Abstract
Service-Oriented Architecture (SOA) governance is considered a key success factor when using a service-oriented approach for aligning IT to business. However, some organizations misinterpret the role of SOA inside the organization and there is scarce empirical evidence about how SOA governance is applied in practice. This research paper will study the position of SOA governance in relation to Information Technology (IT) governance and Enterprise Architecture (EA) governance inside the organization. Semi-structured interviews were conducted with experts in the field. The findings illustrate how organizations initially considered SOA governance as a separate entity; they recently started seeing the relationships between SOA governance, IT governance, Enterprise Architecture governance and corporate governance. In this paper, different views and opinions are presented; nevertheless, they all lead to the conclusion that SOA governance need to be considered at a higher level inside the organization and organizations should not treat SOA governance as a separate entity from and IT governance and EA governance.
Access provided by CONRICYT-eBooks. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Service-Oriented Architecture (SOA) “is a strategy for constructing business-focused software systems from loosely coupled, interoperable building blocks (called services) that can be combined and re-used quickly, within and between enterprises, to meet business needs” [1]. Most organizations face significant challenges implementing SOA [2]. Governance is considered the key factor for successful SOA implementation [3], however, it does not guarantee success [1].
In a business environment, IT governance and SOA governance are treated as separate entities. Even though most researchers agree that SOA governance is a subset of IT governance, known IT governance frameworks such as ITIL and COBIT do not address SOA specific challenges [2, 3]. Some researchers argue that IT governance and SOA governance have little in common. Others consider SOA governance as a subset of IT governance; some others consider that SOA governance extends from IT governance to corporate governance. Moreover, very few SOA and SOA governance research articles address the connections with Enterprise Architecture (EA) and its governance. This research paper will clarify the relationship of SOA governance to IT governance by investigating the opinion of experts in the relevant field. Section 2 of this research paper provides a background on IT governance and SOA governance as presented in the literature before discussing and presenting the research problem. Section 3 addresses the methodology used to address the research problem. The last two sections address the findings and future work respectively.
2 Background of the Study
A literature review for relevant work in the field of SOA, SOA governance and IT governance pertinent to this research study has been carried out. This section defines important terms and keywords used and outlines the research problem.
2.1 Definitions
Governance is about bringing the right people to the table to have the right conversation with the right process and best information available [4]. It helps to ensure that organizations build the right services, in the right way, at the right time [5]. Governance is different from management and leadership.
Corporate governance is the system by which organizations are directed and controlled. It consists of sub-governance like financial governance, human resource governance, IT governance, risk governance, etc. Corporate governance means establishing and enforcing how a group of people agrees to work together to achieve organizational objectives [6].
According to the IT Governance Institute, “IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives” [7]. In their book ‘IT governance’, Weill and Ross [8] define governance as “specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT”, and they describe IT governance as the “most important factor in generating business value from IT”. IT governance deals with the structures, processes and relational mechanisms involved in IT decision making, and highlights IT’s business supportive, or business driving [9].
Larrivee [10] defines SOA governance “as the guidelines by which we would use SOA to produce the expected results of delivering information from back office applications.” While Niemann [11] argues that SOA governance focuses on the smooth adoption and successful operation of an SOA as the Enterprise Architecture (EA) in a company and claims that the overall goals are SOA compliance and the guarantee of reusability and standardization throughout the system. SOA governance is seen by [12, 13] as a continuous process that constantly ‘mediates’ between business requirements and the operational reality in an SOA system; its goal is to strengthen IT-Business alignment.
2.2 Relationship Between Corporate Governance and IT Governance
Corporate governance issues can no longer be solved without considering IT due to the business dependency on IT. Corporate governance should therefore drive and set IT governance. At the same time, IT can influence strategic opportunities as outlined by the enterprise and can provide critical input to strategic plans. That mean, IT governance should be seen as a driver for corporate governance as it enables the enterprise to take full advantage of its information if implemented properly. Therefore, IT governance and corporate governance should not be considered as pure distinct disciplines, and IT governance needs to be integrated into the overall governance structure of the enterprise. More precisely, IT governance should be considered as corporate governance applied to IT. IT is an integral part of the business and IT governance is an integral part of corporate governance [14].
