How to manage impacts of business regulations?

Why does Information System governance fail?

The existing IS architecture is often as complex as the figure below. Many IS functional and technical silos prevent the unified and clever IT governance. The IT department has huge difficulty to deliver reporting, traceability and extended processes as required by external business regulations like Sarbanes-Oxley, Solvency II, Basel 2... and usual agility needs. That problem stems from the scattering of master data and business rules inside silos. Too many duplications and IT code-approaches prevent for auditing master data and business rules.

Facing those many external business constraints and agility needs, companies mustn't wait to transform their existing IS in order to ensure and improve their business operations. The challenge is to go to the Active Enterprise Governance. This is a more dynamic and intensive governance that will improve the level of traceability and auditability of actual IS assets formed by master data and business rules.

The journey to the Active Enterprise Governance

That new approach of IS governance is not magic. Setting up that governance doesn't require a brutal overhaul of existing IS. Today, IT tools and the methodology to conduct a progressive transformation of the IS are available and mature. The objective is to attain a more sustainable system based on resilient master data referentials and business rules referentials. Without modifying existing systems, the externalization of some strategic master data and business rules into a Master Data Management (MDM) and a Business Rules Management System (BRMS) is possible.

Those MDM and BRMS referentials provide business users and IT specialists with a set of high-level governance features like the version management, the traceability and auditability, the permission management, the reference data approval workflow, etc. All those features are vitally important to succeed in integrating external business regulations like SOX, SolencyII, bale 2, etc. As you can see, the first stage for transforming existing IS doesn't rely on a reengineering of processes based on a Business Process Management (BPM). The first assets that companies must take over are their master data and business rules. Without a better knowledge and management of those IS assets it is impossible to improve the quality of systems in a sustainable way .

After obtaining of a better quality of master data and business rules, the objective of improving the quality of processes is more realistic. As the figure below shows it, the association of the three referentials (Master Data, Business Rules, and Processes) forms the concept of IS Assets Backbone (ISAB). Thanks to that backbone, all governance functions like reporting, traceability, extended processes... are significantly more resilient and easily built up.

Connected to the ISAB, a BAM (Business Activity Monitoring) can be easily added because all master data models, business rules and processes are already available in a unified view, via the three referentials. Without the ISAB, the BAM faces huge difficulties to get information needed because data and rules are scattered into many functional and technical silos. Thanks to ISAB, the BAM is used in a more resilient approach and delivers dynamic reporting by supervising active events mapped to the ISAB's referentials.

That figure shows the IS Assets Backbone (ISAB) relying on the three IS referentials (master data, business rules and processes).

Tip of the top: firstly you must model your master data, based on a Common Information Model, and then build up a MDM tool in order to unify you reference data. Thanks to that first stage you already get significant gains to succeed in integrating external business regulations and agility needs. Secondly, you must extract, in a progressive way, strategic rules that are locked in your silos and put them back into the BRMS tool. Then the BRMS interacts with the MDM in order to ensure that rules use unified reference data. At that stage, your company is not compelled to overhaul existing assets. The traceability and auditability are attained even if the refactoring is not yet launched. Obviously, a progressive overhaul of some parts of existing systems may be relevent to improve the agility but it depends of your context.

After mastering MDM and BRMS, it is pretty easy to add BPM. In the same time, introducing a BAM is very relevant to get dynamic reporting, based on MDM and BRMS referentials, and later also based on BPM referential.

A progressive IS transformation is possible. The method to conduct the first stage relying on the MDM is defined by the MAG's procedures modelling freely downloable. The other principles describe here are studied via the sister community S-IT-A (Sustainable IT Architecture).