From Rulebook Management to Business Governance: Where Business Rules Fit

Ronald G.  Ross
Ronald G. Ross Co-Founder & Principal, Business Rule Solutions, LLC , Executive Editor, Business Rules Journal and Co-Chair, Building Business Capability (BBC) Read Author Bio       || Read All Articles by Ronald G. Ross
Excerpted from Chapter 3, Business Rule Concepts:  Getting to the Point of Knowledge (Third Edition), by Ronald G. Ross (August 2009). ISBN 0-941049-07-8

Say "governance" and many people immediately think IT governance, or sometimes data governance.  Governance has been bandied about so much that its meaning has become clouded and trivialized.  That's unfortunate, because the true meaning of governance is actually straightforward.  And that true meaning has everything to do with meeting today's business challenges.

So bear with me while I do a little refresher on the meaning of 'governance'.  You may be surprised at what pops out!  Here's how governance is defined in the Merriam-Webster Unabridged Dictionary (MWUD — emphasis added):

Governance ...

1: the act or process of governing.
2a: the office, power, or function of governing
2b: controlling or directing influence : AUTHORITY
3: the state of being governed
4a: the manner or method of governing : conduct of office
4b [obsolete]
5: a system of governing

So 'governance' implies the process, function, manner, or method, or system of governing.  It also implies authority or the state of being governed.  Since most of the definitions reference "governing," let's also examine govern in MWUD (emphasis added).  Note how prominently 'rule' and 'policy' appear in these definitions.

Govern ...

transitive verb:
1a: to exercise arbitrarily or by established rules continuous sovereign authority over; especially: to control and direct the making and administration of policy in

3a: to control, direct, or strongly influence the actions and conduct of (as a person or a group)

intransitive verb: 
1: to prevail or have decisive influence : CONTROL

2: to exercise authority: perform the functions of government especially in the making and execution of policy

At the risk of saying the obvious, note that the definitions do not say anything about IT, data, or anything similar.  For that matter, they don't even mention processes(!).  The definitions do, however, have everything to do with business rules.  To demonstrate, take a quick look at the seminal definition of 'business rule' from the original GUIDE Report[1] in 1995.  Note the key words 'control' and 'influence'.

Business Rule ...

a statement that defines or constrains some aspect of the business … [which is] intended to assert business structure, or to control or influence the behavior of the business

The newer definition of 'business rule' in SBVR[2] is based on the following definition of rule from the Oxford Dictionary of English.  Note the pivotal place of governing.

Rule ...

one of a set of explicit or understood regulations or principles governing conduct or procedure within a particular area of activity … a law or principle that operates within a particular sphere of knowledge, describing, or prescribing what is possible or allowable

Here is my point.  Business rules and governance are inherently and inextricably linked.  The better your company gets at business rules, the better (smarter) it can become at the nuts and bolts of governance.  Simple as that.  And absolutely as critical as that in a volatile, rapidly changing, and ever more complex (and regulated) world!

What Business Governance Is and How Rulebook Management Relates to It

So what do we mean by business governance?  A key phrase in the definition of govern is:  "… the making and administration of policy in."  Central to the activity of governing then are:

  • How policy and rules are created ("made").

  • How policy and rules are deployed (managed, distributed, and monitored) within the actual day-to-day operations of the business ("administration").

Accordingly, our definition for business governance is:

Business Governance ...

a process, organizational function, set of techniques, and systematic approach for creating and deploying policy and business rules into day-to-day business operations

The effectiveness of business governance clearly hinges on the ability to deploy policy and business rules effectively.  Such deployment should be timely, effective, selective, pervasive, traceable, repeatable, and retractable. We also want the activity to be transparent and to be able to hold accountable those parties responsible for specific actions.

For effective deployment, all four aspects mentioned above — a process, organizational function, set of techniques, and systematic approach — are essential.  Given the complexity of the activity, however, the one perhaps most basic is simply having a systematic approach.

That's where business rules management — rulebook management — comes to play.  A rulebook is the collection of business rules for the business (or some area within it), along with the terms and definitions — that is, the business vocabulary — that support them.  A systematic approach that will scale requires special tooling. We call the kind of automated, specialized, business-level platform your company needs to manage its business rules a general rulebook system (GRBS).  As discussed in last month's column, the purpose of a GRBS is to record, develop, and coordinate business rules, but not 'execute' them per se.  Think of a GRBS as more or less the counterpart of a general ledger system, except that the GRBS is for business rules.

In the context of business governance, a GRBS plays another critical role:  knowledge retention.  You will lose workers.  Staff will be downsized or outsourced; your baby boomers will retire; your most critical subject matter expert will win the lottery.  If your business rules have not been retained and managed, how do you regain the lost knowledge?  One approach is to try to mine business rules from legacy code (not a fun prospect!).  The alternative is either reengineering the business systems from scratch or replacing them with expensive (and often painful) deployments of packaged software.  Far better — just don't lose the business rules in the first place!

So job one in moving toward smarter governance is simply gearing up for a general rulebook system (GRBS).  That gives you your systematic approach.  Then you can start talking seriously about re-engineering the process of business governance.

Re-Engineering the Governance Process

Yes, Virginia, there is a governance process.  Unfortunately, in many companies today the as-is governance process is ad hoc, ragged, and effectively broken.  That just won't do, given the complexity, rate of change, and knowledge-intensity of doing business in today's high-tech, globally-connected world.  Thinking in the large, how to fix the nuts-and-bolts of the governance process in a highly pragmatic fashion is the most fundamental insight and value-add of the business rules paradigm.

