Todd Biske: Outside the Box

As another example of innovative thinking and how we should look “outside the box”, take the recent entry by Vinnie Mirchandani entitled “People! More Government is Not Good!” While by the title you might think it is a political commentary (which it partially is), it begins with a discussion on compliance IT. Vinnie further uses real world examples of government activities versus activities in the private sector, such as Wal-Mart’s response to Hurricane Katrina as quoted from Fortune:

That was Hurricane Katrina, when government at nearly every level looked utterly incompetent while businesses became the heroes. FedEx delivered 440 tons of relief supplies, mostly at no charge. Wal-Mart meteorologists informed managers that Katrina was headed for New Orleans more than 12 hours before the National Weather Service told the public; the company later hauled millions of dollars of supplies into the worst-hit areas days before FEMA showed up.

It is posts like these that keep things interesting for me. By looking at how governance operates in non-IT scenarios, there are lots of lessons that can be learned on how to apply it within IT scenarios. SOX was intended to bring a new level of compliance and accountability to businesses. Will SOX bring back credibility and trust or is some form of self-regulation more important? How does this apply to the context of SOA governance? One key difference is that businesses already had governance prior to SOX, especially for public companies. On top of that, there is the notion of business ethics. In contrast, the more people I talk to, the more I think that the majority of organizations have little to no technical governance. So what’s the right approach? While businesses may not have needed more governance, it’s hard to argue that for IT. In a culture that lacks governance, can they be trusted to self-regulate? One thing is for sure, it won’t happen if there isn’t a shared understanding of what the right thing is. Perhaps the message should begin with one of SOA ethics and morality and then move on to SOA governance. Ethics and morality establish the unbreakable principles of the society as a whole. Communities that agree on these principles can be very successful with self-regulation and less governance. Communities that do not are unlikely to be successful with self-regulation. Where does your IT department stack up? Are there unbreakable principles that they all agree on?