Governance is the activity of coordinating resources to achieve collective goals through collaboration. You govern to effect changes in organizational behavior to achieve positive outcomes. Governance doesn’t have to be difficult or mysterious. Its easy, effective, and it can solve a lot of organizational problems that have eluded solution for many years.
Here are a few easy steps to Smart Governance. If you follow these steps, you will have a Smart Governance program that will be open, transparent, accountable, and able to learn quickly from its own mistakes. Governance is a system whose goal is to serve the needs of its users.
It doesn’t matter who is doing the governing. If there isn’t a systemic approach with Audit at the center, and information flowing evenly to many parties, you will have corruption. And left to itself over time, that kind of Governance will be unpopular. Make sure that doesn’t happen to you.
Six Easy Steps to Smart Governance:
1. Set Your Goals:
Governance is a means, not an end. You govern to achieve collective goals. So define them up front:
Sustainable Goals are the goals the program is founded to achieve. They should be specific and focused, and every governance metric, decision, policy, and outcome should be compared to the program’s sustainable goals.
Situational Goals are policy-specific goals that support the Sustainable goals. You might have a business process failure that is impacting data quality that requires new solutions.
2. Define Your Metrics:
You can’t make effective policy decisions without facts demonstrating why change is needed. So define what you are going to measure to collect facts that illustrate dysfunction. Those facts form your “business case” for each change. To measure Data Quality, you may need to monitor data processing steps, track business and IT process failures, and benchmark the impact of systemic failures on data delivery. But be aware, measuring itself will change organizational behavior. There is a need to be calibrate policies to the goals of your program and the situational goals of each policy. And they need to be re-examined on a regular basis. Each problem your metrics reveal will require some governance policy. How you make those policies is the next phase of the process.
3. Make Your decisions:
What matters is why the solution was needed (facts), who was included in the decision, and how the decision was made. Few organizations devote any time to systemically recording their decision-making process, but it is critically important. Everyone makes mistakes. You can’t possibly learn from them if you don’t keep track of how they were made. Governance is no exception. Every decision is a policy. Doesn’t matter if one person decides or an army. It is still a policy. It may work a little or a lot.
To determine why, you need comparable metrics over the decision-making process. Sometimes, you have a simple problem in one department and a data steward can update a glossary definition, change reference data, or define a new BI report. Other times, you need to change business processes, deploy new software, sell a new data architecture to the organization. In every case, a decision needs to be made. Who participates in the decision, how the metrics were used to justify the decision, and how the information was analyzed are all important KPI’s (Key Performance Indicators). Journal them. Get good at matching the decision-making model to the scope and scale of the decision.
4. Communicate your Policy:
Good policies don’t change anything if the communication is poor. In any large organization, even the best policies will be resisted by stubbornness, culture, language, and of course politics. Your best policy decisions need to be communicated in the best way to have an impact. If your policy is to restrict access to sensitive information and that means changing access control policies in your content repository – the policy was the decision and the software changes are the communication.
If you have a policy to optimize your Information Supply Chain for SOX compliance reporting, you need to set compliance metrics to measure how your communication tools are succeeding in achieving those situational policy goals. Remember, to achieve collective goals the collective of people being governed need understand your policies. Information isn’t the same as Understanding. So measure not only your KPI’s and KDI’s, but also how well your policies are being followed – your compliance index.
5. Measure Your Outcomes:
By this point, you have goals, metrics, decisions, and communication. But we govern for outcomes, so we need to measure those too. How well do our facts demonstrating change, decisions to reach change, and communication to effect change really work, and do they in fact achieve the sustainable and situational goals of the program. You might call me a cynic but my normal answer is “of course not.”
No policy will ever achieve 100% of its intended goals, because every aspect of the policy making and communication process is performed by human beings with diverse needs and emotions. There is no pure policy or solution. Be happy with incremental success. That can still mean achieving 50% of what you wanted the first time, figuring out what went wrong, and going back to your KPI’s and KDI’s and compliance index to figure out what you can improve to get more of what you want. Governance isn’t an end or a state. Its a means, a process. You need to be honest with yourselves and each other. Outcomes will always fall short of goals in an absolute sense. And that brings us to the final an most important tool in your Governance program.
Audit lies at the heart of every aspect of governance. Governance that isn’t audit-able, open, and transparent will become corrupt. It’s just a fact of human nature. And if you don’t audit everything you will have a program that defines success in a self-fulfilling paradigm. You can’t learn from your mistakes if you don’t even know what they are. But don’t just audit yearly or monthly. Setup Audit all the time. Because if you aren’t monitoring what’s happening when something happens, you won’t know until too late. And for each audit record, do some forensic investigation. Find out why it happened, and keep a record of that too. Over time, you’ll have a rich operational history of errors and omissions that will help you avoid past mistakes and make better governing decisions in the future.
Read how bad governance lead to Uber’s Security breach.Add to favorites