The governance process involves a series of actions and checkpoints (i.e., a workflow) indicating who should be doing what, and when, with respect to deploying policy and business rules.  The scope of the governance process includes, but is not limited to:

  • Developing internal business policies.
  • Evaluating relevant laws, regulations, contracts, agreements, etc.
  • Tracing interpretations for both the above.
  • Performing reviews.
  • Resolving conflicts.
  • Coordinating sign-offs.
  • Performing impact assessments.
  • Coordinating business roll-out (deployment) of new or modified business rules.
  • Ensuring the correctness of system-level deployments from the business perspective.
  • Assessing when to retract or retire business rules.

A re-engineered governance process should view the workflow from beginning-to-end, encompassing all seven of these tasks:

The Seven Steps of the Governance Process

  1. Assess/review business influences.

  2. Create/refine business strategy.

  3. Develop operational business rules.

  4. Assess/simulate impact.

  5. Deploy business rules.

  6. Monitor performance.

  7. Revise/retire business rules.



Note the starting points in tasks 1 and 2.  These have to do with injecting structured, documented business strategy into the governance process.  Can strategy really be structured and effectively documented?  Absolutely.  Applied use was reported for business projects as early as 1998.[3]  There is now a standard for the area, The Business Motivation Model.[4]

Who should have responsibility for the governance process?  Processes need engineering (or more commonly, re-engineering) and for that you need engineers.  The governance process specifically needs engineers specializing in governance — governance engineers.  What goals should they have?  All the items in Table 1.  Ultimately, this is what rulebook management is all about.

Table 1. Goals for Governance Engineers.

Fiduciary Responsibilities Support.  Demonstrate compliance by officers of the organization with their fiduciary responsibilities.

Risk Management.  Enable more effective, timely, and focused management of risks by monitoring performance around critical items of business policy and strategy.

Liability Management.  Reduce or eliminate legal and financial liabilities due to non-compliance with contractual obligations and statutory responsibilities.

Quality Assurance.  Ensure consistency in business behavior, and appropriate interactions with external stakeholders.

Regulatory Compliance.  Ensure conformance with external regulation.

Agility.  Ensure timely and coordinated deployment of changes in business policy and strategy.

Knowledge Retention.  Ensure that specialized know-how, basic business intellectual property (IP), and core competencies are captured and managed explicitly, so that survivability and sustainability are less dependent on individual workers and their tacit knowledge.

Accountability.  Ensure clear lines of responsibility for interpretations and deployments of business policy and regulation into day-to-day operations.

Transparency.  Ensure that business activity subject to external regulation is conducted in a manner that can be fully audited.


[1]  Business Rules Group, Defining Business Rules ~ What Are They Really? 4th ed., July 2002.  Originally published as the GUIDE Business Rules Project Report, 1995.  Available at  Emphasis added. return to article

[2] Semantics of Business Vocabularies and Business Rules (SBVR) is a groundbreaking standard officially released in December, 2007 by the Object Management Group (OMG).  For background on SBVR, refer to Ross, Ronald G.  [March 2008].  "The Emergence of SBVR and the True Meaning of 'Semantics':  Why You Should Care (a Lot!) ~ Part 1," Business Rules Journal, Vol. 9, No. 3.  URL: return to article

[3]  Gladys S.W. Lam, "Business Knowledge — Packaged in a Policy Charter:  Policy Charter as a Deliverable."  DataToKnowledge Newsletter, Vol. 26, No. 3 (May/June 1998).  URL: return to article

[4]  Business Rules Group, The Business Motivation Model ~ Business Governance in a Volatile World. 1.3 ed., Sept. 2007.  Originally published as Organizing Business Plans ~ The Standard Model for Business Rule Motivation, Nov. 2000.  Available from  Adopted as a standard of the Object Management Group (OMG) in 2007. return to article

# # #

Standard citation for this article:

citations icon
Ronald G. Ross, "From Rulebook Management to Business Governance: Where Business Rules Fit" Business Rules Journal, Vol. 10, No. 10, (Oct. 2009)

About our Contributor:

Ronald  G. Ross
Ronald G. Ross Co-Founder & Principal, Business Rule Solutions, LLC , Executive Editor, Business Rules Journal and Co-Chair, Building Business Capability (BBC)

Ronald G. Ross is Principal and Co-Founder of Business Rule Solutions, LLC, where he actively develops and applies the BRS Methodology including RuleSpeak®, DecisionSpeak and TableSpeak.

Ron is recognized internationally as the "father of business rules." He is the author of ten professional books including the groundbreaking first book on business rules The Business Rule Book in 1994. His newest are:

Ron serves as Executive Editor of and its flagship publication, Business Rules Journal. He is a sought-after speaker at conferences world-wide. More than 50,000 people have heard him speak; many more have attended his seminars and read his books.

Ron has served as Chair of the annual International Business Rules & Decisions Forum conference since 1997, now part of the Building Business Capability (BBC) conference where he serves as Co-Chair. He was a charter member of the Business Rules Group (BRG) in the 1980s, and an editor of its Business Motivation Model (BMM) standard and the Business Rules Manifesto. He is active in OMG standards development, with core involvement in SBVR.

Ron holds a BA from Rice University and an MS in information science from Illinois Institute of Technology. Find Ron's blog on For more information about Ron visit Tweets: @Ronald_G_Ross

Read All Articles by Ronald G. Ross

Online Interactive Training Series

In response to a great many requests, Business Rule Solutions now offers at-a-distance learning options. No travel, no backlogs, no hassles. Same great instructors, but with schedules, content and pricing designed to meet the special needs of busy professionals.