I've been at an IBM BPM & ODM Analyst Summit and was agreeably pleased by the emphasis on 'governance' throughout. I'm not allowed to talk about IBM's road map for BPM/ODM (Business Process Management / Operational Decision Management - ODM is what IBM now calls business rules management), although I expect big things from it, but one of the other messages was that organisations are increasingly expected to be able to show that they are in full and transparent control of what they're doing. Automation with BPM/ODM (PDF document) is an effective way of achieving this.

This is underlined by an IBM customer that reported it had introduced BPM after three of its distribution centres were shut down by the government. Apparently, illegal quantities of its products were being distributed by third parties and the government thought that the company, which had nothing to do with the illegal distribution itself, should have noticed the corresponding patterns of warehouse distribution and done something about it, pro-actively. Well, now it can and is back in operation - and, equally importantly, it now achieves further business returns from being in better control of its supply chain by (for example) being able to formalise the business rules for pricing its products in new markets.

The company concerned wants to remain anonymous, of course - which, in my opinion, is itself a bit of a governance issue. Surely, this company can now gain competitive advantage from demonstrating that it has addressed its governance issues; something its competitors may not be able to do? Good governance is transparent governance - and I take the view that what you don't know, or what people won't talk about, is at least as likely to give you an unpleasant as a pleasant surprise when you do find out about it (often after some very public failure). While governance failures and successful governance initiatives are treated as something to be kept secret there is the possibility that people are being encouraged to think that "no news is good news", whereas the opposite is probably the case; because if something is hidden, there's no incentive to improve it. I once worked for a bank which refused, in the interests of its reputation, to admit that it had ever experienced successful fraud, for example. From my position in Internal Control, I knew that this was untrue - and it made it very difficult to introduce much-needed governance and security improvements, because employees were actively encouraged to believe that there were no problems with the status quo and therefore no reason to change it.

I'm certainly not suggesting that everyone should factor in being shut down without warning by the government as a business risk - not unless a risk/threat analysis shows this to be a possibility, anyway - but this does underline that the authorities do, quite reasonably, expect businesses to manage or govern their processes and supply chain these days; and that businesses will, in turn, expect IT to help them do this. This is an issue extending well outside of the traditional governance/audit of computer programs to process governance generally (look also at the section in this Bloor report (PDF document) on Sybase's Power Designer, about the importance of data models for Solvency II compliance). This really means that BPM/ODM (and its associated business process modelling and visualisation) is one of the technologies an organisation needs to be able to deploy these days, in order to support "process improvement" in the governance area.