When you're focused on delivery, it can often be very easy to view governance and reporting as a form of torture implemented by inscrutable gnomes who confuse paperwork with delivery and impose unnecessary overhead simply to justify their existence. Ahem, just give me a moment to wipe the foam from my mouth... But in truth, some level of governance and record keeping is unavoidable in any organization – and I accepted that early on. However, the one question that I used to wonder about earlier on, even while seeing the value of reviews themselves is this: “Why do we even keep these records? Who is ever actually going to read the minutes of all these review sessions?”
And now, later on in my career, I've found the answer to that question – I'm the one reading the minutes of these review sessions. It turns out that when you're coming in to an organization and trying to understand the environment, there are several information sources that you can use. You can talk to subject matter experts; you can look at existing models, you can send out surveys, and so on. But there is still a problem with this, which is that it is unrealistic and, truthfully, unfair to rely on existing staff to know everything – especially for the niche applications that
Sometimes applications get forgotten – I worked on one public sector project where everyone forgot to mention the assistive text reader cloud service that supported their website. At least, until I mentioned it and everyone exclaimed “Oh yes!” At the same time, people may be aware of an application but have no recollection whatsoever who the vendor is, who the owner is or even what it does. For example, on the same project the mysterious entry Glamis (Anite) that no-one recognized turned out to be the liquor and gambling licensing application from the Capita company.
Likewise, relying on financial reports or trouble tickets to identify applications can have limits (finance departments generally care about vendors and trouble ticketing systems won’t mention systems where no tickets have been raised). Even application discovery is vulnerable to proper configuration – I recently saw a case where a leading discovery tool managed to report every DLL on every server but couldn't say what version of Windows was installed, a problem with configuration of the tool rather than the tool itself, but the end result was the same.
Fortunately, there is another potential information source, which is the governance logs that I previously mentioned. These might be minutes of project review meetings, they might be full-blown architectural reviews. Either way, they may mention not only applications, but the purpose of the applications. The further you go back, the more chances there are that the application in question is no longer in operation – but even here such entries have value. They highlight something that the organization at least used to do, which raises the question of whether the organization still performs this function, and if so, what application supports that function?
There may be pushback in giving you access to these logs, or you may need helping in simply finding them. It's important in this case to outline why you want the governance logs, not to second-guess decisions but simply to ensure information is complete. It's also important to identify which logs offer the greatest information. A conversation with the group responsible for governance will be useful here.
Governance is a fact of life in any organization of a significant size, but we can turn the requirement for governance and decision logging to our advantage. Governance logs can sometimes be an extremely useful additional source of information.