2.3 Relationship Between SOA Governance and IT Governance
SOA governance provides executives with the visibility and control necessary for IT governance to be able to increase the business agility of their organizations, and it allows them to interconnect brittle legacy IT infrastructure [15]. Some researchers see SOA governance as a subset of IT Governance that only focuses on the lifecycle of services and composite applications in an organization’s SOA [13, 16]. Others, argue that in SOA world, successful governance can help accelerate SOA adoption and encourage the use of SOA best practices for an organization [17]. Some others consider that there is a common misconception that SOA governance is governance of an SOA and this indicates a fundamental misunderstanding of the role of SOA [15]. Bloomberg [15] argues that when an enterprise adopts SOA, it should approach the organization of all of its IT assets from a service-oriented perspective. As such, service orientation provides a broad organizing principle for all aspects of IT in the company — including IT governance. Therefore SOA governance is IT governance in the context of SOA, rather than governance of SOA [15], it extends corporate governance and IT governance and it was created as an extension or a specialization to traditional governance with a special mission of delivering business value using the SOA style [12]. In conclusion, SOA governance promises to augment the IT governance process, while mitigating its risks, and facilitating the dialogue between business and IT users.
2.4 Governance Frameworks Current State
The literature review shows a lack around the relationship between SOA governance and IT governance. Most researchers put aside IT governance while studying SOA governance [2]. Nevertheless, recent years have witnessed few studies that have based their SOA governance frameworks on existing IT governance frameworks and stated the need to complement SOA governance and IT governance frameworks. However, these studies are narrow and are not based on strong empirical data.
In the area of IT governance, a number of existing frameworks cover all aspects of IT and they provide structures, action scope, guidelines, reference processes, and best practices, etc. [13]. However, they lack applicability concerning SOA specific challenges, e.g., SOA lifecycle, SOA roadmap and SOA maturity challenges [11, 16]. Hence, in order to meet SOA governance requirements, researchers claim that existing IT governance frameworks need to be extended [11, 13]; or either SOA governance should build upon and perhaps extend existing IT and operational governance [5]. For example, COBIT - which is a widely accepted control framework for IT governance - has served as a basis for many of the proposed SOA governance approaches [11, 18, 19]. However, COBIT (version 4.1) does not completely cover SOA. It addresses evaluation processes, governance structure and control mechanisms, but does not support some important SOA governance aspects such as service lifecycle, service portfolio management, SOA roadmap and SOA maturity [2].
2.5 The Research Problem
From the literature survey, we see many gaps. Firstly, there is not enough research on the integration of SOA governance frameworks within IT governance frameworks. Moreover, there are conflicting claims and inconsistencies in the literature concerning the role of SOA governance during SOA adoption. The research of Weill and Ross [8] showed that good IT governance has clear business benefits, “still the lack of such governance did not mean game is over” [5]. According to Woolf [5, 13] research studies and articles have shown it is not the case for SOA or SOA governance. SOA must be governed in order to realize the potential of a service-based approach. Simultaneously empirical research found that in everyday businesses, organizations are using IT governance frameworks, like COBIT, to deal with SOA [18].
There are little empirical evidence on the implications and usage of the SOA governance frameworks and how these frameworks are actually working in the most effective way. However, there is so much that is not known and not researched and there are many claims made in the literature that are not substantiated by empirical evidence. As a result, there is confusion about the role and usage of SOA governance in the organization. To the best of our knowledge, no publication exists which qualitatively studies the relationship between IT governance and SOA governance, and compares the impact of different IT and SOA governance frameworks. Therefore, there is a need to enhance the business and technical meaning of IT governance and SOA governance and the relationship between them. The purpose of this research study is to help understanding the relationship between SOA governance and IT governance. For this reason, we need to know if IT and SOA governance efforts are well integrated with overall corporate governance arrangements in the organization and how effective are IT and SOA governance arrangements within the organization [20,21,22]. This proposed research could well provide executives with some guidelines on how to practice effective governance (directing and controlling of IT resources).
3 Research Methodology and Design
This paper is based on a research study about SOA governance in practice. The study uses an interpretive qualitative research methodology based on semi-structured interviews as a first phase and in-depth field-study in the second phase. This paper is based on the first phase of the research.
The first phase of this research study involves conducting interviews with experts who have experience with SOA governance in multiple companies and who participated in several SOA projects. Twenty-eight interviews were conducted including three pilot interviews. The role of the interviews is to acquire a broad view of SOA governance issues at the time the study is done. The interviewees were selected and recruited through professional networks of SOA/IT governance experts. The interviews took the form of face-to-face personal interviews, online interviews or phone interviews. The questions were open-ended where responses were questioned and discussed further. Consequently, the respondents were able to clarify both the questions and the answers. The interviews focused on the relation between corporate governance, IT governance and SOA governance and extensively on the aspects of the governance frameworks used in practice.
