IT Governance

I work as IT architect these days. It’s a bit of a crap job, because most companies seem to have no idea what an architect is for. That’s a pity, because using us well can make a lot of people’s lives easier.

What is Governance?

Governance is simply figuring out what you’re supposed to do, and then making sure you do it. It’s really quite simple, but many people miss the point.

Those tasked with governance, be it the Board of Directors, the Government of France, or a humble architect like myself, have three main activities:

  • Defining goals.
  • Figuring out the way things are supposed to be done in order to achieve those goals, and telling other people. These are written down in things like policies, laws, and standards.
  • Making sure people do things the right way by checking they adhere to the above.

That’s really it.

Why is it Good?

Why do this? Well, it helps to make sure that things are headed more or less in the right direction. Without some sort of ruleset, you get anarchy, which doesn’t work so well when you’re trying to get a bunch of people to all move toward some goal. It’s like herding cats.

Unless that goal is “achieve total anarchy” of course. But then, what if someone is doing the wrong thing and following some rules? How would you stop them and make them be more anarchic? Oh no!

More seriously, the role of governance is to help things stay within certain limits, so you don’t go too far off track in the pursuit of your goals. The governor on a steam engine, for example, stops the engine from spinning too fast and destroying itself. It’s basically the same thing with an organisation or a country.

In theory, anyway.

Defining Goals

At my level, there are usually a bunch of goals defined for me. Stuff like “Make efficient use of storage so we don’t spend too much money.” “Make sure the gear stays on most of the time so we can get our work done.” Easy, you’d think.

People at Board level often have to define goals, but even then, many are already defined. The shareholders basically have a goal of “Make me lots of money.”

Voters in an election is a lot more like IT governance. “We want universal healthcare, but we don’t want to pay for it!”

We want everything. Yesterday. For free.

Awesome. I want stuff too. I want to be an omnipotent supermodel. And I would also like a pony.

Creating Policy

This is probably the hardest part. You take all the goals, often conflicting, and try to find a way of stating what the policies are to achieve them. You have to know enough about the subject to define a policy that’s sane, or people will ignore it. But you can’t be too permissive, because that’s the same thing as having no policy at all.

It’s a constant balancing act between having really strict rules, and being pragmatic. It’s a world of compromise. You’re in constant search for the least bad solution.

Then, you write it down, and tell people about it. If you’re smart you’ll have developed the policies with the people who are going to be governed by those policies. If you’re a politician and you pass a law banning alcohol, you end up with a bunch of people disobeying you until you repeal the law. It’s the same in IT.

Don’t believe me? Try banning personal use of the internet. People get amazingly creative when they want to bypass what they see as an unjust law/policy.

Auditing

The last part of governance is checking to see if people are actually adhering to the standards. If they aren’t, you have to figure out what to do.

Either you punish the people who transgress (by sacking them, sentencing them to prison, or tapping your foot and sighing meaningfully), or you change the policy to be tighter, or looser, as dictated by the circumstances.

It’s this auditing bit that people do really badly, if they’ve even bothered to do the first two things. Unenforced laws, corporate policies that are paid lip-service, and arbitrary standards that everyone just ignores with impunity.

Again, a balance is required. Do you get all fascist and demand that people do as they’re told, on pain of more sighing and foot tapping? Or do you educate and cajole in the hope that people will do the right thing of their own volition.

The Payoff

I’ve only worked at one company that had some sort of idea about IT governance, and even they weren’t all that great at it. They had a couple of really great architects who spent ages doing a combination of educating and berating people, and they eventually started to see some results. Stuff didn’t break as often, things got built faster, and the business could concentrate on doing their business instead of hating on IT.

When you don’t do this, you spend a lot of time in meetings bitching about why IT sucks. The lines of business hate you, and you don’t know why.

It’s because you suck.

But when people are doing the right things, and all working towards a common set of goals, you can achieve an amazing amount of stuff in a short time.

That’s why governance is worthwhile.

Bookmark the permalink.

Comments are closed.