cross process governance: how to balance agility & compliance

Cross-Process Governance

How to Balance Agility & Compliance

Jason Bloomberg

President

jason@intellyx.com

@theebizwizard

About Jason Bloomberg

• President of Intellyx

• Advise companies on their digital transformation initiatives & help vendors communicate their agility stories

• Write for Forbes, Wired, & DevX on Digital Transformation

• Buy my latest book, The Agile Architecture Revolution

How do You Manage?

• Each Line of Business/Division has its own goals & business outcomes

• LoB Management drives toward optimizing those outcomes

• Maximize shareholder value/profit/revenue

• Better-Faster-Cheaper, then repeat

Kenny L

lickr.

/photo

The Problem with Better-Faster-Cheaper

• BFC pushes technology and the organization to its breaking point

• Less able to deal with disruption, leading to failure when the unexpected happens

• Failure can occur anywhere

• Resilience eventually becomes top priority

t-Laurv

lickr.

/photo

Optimization vs. Innovation

InnovationDisrupt status quo

to allow human creativity to

flourish

OptimizationEstablish

feedback loops that maximize

business outcome

Innovativeness

• The ability to introduce change into the business environment in order to achieve a strategicadvantage

– New products or services

– Expand market share

– Enter new markets

ttps:/

lickr.

/photo

/3883340152/s

izes/o

Business Agility

• Responsiveness

– Tactical value

• Resilience

– Risk mitigation

• Innovativeness

– Strategic value

Masonite B

lickr.

/photo

asonite-b

/6273626739/s

izes/l

Ability to respond to change in the business environment and leverage change for competitive advantage

Innovation Requires Disruption

• External Disruption

– Competitive pressures/new entrants

– Globalization

– Regulation

• Internal Disruption

– Digital Transformation efforts

– Innovation initiatives

lickr.

/photo

Disruption Introduces Risk

• Optimization without disruption stifles innovation

• Disruption without optimization is an innovation crap shoot

• Optimize what you can & disrupt what you must

ttps:/

lickr.

/photo

Mitigate risk with resilience

Resilience

• The ability to respond quickly and efficiently to negative change in the business environment

– Managing risk

– Bouncing back from adverse events

– Disaster recovery

• Tactical business driver

ttps:/

lickr.

/photo

itshaker/

167480266/s

izes/o

The opposite of brittleness

Process for Innovation?

Disrupt Innovate

Innovation is not a typical business process!

Recipe for Agility

Better Way to Manage

• Build cross-organizational teams

• Understand when to optimize and when to innovate

• Embrace disruption

• Encourage resilience

• Give people the tools they need and get out of their way

Philip

lickr.

/photo

Bimodal IT: The Wrong Way

• Digital Team

– Self-organizing

– Fast-moving

– May follow Agile at least in spirit

– Little governance

• Traditional IT

– Hierarchical

– Slow-moving

– Waterfall-centric

– Formal, bureaucratic governance

Keith W

illiam

ttps:/

lickr.

/photo

lwillo

Ungoverned Shadow IT is Result

Rethinking Bimodal IT

• Business-driven transformation of traditional IT

– Iterative

– Opportunistic legacy modernization

– Cross-cutting reorganization to DevOps culture

– Increased collaboration with digital teams

– Move toward continuous development & integration

agill htt

lickr.

/photo

magill/

Increased automation of governance

Connecting IT Governance to GRC

• Governance, Risk Management, & Compliance

– Broad-based business context

– Traditional GRC tools “hard-wired” to applications

– Inflexible

– Separate architectural context from IT governance

• Business agility requires automation of GRC

hael Coghla

lickr.

/photo

ikecogh/

Governance as Agility Enabler

• Simple rules & policies lead to complex emergent behavior

– Which ones lead to agility?

• Levels of governance

– Low-level rules & policies

– Departmental

– Organizational

• Governance has negative connotation

– Reputation for limiting productivity

– Governance, Risk, & Compliance tools integrated in traditional manner

inski htt

lickr.

/photo

inski/

9430887561/s

izes/l

Separating Software Behavior into Policy Layer

• “Policy” defined as rule or set of rules

• “Aspects” in aspect-oriented programming

• Generally, “constraints” on behavior of system

• Can apply narrowly or broadly

• Technical context, business context, or both

ttps:/

lickr.

/photo

Layers of Abstraction

META Dealing with Change (metaprocesses, metapolicies, etc. )

DYNAMIC Abstract Models (dynamic schemas, dynamic APIs, etc.)