The majority of the participants had a decision-making role or a consultancy role in the organizations they worked for and their experience with service management and SOA varies from four to more than twenty-five years. They have worked with a minimum of two organizations and on different SOA projects in different sectors: telecommunication, government, financial services, information technology and services, education, IT healthcare, computer software and software services and products. The participants have occupied the roles of Systems Analyst, Project Manager, Technical Architect, Enterprise Architect, Chief Architect, Chief Technology Officer, SOA Architect, SOA Consultant, etc. At the time of the interviews, the participants were located in Australia, South Africa, Canada, USA, South America, MEA, UK, Europe and India.
Data analysis is conducted during and after each phase. The interview transcripts are being analyzed using Thematic Analysis. Coding in Thematic analysis helps the researcher to build a systematic account of what has been observed and recorded [23].
4 Findings
4.1 Relationship Between IT Governance and SOA Governance
Most participants agree that SOA governance is not only a sub-set of IT governance, but it gives organizations visibility and control over their SOA development and deployment via establishment of policies, controls, and enforcement mechanisms; it also allows the organization to be supportable long term. However, there were different opinions on how to extend this definition into the business domain and how to position SOA governance within the organization.
Participant 5 sees that the definition could be extended depending on how to define the boundaries of SOA governance; i.e. where it runs into Centre of Excellence as well how to define the mechanism. While according to participant 6, SOA governance is about packaging up systems, allowing systems and processes to talk to each other’s and how they are aligned using an Enterprise Service Bus (ESB). Importantly participant 8 claims that IT governance can exist without SOA governance but poorly and often, that is what happens. This is because there is varying degrees of maturity across organizations Australian and international about their IT governance. Participant 13 sees that SOA governance drives the business; it is not a set of rules but a decision making process; therefore it is more about the approach taken and that approach is based on the culture change that is developed inside the organization.
From a different perspective, participant 11 concludes that SOA governance has to be considered part of corporate governance and its change management has to span outside of IT. “SOA governance is a way of doing corporate governance that involves IT and business people working together to determine what they are trying to achieve, what are the roles and responsibilities that need to occur in order for that to create the business capabilities that they are trying to do”. Participant 11 supports their claim by saying that the corporate governance is responsible for delivering a vision and SOA is responsible to achieve that vision. This requires change from a business side as much as it requires deployment of different emerging technology.
On the other hand, participants 7, 15, 16, 19 and 26 consider that SOA governance is also around Enterprise Architecture, which focuses on controlling part of the architecture components within the organization. Participant 7 argues that the Enterprise Architecture department should be responsible for the SOA governance framework. The full picture according to participant 15 and 19 is as follows: corporate governance followed by IT governance and then Enterprise Architecture (EA) governance where SOA is a part of EA governance. According to participant 16, EA and SOA “go hand in hand”; however, organizations need to have IT governance in place and they should drive their SOA governance off that IT governance framework. Participant 26 sees SOA governance is an extension of both IT governance and Enterprise Architecture governance because IT governance and EA governance are actually both supporting the business therefore aligning the business objectives and business goals together gives a better chance of realizing SOA benefits.
Participants 14 and 17 take a middle perspective between the different views presented above, participant 17 claims that “EA should be part of the conversations; a lot of vendors don’t mention it because they don’t have a good answer for it.” Similarly, participant 14 divides SOA governance in two branches: SOA governance itself and the service governance and claims that Enterprise Architecture defines how services are operated.
In summary, participants of this research study agree that SOA governance is not only the governance of SOA - a set of procedures and policies adapted within the organization – but also it is also a matter of leverage tools that help to enforce and guide these procedures. Therefore, SOA governance extends to IT governance, EA governance and corporate governance. We conclude that the participants have different views on SOA governance positioning within the organization; however, none of the participants mentioned that their way is the only way. Fourteen participants claim that there is more than one way for doing SOA governance and that depends on the organization’s attributes (size, culture, needs, goals, location, etc.). The problem these days is not where to place SOA governance within the organization; however, it is extremely important for organizations to understand the role of SOA governance; the challenge is to be able to respond quickly because “organizations have been asked to govern things that they never would have thought of before” according to participant 8; therefore organizations need to be able to implement governance increasingly and more rapidly.
4.2 Governance Frameworks Used by Participants
In response to the question if organizations use IT/EA governance frameworks to govern SOA, most participants argue that major organizations are aware and use IT and EA governance frameworks: ITIL, COBIT, TOGAF, etc. (participants 7 and 8) as well as other SOA governance frameworks from vendors: IBM, Oracle, the Open Group, etc. (participants 14 and 16) or custom-build frameworks (participants 4, 6 and 9). Participant 8 claims that IT and SOA governance frameworks were seen as separate things up until 5 years ago. It is now agreed by many participants that IT and SOA governance frameworks need to be used simultaneously by organizations, but it is still not the case in some organizations. For this reason, both IT governance framework and SOA governance framework are complimentary and need to be set up properly within the organization according to participant 9. Nevertheless, organizations have to see the difference between IT and SOA governance framework; the difference is where they connect and where they fit into each other; that is mainly through applications according to participant 7.
