This article originally appeared on the
The term governance has been around for a long time, and there are many flavors of governance. This series of articles is all about governance, the process of governance and how it applies across different areas. There are three specific types of governance that have received significant attention in the past year:
- Information technology (IT) governance
- Data governance
- Service-oriented architecture (SOA) governance
In this series, I’ll share my view of these three governance areas and set some basic, acceptable definitions for them. I will also discuss what these terms mean to the enterprise and how to apply them in practice.
While there are some clear-cut definitions for IT governance, I was unable to find a definition of data governance. SOA governance is fairly new and, therefore, has several different interpretations. I will begin with the basics: What is governance?
According to WordNet 2.0, governance is defined as:
n 1: the persons (or committees or departments, etc.) who make up a body for the purpose of administering something; "he claims that the present administration is corrupt"; "the governance of an association is responsible to its members"; "he quickly became recognized as a member of the establishment”
n 2: the act of governing; exercising authority; "regulations for the governing of state prisons"; "he had considerable experience of government"
My interpreted definition of governance means to control, to govern or to lend order to – either in process, in method or in architecture. It should define the way we manage, monitor and measure different aspects of our organizations. Government must exercise governance at the country level, and IT can learn from country-level governance. Country governance (in principle):
The UNDP (1997) defines governance as the exercise of political, economic and administrative authority in the management of a country's affairs. Traditionally all countries relegate this responsibility and vest this authority in the government or “the state”. At the broadest level, governments perform a number of vital functions, including making decisions and coordinating policies, delivering certain vital services and ensuring public order and safety to enable people to seek livelihoods and carry out their normal functions of life. It is also of national concern that the sum total of human activities contributes to national economic growth, hence most national governments develop economic and development strategies and plans. Planning, management and governance form a continuum, and should function in an interlinked and seamless manner. Governance is the mechanism not only to implement a nation’s development plans but also to provide feedback into planning and to ensure judicious management of the nation’s resources. In fact, good governance nurtures an adaptive approach to planning and management of a country’s resources to ensure sustainability. (Source: The changing paradigm of rural governance for sustainable development: Defining the niche and role of GIS, Suan-Pheng Kam.)
Why Define Country Governance First?
The lower levels of governance can learn or use portions of higher levels of governance, and the higher the order of governance, the more complete the vision. One might be able to paraphrase the country governance description provided above into enterprise governance. In particular, best practices, enforceable policies and measures allow governance to become a “workable solution.” If we can’t learn from something larger than ourselves, then from whom can we learn?
Once Upon a Time I was Trained in SEI/CMM Level 5…
The government grew tired of hearing, “We have a problem, but we can’t repeat it – so because we can’t find the problem, we cannot fix it.” They also grew tired of hearing, “The project is over budget and will not be delivered on time.” Consequently, many concepts and procedures were developed by the government to govern the quality of the work effort of government contractors. These concepts eventually resulted in major standards, huge changes within organizations, and – most importantly – an ability to pinpoint and correct problems in multimillion dollar projects.
How Does This Relate to Governance?
Commercial markets have now “taken on” parts of SEI/CMM Level 5 and tried to implement what the government mandated. Most have scaled back these efforts and begun calling it governance. SEI/CMM brought with it the ability to measure and quantify many business processes and procedures, along with repeatable, reliable and higher quality outputs. Governance is the management side of the house – and, in part, organizations can and now will be held liable for their actions by the government. SEI/CMM provides the ability to measure the success levels of an organization’s governance efforts.
The Bottom Line
The bottom line is just that – the bottom line. Anything and everything that affects profitability must be addressed (and adhered to), measured, quantified and justified. In one word: governance. Even in private companies, it is required that an executive understand where the money is being spent in order to remain competitive.
What are the Governance Components?
Figure 1, a publicly available document from IBM, illustrates the essential responsibilities of a governance body. I would suggest that each category is a separate component of governance in and of itself. IBM has labeled this as SOA governance, but if you remove the acronym SOA, you can easily apply it to IT governance.
Figure 1: Governance Responsibilities
From the context of governance, IT governance can be described as follows:
IT governance ensures IT-related decisions match company-wide objectives by establishing mechanisms for linking objectives to measurable goals. IT governance is the decision rights and accountability framework for encouraging desirable behavior in the use of IT. (Source: Recipe for Good Governance, J. Ross & P. Weill, CIO Magazine, June 15, 2004.)
With IT at the core of most 21st century businesses, and with today's focus on compliance and risk management as a result of legislation like Sarbanes Oxley, organizations can no longer afford to have IT governance by default or bad IT governance by design. IT governance at its most basic is the process of making decisions about IT. By this simple definition, every organization has some form of IT governance. Good IT governance ensures that IT investments are optimized, aligned with business strategy, and delivering value within acceptable risk boundaries — taking into account culture, organizational structure, maturity, and strategy. (Source: IT Governance and Framework, Craig Symons, Forrester Research, March 29, 2005.)
Good IT governance basically means an organization has established procedures to:
- Constantly align
- Set vision and direction
- Make goals and objectives measurable
- Hold IT accountable to the organization
- Begin to make IT into a profit center rather than a cost center by finding ways to charge parts of the organization for scope creep, “just-add-this-in” projects, etc.
Best Practices for IT Governance
IT governance is needed to measure, define and understand what the IT organization is doing for the company. Governance is a must in every area, particularly since many projects are implemented with small teams. Best practices for IT governance include:
- Numbering every requirement
- Activating every requirement (sometimes rewording so it can be measured)
- Tying each activated requirement to the project plan
- Tying each requirement to a metrics reporting chart
- Tying each requirement to risk management
- Tying each metric to a completion percentage
- Responding to risks with exacting mitigation strategies
- Utilizing function points to establish the best estimation of effort
Governance is not a luxury; it is a necessity. There are many more components that can be employed: implementation best practices, proof–of-concept best practices, bidding (RFP/RFI/RFQ) best practices, etc.
A Complete Governance Solution
Because the CIO/CTO is ultimately responsible for the IT staff and delivery of the product, IT governance must be implemented at all levels of the organization. IT governance also includes division of large tasks into manageable phases. At the end of every phase, a review should be conducted to ensure the goals are being met.
IT governance is just one type of governance. IT projects are filled with data, data and more data. Hopefully, part of any IT governance initiative is to provide metrics about that data and what it contains. In other words: turning data into information. Without a full understanding ofdata governance and how to build it, a complete governance solution is not possible within an organization. I will cover that in part II of this series.