P. Soffer and E. Proper (Eds.): CAiSE Forum 2010, LNBIP 72, pp. 44–59, 2010. © Springer-Verlag Berlin Heidelberg 2010 Foundations of a Reference Model for SOA Governance Christian Ott 1 , Axel Korthaus 2 , Tilo Böhmann 3 , Michael Rosemann 2 , and Helmut Krcmar 1 1 Technische Universität München, Lehrstuhl für Wirtschaftsinformatik, München, Germany 2 Queensland University of Technology, Business Process Management, Brisbane, Australia 3 ISS International Business School of Service Management, Hamburg, Germany christian@coonet.de, axel.korthaus@qut.edu.au, boehmann@iss-hamburg.de, m.rosemann@qut.edu.au, krcmar@in.tum.de Abstract. Although the lack of elaborate governance mechanisms is often seen as the main reason for failures of SOA projects, SOA governance is still very low in maturity. In this paper, we follow a design science approach to address this drawback by presenting a framework that can guide organisations in implementing a governance approach for SOA more successfully. We have reviewed the highly advanced IT governance frameworks Cobit and ITIL and mapped them to the SOA domain. The resulting blueprint for a SOA governance framework was refined based on a detailed literature review, expert interviews and a practical application in a government organisation. The proposed framework stresses the need for business representatives to get involved in SOA decisions and to define benefits ownership for services. Keywords: Service-Oriented Architecture (SOA), SOA governance. 1 Introduction Governance has been seen as one of the key success factors of IT for many years and enterprises currently invest considerable resources into the implementation of IT governance frameworks such as Cobit [1, 2]. In their seminal work, [3] define IT governance as the process of “specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT.” The purpose of such a decision rights and accountability framework is to address the three basic questions of IT governance: “What decisions must be made to ensure effective management and use of IT?”, “Who should make this decisions?” and “How will these decisions be made and monitored?” [3]. Many enterprises presently face the challenge of developing adequate governance mechanisms for Service-Oriented Architectures (SOAs), which introduce new complexities due to the amount of services to be managed [4]. The SOA paradigm has become widespread and is often considered an important concept to drive the evolution towards an IT architecture focusing on business processes, flexibility and reuse [5, 6, 7]. Moreover, some proponents envision that organisations will begin to open up their architecture to their business ecosystem, i.e. their network of customers, suppliers and even competitors,