One of the most overused and irritating terms being bandied around by consultants and middle management before and during this pandemic is governance. Normally, whenever someone utters the word in a meeting, such as “We need to implement better governance on this [failing] programme/system/initiative”, everyone else will nod gravely, desperately avoid eye contact, and change the subject as quickly as possible. This is not because they think it is a good OR bad idea; they generally have no idea what it really means.
To be fair, like most over-used buzzwords (such as Focus, Synergy, Service, or Excellence) it has many meanings depending on context and also the ignorance of the speaker. It is unlikely that the average middle mangler has the lucidity and precision of Stephen Fry to ensure that it is the correct usage of the term, so I will try to give some direction.
Governance, in general, is about having standards and processes that ensure people do the right things for the right reasons at the right time, AND can prove it. And that’s all, folks. Simples innit?
We are talking here specifically about IT governance, not corporate, governmental, or global governance. Of course, IT governance should be a subset of corporate governance standards and processes, but I have rarely found a direct correlation between the two. The governance of governance within organisations is inevitably poor and has even spawned its own sub-genre of meta-governance. This hasn’t really worked so maybe we’ll soon be trying meta-meta-governance, rather than just doing betta-governance.
However, although this explains what governance is, it doesn’t explain why we have to do it or how we can make it so. The reason why IT has to do governance is that the corporate governance function has epically failed. In days of yore, IT was treated as a black box that delivered expensive but essential support services to the operation of the business. As organisations became more dependent on IT not only to automate manual tasks and make fancy calculations, but also to keep their key processes running, the black box became a large and worrying single point of failure that could (and did) bring down a business. In addition, as IT accreted responsibility for how processes were carried out, it became a disabler of innovation and agility. (Stand up ERPs. Other technologies are also guilty)
As executives started to realise that the risks with IT were not confined to the spotty swots in the basement, they demanded that IT experience the expense and pain that the rest of the business was enduring and embrace governance. Of course, this being IT we have found ways of increasing the complexity of the framework and standards for doing the right things for the right reasons. This led to project governance being spun off as a specific discipline (see a future blog on the Project Management Oriface) for pointing the finger more effectively when the IT-driven programme implodes, as it will inevitably still do. We also have had an explosion of steering committees, review boards and stakeholder groups, which anyone from the public sector will recognise as Quangos (Quasi-Autonomous Non-Governance Organisations).
One of the central tenets of good governance is accountability. However, on a recent large struggling programme I worked on, the combined governance structure incorporated about a dozen committees/boards/groups comprising over a hundred senior managers and execs. This outnumbered the number of staff working on the programme and allowed the in-duh-viduals ‘responsible’ for governance to escape any personal stake or risk in the failure of the programme. Blame still fell squarely on the programme team beavering away at delivering the impossible to the coalition of the unwilling.
So, having sounded off about what governance isn’t, how do we do IT governance properly? First of all, Keep It Simple, Stupid. The objectives and measures for the programme need to be clear and concise. Secondly, everyone in the chain of command above and around the programme must have some skin in the game, preferably the wrinkly stuff containing their plums. Unless they can only win through the success of the programme, their behaviour will be unpredictable at best, typically apathetic and sometimes hostile. Thirdly, you need a cross between Jiminy Cricket and an American Customs Officer to provide not only a nagging conscience for the programme that asks the difficult questions, but also puts the latex gloves on if they try to be evasive.
If you get these three things in place, governance happens, and you do it rather than it doing you. And it won’t be as painful to sit down afterwards.
John “Governator” Moe
Recycled Bullsh-IT 
Leave a comment