This is a follow post to my last blog post, Eight Tips for Long-Term Success with your BPMS, taking a deeper look at one of the tips within.
In it, I wrote:
Tip #8: Implement automated governance to watch code quality. A good automated governance solution will match code against design/development guidelines and prevent it from being checked into the rulebase if it doesn’t meet those guidelines. In addition, creation of reports and an easy-to-use dashboard/portal can host a wide variety of reports to help ensure quality code is being delivered within your tool. Evolve this over time as design/code reviews, and multiple iterations begin to show you where there are gaps.
To which David Brakoniecki (@dajb2) commented:
This is a great list of BPM implementation tips but I am intrigued by #8. Can you expand on this point?
By automated governance, I seems like you have rules that do static analysis of the code quality inside the tool. Is this a feature built into Pega or have you written a custom framework to deliver this functionality?
I responded to his comment, and answered the Pega specific question there on that post, but I’d like to take the conversation one step further here.
Just what does the term “Automated Governance” mean?
In this sense, I’m referring to automating, as much as possible, the governance process that ensures the quality of the deliverables within your implementation.
Just what should this governance process entail?
Your governance process should entail all of the following, even if it’s being done as a manual effort, for now:
- Checks that Enterprise & Area standards are being followed
- Checks that the BPMS vendor guardrails are being followed
- Checks that your methodology/process is being followed, including documentation
- Checks against design/development coding standards are being followed
- Checks for proper error/exception handling are in place, especially for integrations
- Checks for proper security & access models are followed and monitored
- Checks for performance risks
- Checks for proper code documentation, naming standards
- Checks for placement of code for best reusability
- Ability to update/report/search asset library to enable reusability
- Proper metrics/reporting by User for accountability purposes
If you aren’t doing one or any of these currently, implementing such governance can go a long way to ensuring long term success and quality of the applications being delivered within your BPMS. Once the process is in place, you can hopefully start implementing tools and additional software, generally within the BPMS tool itself to automate reporting and monitoring for these items.
How to Automate?
A good BPMS product will already have some out-of-the-box tools and reports that should help you get started, add to those with your own to help complete the picture. The best way to automate your governance is to prevent bad code and ensure guardrail compliance automatically at development time. You’re implementing software within another software tool, enhance it to aid in preventing non-compliance to defined best practices! For the scenarios you can’t prevent, at a minimum ensure that you can report on them to follow up, and look for trends on your reports that are improving over time.
For example, within Pegasystems PRPC BPM solution, there are several OOB reports I leverage, and I use the tool itself to build the additional things I need.
These include:
- Enhancing the OOB Preflight report to provide username
- Creation of a custom Rule-Portal instance and related gadgets for an “Automated Governance” Reporting Dashboard
- Developer productivity reports
- Rule Volatility Reports
- Use custom rule errors that are checked when rules are saved during development, to reject the changes when they break your gaurdrails
- Addition of custom rule warnings that are checked when rules are saved, these warnings show up on the Preflight report
- Reports on what users are creating the most warnings in the last 7 days and last 4 weeks for trending purposes
- Reports on overall warnings over the last 90 days for trending purposes
- Ability to find warnings by type, severity and aggregate as needed
- Ability to tie opportunities for improvement back to individual users
- Ability approve creation/check in of certain rule types for tighter control
- Enhanced reports regarding OOB rules that have been customized by the client
- Reports to track the same rule being modified by parallel initiatives
- Custom reports that interrogate the code base for more complex risk patterns
I recommend creating a specific dashboard/portal managers can log in to to run the reports on-demand, and we’re currently discussing what their needs/desires are to have certain key reports automatically generated, attached to an email, and sent to the managers without the need for them to manually login.
The Key to All of This: Accountability!
You might notice many of the reports ultimately tie back to the individual users/developers. This is key. Nobody likes being singled out, and generally, nobody likes to be the bad guy singling other people out either, BUT without accountability, the quality of your application code and ability to reuse it properly will be mediocre at best. For proper excellence, you MUST hold people accountable for their actions (or lack thereof). At the end of the day we have human beings typing things into a keyboard that ultimately form the code that runs your application. The same code that will continuously be built on top on for years to come as you add features, make improvements, and expand your user base.
Use the report findings as teaching moments to educate the team members who are consistently showing up on the reports. Or, perhaps in a multi-team environment, you might notice the issue stems from a single team, perhaps that’s an opportunity to talk with the senior designer/developer on that team that may or may not be making recommendations to other team members, or perhaps there’s a gap the process somewhere and a need for a better checklist in a design or code review.
Implemented correctly, and following up on report results in a consistent manner should result in two trends:
- Quality & Reusability of code increases
- Dings on the Reports decrease
BPM with Integrity 