
com
/photo
s/k
aykim
/3883340152/s
izes/o
/
Business Agility
• Responsiveness
– Tactical value
• Resilience
– Risk mitigation
• Innovativeness
– Strategic value
Copyright © 2014, Intellyx, LLC7 Photo
Cre
dit:
Masonite B
urn
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/m
asonite-b
urn
/6273626739/s
izes/l
Ability to respond to change in the business environment and leverage change for competitive advantage
Innovation Requires Disruption
• External Disruption
– Competitive pressures/new entrants
– Globalization
– Regulation
• Internal Disruption
– Digital Transformation efforts
– Innovation initiatives
Copyright © 2014, Intellyx, LLC8
Photo
Cre
dit:
Charl
es W
agner
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/c
hazw
ags/
Disruption Introduces Risk
• Optimization without disruption stifles innovation
• Disruption without optimization is an innovation crap shoot
• Optimize what you can & disrupt what you must
Copyright © 2014, Intellyx, LLC9
Photo
Cre
dit:
epSos
.de h
ttps:/
/ww
w.f
lickr.
com
/photo
s/e
psos/
Mitigate risk with resilience
Resilience
• The ability to respond quickly and efficiently to negative change in the business environment
– Managing risk
– Bouncing back from adverse events
– Disaster recovery
• Tactical business driver
Copyright © 2014, Intellyx, LLC10
Photo
Cre
dit:
Joe h
ttps:/
/ww
w.f
lickr.
com
/photo
s/b
itshaker/
167480266/s
izes/o
/
The opposite of brittleness
Process for Innovation?
Copyright © 2014, Intellyx, LLC11
Disrupt Innovate
Innovation is not a typical business process!
Recipe for Agility
Copyright © 2014, Intellyx, LLC12
Better Way to Manage
• Build cross-organizational teams
• Understand when to optimize and when to innovate
• Embrace disruption
• Encourage resilience
• Give people the tools they need and get out of their way
Copyright © 2014, Intellyx, LLC13
Photo
Cre
dit:
Philip
Leara
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/p
hille
ara
/
Bimodal IT: The Wrong Way
• Digital Team
– Self-organizing
– Fast-moving
– May follow Agile at least in spirit
– Little governance
• Traditional IT
– Hierarchical
– Slow-moving
– Waterfall-centric
– Formal, bureaucratic governance
Copyright © 2014, Intellyx, LLC14
Photo
Cre
dit:
Keith W
illiam
son h
ttps:/
/ww
w.f
lickr.
com
/photo
s/e
lwillo
/
Ungoverned Shadow IT is Result
Rethinking Bimodal IT
• Business-driven transformation of traditional IT
– Iterative
– Opportunistic legacy modernization
– Cross-cutting reorganization to DevOps culture
– Increased collaboration with digital teams
– Move toward continuous development & integration
Copyright © 2014, Intellyx, LLC15
Photo
Cre
dit:
Andre
w M
agill htt
ps:/
/ww
w.f
lickr.
com
/photo
s/a
magill/
Increased automation of governance
Connecting IT Governance to GRC
• Governance, Risk Management, & Compliance
– Broad-based business context
– Traditional GRC tools “hard-wired” to applications
– Inflexible
– Separate architectural context from IT governance
• Business agility requires automation of GRC
Copyright © 2014, Intellyx, LLC16
Photo
Cre
dit:
Mic
hael Coghla
nhtt
ps:/
/ww
w.f
lickr.
com
/photo
s/m
ikecogh/
Governance as Agility Enabler
• Simple rules & policies lead to complex emergent behavior
– Which ones lead to agility?
• Levels of governance
– Low-level rules & policies
– Departmental
– Organizational
• Governance has negative connotation
– Reputation for limiting productivity
– Governance, Risk, & Compliance tools integrated in traditional manner
Copyright © 2014, Intellyx, LLC17
Photo
Cre
dit:
Mik
e L
ew
inski htt
ps:/
/ww
w.f
lickr.
com
/photo
s/i
kew
inski/
9430887561/s
izes/l
Separating Software Behavior into Policy Layer
• “Policy” defined as rule or set of rules
• “Aspects” in aspect-oriented programming
• Generally, “constraints” on behavior of system
• Can apply narrowly or broadly
• Technical context, business context, or both
Copyright © 2014, Intellyx, LLC18
Photo
Cre
dit:
Gle
n S
carb
oro
ugh h
ttps:/
/ww
w.f
lickr.
com
/photo
s/p
hoto
gra
pherg
len/
Layers of Abstraction
Copyright © 2014, Intellyx, LLC19
META Dealing with Change (metaprocesses, metapolicies, etc. )
DYNAMIC Abstract Models (dynamic schemas, dynamic APIs, etc.)
