Determining if Configuration Management and Change Control are Under Management Control – Part 2
Categories: CMsights, CMstat, Configuration Management
The Case for Configuration Governance:
Across the A&D industry increasing attention is being demanded from executives by a growing list of governance concerns. This list include matters of financial governance, legal governance, regulatory compliance governance, ITAR and controlled goods governance, human resource governance, and now even social responsibility governance. All of these issues are perceived to contribute risk to the business enterprise if they are not adequately addressed by effective governance policies.
Understandably, this can be disheartening to the engineering organization because so few of these governance functions are directly related to the products designed, manufactured, and serviced by the business. It’s not uncommon that the groups responsible for all of these governance functions collectively consume more headcount than the program offices or even product engineering groups. Managers are often directed from above to fund these governance activities, even when they may reduce the investment available for new product development that eventually becomes the profit source which supports governance efforts.
One explanation for this is that the legal risks and potential costs of failing to satisfy all of the corporate governance burdens have been well-defined and articulated by a swarm of auditors, attorneys, actuaries, litigators, regulators, and the consultants who support them. These professionals have earned the mindshare of the executive office suite by asking the right questions which give definition and bring clarity to risks from the “known unknowns”. And they have done so in a way that makes a compelling case demanding of executive oversight and budget allocation.
So why isn’t governance over the product, and specifically product configuration data management, equally deserving of management’s attention and funding?
The likely answer is that the professionals who perform the configuration management function – and those downstream who use or repurpose the configuration-dependent product data that others produce – are fully consumed with their technical tasks working from the bottom-up. They don’t have time to think about or better frame from the top-down their value to the enterprise in terms of risk mitigation and cost abatement. That’s understandable as they often spend so much time answering the change control question du jour that they have little time left over to worry about governance matters.
One of the observations that we at CMstat have noted from working within the A&D industry over the past two decades is the far greater value of helping our customers to formulate the right questions compared to providing one-size-fits-all answers. We have witnessed that the army of auditors, lawyers, and regulators who drive up investment in corporate governance functions are masterful at posing the right questions. What can CM professionals learn from this that elevates the importance of the CM function to justify increased product data governance and funding?
In our November CMsights post we shared one very prominent example of what can go wrong when operational management does not comprehend that they have a problem in configuration management. In the case cited, a failure likely occurred in real-time visibility to the status accounting of the as-deployed configuration of aircraft, on-board equipment, weaponry, mission objectives, and crew training within a complex system-of-systems consisting of hard and soft assets. The result was the deadliest friendly-fire accident of the war.
In the next CMsights post in this three-part series we will share the specific questions we recommend that our customers ask of themselves to assess if configuration management and change control are truly under management control. Through the process of asking these questions and dissecting the answers they will ascertain how important the function of Product Data Configuration Governance should be to the larger enterprise.
Until then tell us what you think:
We’ll share the results in our next CMsights post.
To follow this series subscribe to CMsights by filling out the Subscribe form at the top of the right channel of this page.