ABSTRACTED (LOGICAL)

Abstracted Technology (schemas, software interfaces, etc.)

PHYSICAL Technology (software, middleware, databases, etc.)

Supporting Policy Change

• Create dynamic policy models

• Represent policies as metadata

• Establish metapolicies for policy change

• Implement technology that supports policy creation, mediation, and enforcement

Rogers

lickr.

/photo

estlessglo

Metapolicies & Governance

• Meta

– How variable must policies be?

– What are your policies for doing governance?

• Dynamic

– How to represent policies abstractly?

– Realize dynamic policy representations by governance infrastructure

• Abstract

– Metadata representations of individual policies

Mozart

lickr.

/photo

eepers

Automating Compliance

• Policies that apply to human behavior

– Provide tools that make it easy to comply

• Policies that apply to technology behavior

– Fully automated compliance

• Shift human behavior to automated behavior when appropriate

– Especially when compliance is improved

wskihtt

lickr.

/photo

irepile/

Shifting Role of Governance

• Old Way

– Paperwork-heavy

– Morale-killing policies & procedures

– Bureaucratic & slow

– “Scar tissue” that impedes innovation

• New Way

– Highly automated

– Focus on “edge cases” where governance is essential

– Depends on dynamic constraint satisfaction

Pascal htt

lickr.

/photo

asukaru

Introducing Dynamic Constraint Satisfaction

• Constraint satisfaction

– Process of finding a solution to a set of constraints that impose conditions that variables must satisfy

• Dynamic constraint satisfaction

– Set of constraints evolves

• Conditions are policies & rules

• Every person & system within an organization is expected to comply with multiple layers of policies and rules

• Policies and rules are always subject to change

ttps:/

lickr.

/photo

inksherb

Dynamic Constraint and Emergence

• Dynamic constraint satisfaction ensures all rules comply with

– Applicable regulations

– Policies

– Other rules across the entire organization

• Automating the solution of such problems in real time leads to emergent behaviors

– Unpredictable behaviors taken together lead to higher order of behavior of organization as a whole

Mosdell

lickr.

/photo

Dynamic Constraint Satisfaction

• Enforce the full breadth of business & technical policies

• Run time environment must solve for the combination of all applicable policies

– Dynamically at run time

– Across the entire application environment

Robson#

lickr.

/photo

robson_/

Governance & Agility?

• Do we get business agility?

• Agility doesn’t mean chaos

– If everybody in an organization did whatever they wanted to without any rules or policies

– Rules & policies inconsistently communicated or applied

• Secret to business agility is to empower people to innovate within constraints of organizational policy

Pascal htt

lickr.

/photo

asukaru

Closing the Loop on Governance

• Rules & policies may lead to undesirable behavior

• Measure effects in context of operating business

– Customer behavior, financial metrics, etc.

• Big Data analysis of policy efficacy

– Feedback for continual improvement

• Avoid confirmation bias

– Favoring evidence that supports hypotheses

Dave G

ough h

ttps:/

lickr.

/photo

paceple

Cross-Process Governance

• Governance as layers of policies & rules

• Need to calculate effective policy

• Cross-process, cross-organization, in & out of Cloud

• In real time

Process “A” Team “C”Division “B”

Cross-ProcessGovernance

Jason Bloomberg

President, Intellyx

jason@intellyx.com

@theebizwizard

Send email NOW to bbc14@intellyx.com to download this presentation

Thank You!

cross process governance: how to balance agility & compliance

Technology

2018 fitground catalog - active lifestyle...

dynamic balance mobility - exercise etc · 2017-04-14 ·...

identity & access governance versus process agility

delivering mission agility through agile soa governance 13...

age related changes in balance & agility · balance &...

reactive agility, core strength, balance, and soccer

leading small and medium-sized enterprise (sme) …...•...

bridging the gap between governance and agility ›...

finding balance: an evaluation governance model to ease

agility, balance and coordination a* · is skill-related...

age related changes in balance & agility · 2020. 4....

southdowns agility club · any balance will be supported by...

components of fitness agility balance shmd 249 7/3/2013

ngo governance: striving for a balance between financial

balance, explosiveness, streinght, flexiblity, agility

balance, agility and fall prevention

business as a service multi-layer governance...

agility, governance and productivity -...

how large enterprises use platform governance to gain...

webinar: credit decisioning agility & …...webinar: credit...