Investment in key IT assets requires good governance if the benefits to business are to be maximised. This is also true for investment in service orientated architecture (SOA). With more and more organisations recognising the potentitial of SOA and at least experimenting with, if not actually deploying it, governance is an important building block.

SOA is a distributed approach to architecture that crosses the lines between business and IT. It is created as a result of many independent projects that are resolving business and technical requirements. Each initiative must adhere to the organisation's preferred policies, standards and procedures. Many new demands are made in terms of the service lifecycle, technology standards, team roles, and resident skill sets. Consequently, successful SOA requires an effective governance and a strong control framework for delivering against its promise of reuse, agility and sharing of services.

SOA governance is about managing many layers of decision-rights. The process begins with setting objectives for the enterprise's SOA efforts. Process owners are set objectives in line with enterprise goals and are held responsible for managing the achievement of these across one or more business units (often in silos). Roles and responsibilities must be established for managed sets of services (e.g. customer information, order processing, or product analysis) and there must be a set of objectives to be achieved for common business requirements. Services must be produced with the required quality and they must adhere to a well-defined set of standards and policies in order to ensure ongoing operations, reduced integration costs and complexities, and manage regulatory compliance requirements, continuity arrangements and security exposures.

Implementing SOA is much more than establishing a SOA capability. It requires that adequate internal controls be designed into the services to meet regulatory requirements and other compliance requirements. It requires performance measures to be established to monitor the services and the achevement of business objectives. It is about defining a structure of relationships between various roles and processes to direct and control the enterprise's SOA efforts. It deals with the management and control of IT assets, people, proceses and infrastructures, as well as the manner in which the assets are managed and procured. Most importantly, it is about achieving organisational goals by adding value while managing risk.

Organisations should see their current IT governance efforts as the beginning of preparations for successful SOA in the longer term!