What is Governance?
For the purpose of this blog post, governance is considered as the mechanism of control within an organisation or team. When done right, it should accurately represent the business, it’s people, it’s attitude to risk and the regulatory environment in which it operates.
IT Governance should consider more than just a forward schedule of change to be relevant to the enterprise. It ensures competing business factors are aligned and are reflected in IT decision making.
Okay, but what does IT governance look like?
Is the right question to ask when considering how to implement a governance framework. The answer will depend upon many factors, primarily, those outlined in the Venn diagram above. To be relevant, all governance processes should roll-up to a consistent set of enterprise level principles.
There are many areas of governance just within IT, let alone the enterprise as a whole.
There are a few frameworks around for IT governance, the most prolific being ITIL, that encompass all of these and more.
What type of organisation are you?
All companies govern their IT. However, as already discussed, the approach to governance will be influenced by culture, business model and operating environment. Enterprise principles must account for operating environment and declare the requirement to comply with relevant laws and regulations, such as GDPR.
More creative industries, e.g. digital and social media, are less likely to be constrained by regulation, but will still have governance, to ensure consistent branding, for example.
The recent Facebook data scandal is an example of where government regulators need to catch-up with and influence governance within the enterprise.
How do we implement Governance?
Once you have established all of the above and decided what kind of organisation you are, understand your operating environment and have your enterprise principles defined, you are ready to consider the who, what and the how…
Embrace the RACI
A good RACI is essential to any governance process. Use it to recognise your best people for what they do best and build a process that supports them. Good governance empowers individuals to make good choices, while providing suitable checks and balances to ensure their decisions and actions do not conflict with enterprise principles.
“To summarise: It is a well-known fact that those people who most want to rule people are, ipso facto, those least suited to do it. To summarise the summary: anyone who is capable of getting themselves made President should on no account be allowed to do the job.” Douglas Adams
Once again, understanding organisational culture is key to making this work. Governance can be used to mitigate blame, or to reinforce it…
Not all projects are equal in scope, so why would we apply the same level of governance to all projects? Perhaps your organisation can apply a criteria-based approach to problem classification, to streamline, or even dispense, some of the early business case approval gates for projects that qualify? KPIs can offer some clues here, how much of the R&D budget is spent on red tape?
IT Governance is a serious business and getting it wrong can have serious consequences. Loose governance may not just cost you a hefty fine, it could impact the safety, security and freedom of your staff, customers and the wider public.
Getting it right starts with building the right culture, filled with people doing the right things because they understand the enterprise principles and business objectives. Good governance should be an active safeguard that reflects your culture, supports your people and actively balances profit with risk, it’s not an arbitrary audit point that is only useful in the event of a compliance breach.