It is important to note that ITIL is seen more entrenched then COBIT by participant 8, and is the most used IT governance framework according to most participants of this research. ITIL is used to evaluate and assess what IT capabilities and services organizations need to put in place. It certainly becomes a reasonably pervasive standard in terms of assessing the requirements and capabilities for IT service functions and it is a comprehensive library of processors and protocols, according to participant 6. Participant 11 indicates that both ITIL and COBIT have evolved from an Enterprise Architecture point of view i.e. managing IT within an enterprise and across an enterprise to minimize its cost. “They are considered a cost minimizer not a benefit maximizer.”
Most participants of this research study believe that existing IT and EA governance frameworks do not cover SOA governance. Participant 11 claims, “TOGAF is inadequate in terms of what its framework can do because it does not deal with cross boundary issues. ITIL is too narrow but it is very good when it comes to change management.” For this, organizations need to use an SOA governance framework as well as IT governance framework. Participant 7 for example recommends the OSIMM model from the Open Group for assessing the maturity level. “It is always additional to the IT governance framework or other Enterprise Architecture frameworks which they use.” However, participant 19 claims that some organizations are using either ITIL or COBIT to govern SOA, but the success depends on how much effort they want to put into it. “This is because these frameworks are generic and the vendors’ frameworks have made a stab beyond that by making it more specific to their technologies”.
From that perspective, some participants see that IT governance frameworks are typically more mature than SOA governance frameworks. In some anomalous situations (e.g. systems integration tasks), some organizations have decided to take in more repeatable scalable type approach; therefore organizations have built themselves some methodology for SOA governance as stated by participants 4 and 6. Some participants also claim to build their own SOA governance framework either from scratch or around one of the vendors approach, while it is noted by all participants that none of the IT or SOA governance frameworks have been taken off the shelf. “They are used as frameworks to guide the things that we should be doing” according to participant 6.
Participant 8 expresses their beliefs about vendor-based SOA governance frameworks that “they tend to be very product centric and they are very much driven around; their stack is also aging; they are not keeping up with some of the newer trends that are very prevalent in the more of the open source tools”. Participant 8 adds, “They are also seen as a bit of a Novena”. They are seen as a great thing in principle, but their practices are very hard to achieve and even harder to maintain. Therefore, many of the services that tend to be developed around large organizations are duplicated.
In conclusion, it has been noted by many of the participants that the framework is not their objective; they rely on the years of expertise that people have. For example, participant 7 built their own SOA maturity roadmap against the OSIMM framework. Similarly, participants 4, 8, 9, 14 and 16 and 19 had to either customize vendor-based frameworks, built their own, or even do both.
4.3 Mechanisms Used to Select the Framework
Most of the participants interviewed agree that experience and communication are the main bases when selecting or building a governance framework. According to participant 5, discussion with the people who have the key decision in the organization is the mechanism used to select and customize the framework. While according to participants 6, 9 and 13, the knowledge of experts is the main mechanism, and the experience of the organization around formalization play an important role in studying the organizations’ position in terms of SOA. Similarly, some organizations choose their governance framework “because they selected a certain IT vendor for their SOA architecture and their SOA technical equipment” according to participant 19.
5 Conclusion and Future Work
Participants of this research agree that organizations misinterpret the role of SOA and SOA governance in the organization; however, it is noticeable that during the last few years, organizations started to see the implication of implementing IT governance, EA governance and SOA governance simultaneously.
None of the participants claims that the selected governance framework has ever been problematic or could be a source of failure for SOA implementation because there is always the opportunity to make modifications depending on the organizational needs and requirements. Most participants agree that SOA governance should be the responsibility of the governance board, and the decision-making mechanisms should be made outside the IT department considering IT advice and involvement. At the same time, careful thought should be given to who need to be involved in the decision-making.
As mentioned above, this paper focuses on the relationship between IT governance and SOA governance as seen by practitioners. Additionally, this research study will address the major aspects of the governance frameworks used in practice. Future work of Phase I will focus on the importance and practical usage of SOA governance aspects. When Phase I is completed, two organizations will be selected for Phase II – a field research study: one organization that has been successful with SOA governance and another one that attempted to implement SOA governance. This second phase will allow having direct, in-depth contact with organizational participants, particularly through interviews and direct observations of activities. Data collection in this phase relies on observing, listening to members, taking notes, getting involved sometimes, and running field interviews. Comparing and contrasting the results of the two phases will provide grounding for the development of substantive theoretical claims regarding the relationship between IT governance and SOA governance and the importance and role of the SOA governance aspects.