ABSTRACTED (LOGICAL)
Abstracted Technology (schemas, software interfaces, etc.)
PHYSICAL Technology (software, middleware, databases, etc.)
Supporting Policy Change
• Create dynamic policy models
• Represent policies as metadata
• Establish metapolicies for policy change
• Implement technology that supports policy creation, mediation, and enforcement
Copyright © 2014, Intellyx, LLC20
Photo
Cre
dit:
jason
Rogers
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/r
estlessglo
betr
ott
er/
Metapolicies & Governance
• Meta
– How variable must policies be?
– What are your policies for doing governance?
• Dynamic
– How to represent policies abstractly?
– Realize dynamic policy representations by governance infrastructure
• Abstract
– Metadata representations of individual policies
Copyright © 2014, Intellyx, LLC21
Photo
Cre
dit:M
ike
Mozart
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/j
eepers
media
/
Automating Compliance
• Policies that apply to human behavior
– Provide tools that make it easy to comply
• Policies that apply to technology behavior
– Fully automated compliance
• Shift human behavior to automated behavior when appropriate
– Especially when compliance is improved
Copyright © 2014, Intellyx, LLC22
Photo
Cre
dit:
Robin
Zebro
wskihtt
ps:/
/ww
w.f
lickr.
com
/photo
s/f
irepile/
Shifting Role of Governance
• Old Way
– Paperwork-heavy
– Morale-killing policies & procedures
– Bureaucratic & slow
– “Scar tissue” that impedes innovation
• New Way
– Highly automated
– Focus on “edge cases” where governance is essential
– Depends on dynamic constraint satisfaction
Copyright © 2014, Intellyx, LLC23
Photo
Cre
dit:
Pascal htt
ps:/
/ww
w.f
lickr.
com
/photo
s/p
asukaru
76/
Introducing Dynamic Constraint Satisfaction
• Constraint satisfaction
– Process of finding a solution to a set of constraints that impose conditions that variables must satisfy
• Dynamic constraint satisfaction
– Set of constraints evolves
• Conditions are policies & rules
• Every person & system within an organization is expected to comply with multiple layers of policies and rules
• Policies and rules are always subject to change
Copyright © 2014, Intellyx, LLC24
Photo
Cre
dit:
Pin
k S
herb
et
Photo
gra
phy h
ttps:/
/ww
w.f
lickr.
com
/photo
s/p
inksherb
et/
Dynamic Constraint and Emergence
• Dynamic constraint satisfaction ensures all rules comply with
– Applicable regulations
– Policies
– Other rules across the entire organization
• Automating the solution of such problems in real time leads to emergent behaviors
– Unpredictable behaviors taken together lead to higher order of behavior of organization as a whole
Copyright © 2014, Intellyx, LLC25
Photo
Cre
dit:
Sid
Mosdell
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/s
idm
/
Dynamic Constraint Satisfaction
• Enforce the full breadth of business & technical policies
• Run time environment must solve for the combination of all applicable policies
– Dynamically at run time
– Across the entire application environment
Copyright © 2014, Intellyx, LLC26
Photo
Cre
dit:
Robson#
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/_
robson_/
Governance & Agility?
• Do we get business agility?
• Agility doesn’t mean chaos
– If everybody in an organization did whatever they wanted to without any rules or policies
– Rules & policies inconsistently communicated or applied
• Secret to business agility is to empower people to innovate within constraints of organizational policy
Copyright © 2014, Intellyx, LLC27
Photo
Cre
dit:
Pascal htt
ps:/
/ww
w.f
lickr.
com
/photo
s/p
asukaru
76/
Closing the Loop on Governance
• Rules & policies may lead to undesirable behavior
• Measure effects in context of operating business
– Customer behavior, financial metrics, etc.
• Big Data analysis of policy efficacy
– Feedback for continual improvement
• Avoid confirmation bias
– Favoring evidence that supports hypotheses
Copyright © 2014, Intellyx, LLC28
Photo
Cre
dit:
Dave G
ough h
ttps:/
/ww
w.f
lickr.
com
/photo
s/s
paceple
b/
Cross-Process Governance
• Governance as layers of policies & rules
• Need to calculate effective policy
• Cross-process, cross-organization, in & out of Cloud
• In real time
Copyright © 2014, Intellyx, LLC29
Process “A” Team “C”Division “B”
Cross-ProcessGovernance
Jason Bloomberg
President, Intellyx
@theebizwizard
Send email NOW to [email protected] to download this presentation
Thank You!