For some people today, Governance is a bad word. Lots of people are disappointed with Governance these days and I don't blame them. Often, Governance feels opaque, distant, and complex. It doesn't seem to serve the needs of the people, most often appearing to serve the needs of some hidden and mysterious elite.
Very simply, Governance is the activity of coordinating people to achieve collective goals through collaboration. You govern to effect changes in organizational behavior to achieve positive outcomes.
Governance doesn't have to be difficult or mysterious. And even if you feel removed from aspects of national Governance, you can still learn the vocabulary and rules of Data, Information, IT, SOA, or any Governance in your own neck of the woods. Its easy, effective, and it can solve a lot of organizational problems that have eluded solution for many years.
Here are Six Easy Steps to Smart Governance:
1. Set Your Goals:
Governance is a means, not an end. You govern to achieve collective goals. So define them up front:
Sustainable Goals are the goals the program is founded to achieve. Examples can be things like achieving 95% Data Quality across the enterprise, cutting costs and improving customer satisfaction, reducing risk and developing new revenue opportunities. They should be specific and focused, and every governance metric, decision, policy, and outcome should be compared to the program's sustainable goals.
Situational Goals are policy-specific goals that support the Sustainable goals. You might have a business process failure that is impacting data quality that requires new solutions.
2. Define Your Metrics:
You can't make effective policy decisions without facts demonstrating why change is needed. So define what you are going to measure to collect facts that illustrate dysfunction. Those facts form your "business case" for each change. To measure Data Quality, you may need to monitor data processing steps, track business and IT process failures, and benchmark the impact of systemic failures on data delivery.
But be aware, measuring itself will change organizational behavior. A recent NY Times article about NY Police Crime Statistics illustrates this result. It seems that crime has been falling every year even the last two years. What's amazing about this is that crime always rises during a recession. An audit of crime reporting practices revealed that precinct captains were rewarded for reporting lower crime rates and so they developed creative practices for reducing crime reporting rates - like persuading victims not to file complaints, or by looking up theft values of used goods on ebay instead of reporting victim replacement costs. These practices led to lower reported crime rates, and some new forms of creative corruption.
Just having KPI's isnt enough. They need to be calibrated to the goals of your program and the situational goals of each policy. They need to survey the needs of the customers in your system (employees, partners, citizens, etc). And they need to be re-examined on a regular basis. Each problem your metrics reveal will require some governance policy. How you make those policies is the next phase of the process.
3. Make Your decisions:
It doesn't really matter if problems are solved by data stewards, governance workgroups, boards, councils, or large crowds. What matters is why the solution was needed (facts), who was included in the decision, and how the decision was made. Few organizations devote any time to systemically recording their decision-making process, but it is critically important. Everyone makes mistakes. You can't possibly learn from them if you don't keep track of how they were made. Governance is no exception.
Every decision is a policy. Doesn't matter if one person decides or an army. It is still a policy. It may work a little or a lot. To determine why, you need comparable metrics over the decision-making process. Sometimes, you have a simple problem in one department and a data steward can update a glossary definition, change reference data, or define a new BI report. Other times, you need to change business processes, deploy new software, sell a new data architecture to the organization. In every case, a decision needs to be made. Who participates in the decision, how the metrics were used to justify the decision, and how the information was analyzed are all important KDI's (Key Decision Indicators). Journal them. Get good at matching the decision-making model to the scope and scale of the decision.
In Cologne, Germany, the government is letting citizens participate in the budget-making process by submitting their own funding proposals. Its not only a way of getting government to be more responsive to citizen's needs it is also a way to include citizens in the decision-making processes by informing them of the options and letting them decide on municipal priorities. There are times when having a crowd participate in decisions creates ownership, even if decision times will be necessarily longer.
4. Communicate your Policy:
Good policies don't change anything if the communication is poor. In any large organization, even the best policies will be resisted by stubbornness, culture, language, and of course politics. Your best policy decisions need to be communicated in the best way to have an impact. If your policy is to restrict access to sensitive information and that means changing access control policies in your content repository - the policy was the decision and the software changes are the communication. If you have a policy to optimize your Information Supply Chain for SOX compliance reporting, you need to set compliance metrics to measure how your communication tools are succeeding in achieving those situational policy goals.
Remember, to achieve collective goals the collective of people being governed need understand your policies. Information isn't the same as Understanding. So measure not only your KPI's and KDI's, but also how well your policies are being followed - your compliance index.
5. Measure Your Outcomes:
By this point, you have goals, metrics, decisions, and communication. But we govern for outcomes, so we need to measure those too. How well do our facts demonstrating change, decisions to reach change, and communication to effect change really work, and do they in fact achieve the sustainable and situational goals of the program. You might call me a cynic but my normal answer is "of course not." No policy will ever achieve 100% of its intended goals, because every aspect of the policy making and communication process is performed by human beings with diverse needs and emotions. There is no pure policy or solution. Be happy with incremental success. That can still mean achieving 50% of what you wanted the first time, figuring out what went wrong, and going back to your KPI's and KDI's and compliance index to figure out what you can improve to get more of what you want.
Think Dynamic Steering.
Governance isn't an end or a state. Its a means, a process. You need to be honest with yourselves and each other. Outcomes will always fall short of goals in an absolute sense. And that brings us to the final an most important tool in your Governance program:
Audit lies at the heart of every aspect of governance. Governance that isn't audit-able, open, and transparent will become corrupt. It's just a fact of human nature. And if you don't audit everything you will have a program that defines success in a self-fulfilling paradigm. A great example is the Safe Water Act of 1974. It was set up to monitor water quality across America. Unfortunately only 91 toxic agents were named in the bill when it was written, so by law only those agents need to be audited by water districts across America. Today, 35 years later, over 60,000 toxic chemical agents are used in industry every day and 49 million Americans drink small quantities of Arsenic, Uranium, Lead, and other toxins every day because the water districts aren't required to clean out those elements.
Without Audit, Smart Governance isn't possible. You can't learn from your mistakes if you don't even know what they are. And you don't want to wait 35 years to discover your company has been eating small bits of Toxic Content every day.
Audit is the key process and technique underlying many of the measurable steps above. But don't just audit yearly or monthly. Setup Audit all the time. Because if you aren't monitoring what's happening when something happens, you won't know until too late. And for each audit record, do some forensic investigation. Find out why it happened, and keep a record of that too. Over time, you'll have a rich operational history of errors and omissions that will help you avoid past mistakes and make better governing decisions in the future.
If you follow these six steps, you will have a Smart Governance program that will be open, transparent, accountable, and able to learn quickly from its own mistakes. Governance is a system whose goal is to serve the needs of its customers.
It doesn't matter who is doing the governing. If there isn't a systemic approach with Audit at the center, and information flowing evenly to many parties, you will have corruption. And left to itself over time, that kind of Governance will be unpopular.
Make sure that doesn't happen to you.