References
Weir, L.A., Bell, A.: Oracle SOA Governance 11g Implementation. Packt Publishing Ltd., Birmingham (2013)
Hojaji, F., Shirazi, M.R.A.: A design science approach to develop a new comprehensive SOA governance framework. Int. J. Manag. Inf. Technol. (IJMIT) 4, 33 (2012)
Hassanzadeh, A., Namdarian, L., Elahi, S.: Developing a framework for evaluating service oriented architecture governance (SOAG). Knowl.-Based Syst. 24, 716–730 (2011)
Grant, K., Hackney, R., Edgar, D.: Strategic Information Systems Management. Course Technology, Cengage Learning, Hampshire (2010)
Falkl, J., Laird, R.G., Kreger, H., Carrato, T.: IBM advantage for SOA governance standards. IBM developerWorks (2009)
ANAO: Corporate Governance in Commonwealth Authorities and Companies - Discussion Paper. Australian National Audit Office (1999)
ITGI: Control Objectives for Information and Related Technology (CoBIT) 4.1. IT Governance Institute (2007)
Weill, P., Ross, J.W.: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press, Cambridge (2004)
Simonsson, M., Johnson, P., Ekstedt, M.: The effect of IT governance maturity on IT governance performance. Inf. Syst. Manag. 27, 10–24 (2010)
Larrivee, B.: SOA: no governance needed. Or is it? AIIM E-DOC 21, 24–25 (2007)
Niemann, M., Janiesch, C., Repp, N., Steinmetz, R.: Challenges of governance approaches for service-oriented architectures. In: 3rd IEEE International Conference on Digital Ecosystems and Technologies, pp. 600–605 (2009)
Holley, K., Palistrant, J., Graham, S.: Effective SOA Governace. On Demand Business. IBM (2006)
Woolf, B.: Introduction to SOA governance. developerWorks (2006). http://www.ibm.com/developerworks/library/ar-servgov/
Jordan, E., Musson, D.: Corporate Governance and IT Governance: exploring the board’s perspective (2004)
Bloomberg, J.: SOA Governance: Reengineering IT Governance. ZapThink (2004)
Laningham, S.: What is SOA governance? A chat with SOA governance integration lead, Gil Long. Spotlight on IBM software solutions (2007). http://www.ibm.com/developerworks/podcast/spotlight/st-070307atxt.html
High, J.R., Krishnan, G., Sanchez, M.: Creating and maintaining coherency in loosely coupled systems. IBM Syst. J. 47, 357–376 (2008)
Luthria, H.: The organizational diffusion of service-oriented computing: investigating the realization of business value from service-oriented architectures. Ph.D. thesis - Information Systems, Technology and Management - The Australian School of Business. Doctor of Philosophy. University of New South Wales, Sydney Australia (2009)
Niemann, M., Eckert, J., Repp, N., Steinmetz, R.: Towards a generic governance model for service-oriented architectures. In: Americas Conference on Information Systems (AMCIS). AIS Electronic Library, Toronto (2008)
Bieberstein, N., Bose, S., Fiammante, M., Jones, K., Shah, R.: Service-Oriented Architecture (SOA) Compass: Business Value, Planning, and Enterprise Roadmap. IBM Press, Upper Saddle River (2006)
Josuttis, N.M.: SOA in Practice - The Art of Distributed System Design. O’Reilly Media, Sebastopol (2007)
Keen, M., Adamski, D., Basu, I., Chilcott, P., Eames, M., Endrei, M., Fagalde, B., Raszka, R., Seabury, S.D.: Implementing Technology to Support SOA Governance and Management. IBM Redbooks, Indianapolis (2007)
Ezzy, D.: Qualitative Analysis: Practice and Innovation. Allen & Unwin, Crows Nest (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Joukhadar, G., Rabhi, F. (2018). Relating SOA Governance to IT Governance and EA Governance. In: Beheshti, A., Hashmi, M., Dong, H., Zhang, W. (eds) Service Research and Innovation. ASSRI ASSRI 2015 2017. Lecture Notes in Business Information Processing, vol 234. Springer, Cham. https://doi.org/10.1007/978-3-319-76587-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-76587-7_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76586-0
Online ISBN: 978-3-319-76587-7
eBook Packages: Computer ScienceComputer Science (R0)