Most early SOA adopters, including five of this year’s CIO 100 honorees, understand the value of governance, but they also realize that they won’t have all the answers to governance issues up front—and that’s OK. "It doesn’t have to be tremendous progress, as long as it’s steady," Bartell says. What’s more important, he adds, is that he has established a single SOA governance strategy for the organization for the future. "All capital projects going forward are under SOA, as well as any end-of-life systems," he says.

Governance Begins with Process

Most SOA efforts start with the same governance approach: A joint business-IT group is formed to understand the key business processes, create the services that deliver them and enforce the proper use of the underlying architecture. All five CIO 100 honorees involved with SOA efforts—the FFIEC, Hygeia, ING Group, KnowledgeBase Marketing and MoneyGram International—imposed that type of governance at the very beginning.

In the project that garnered its CIO 100 honor, the FFIEC deployed several services for accepting and managing the quarterly financial statements of all FDIC-insured institutions, termed "call reports." This information is shared and analyzed by the three FFIEC agencies, all of which have different systems with different business processes and data standards. By working jointly, these agencies are defining common business processes such as managing reported financial statement information. The agencies build composite applications from these services that all can share, which reduces duplicative and conflicting application efforts, as well as analysis errors across the organizations. And by having a central architectural review board, they can ensure that all new and redeveloped applications conform to the SOA.

Financial services provider ING Group took the same approach in its CIO 100–winning effort. A centralized architectural group helps identify common, shareable processes among its six lines of business, part of a consolidation effort among its many business units, notes Michael Vincent, general manager of corporate operations and information services. Once the business processes are identified, IT develops services to execute them consistently in all business units. "We have a strong reusability drive," says Vincent. "The idea is to create building blocks."

For example, ING found that it could use common services for about 70 percent of its European mortgage-processing application components, saving about $20 million in future development costs. (The other application components are country-specific, but the SOA approach lets them interact with the common services.)

The goal of SOA governance isn’t merely efficiency and reuse, however; it can also be a powerful tool for business process improvement. At CIO 100 honoree Money¿Gram, a payments processor, Executive VP and CIO David Albright has created an architectural review board that seeks processes that are candidates for the SOA. If the group finds several variants of an important process inside different areas of the company, it will service-enable the one agreed to be the best so that the entire company benefits from the best practice. MoneyGram’s first SOA-based component is a reusable service that initiates payment transfers. The service integrates with Money¿Gram’s CIO 100–winning project, called AgentConnect, that lets independent agents initiate various payment services managed through MoneyGram’s payments engine, with a more modular set of applications that allow easier deployment and simpler integration with agents’ point-of-sale systems.