Misconceptions about governance - part 4

Our final look into some common misconceptions regarding software governance.

I use registries, so I don’t need governance
Perhaps the easiest one to explain. Registries are not governance, and it’s really that simple. In this case the old adage applies very well: "garbage in, garbage out" and, unless you are convinced your checked-in code is perfect, then your registry/repository is a landfill for software glitches and flaws.

Defining policies is risky
An understandable fear. In a worst-case scenario, a poorly thought-out policy can have serious negative consequences. Therefore, understanding the impact of a policy before making it operational should itself be a policy.

Run a business impact simulation against the existing artifacts, services, projects, systems, etc. before making a decision on policy changes and you’ll find out it’s much less risky than you think.

Architects and tech managers are too busy for another process
With such large responsibilities, there is little time for manual execution of policy enforcement. Automated governance allows your best tech people to focus on strategic initiatives, rather than eyeballing code.