I regularly get asked what “Governance” in my job
title means by colleagues and friends who find what I do
obscure. They understand the risk and compliance components better,
because they can associate them with other jobs they know.
The dictionary definition for Governance does
not resonate well with many of them. (If you’re so inclined, check out Wikipedia’s
definition)
This year, I was invited to speak at a couple of national
governance and risk conferences, and the title of my talk was “Best Practices
for Proactive IT Governance”. This provided me with extra motivation to come up
with an easier-to-understand definition for Governance. I felt the following
simplified version resonated better with those who came to listen to me:
I went on to explain that Governance (especially, a good
one) does the following:
- Creates Structure by defining organizational reporting lines, oversight committees, rules, policies, and processes. A well-defined structure effectively sets the operating boundaries for the organization.
- Sets Direction by creating or aligning with the corporate strategy, and defining the short and long-term goals for the organization.
- Defines & Assigns Responsibilities by providing a clear view of who is going to do what in the organization and who ultimately is accountable for the results.
- Measures & Acts on Outcomes by defining, analyzing and reporting performance metrics. Regular measurement helps the organization course-correct as quickly as possible. It's true that “you can’t manage what you don’t measure”.
Regardless of where you sit in the organization, you are
probably involved with some or all of these practices at some level. That makes
us part of the extended Governance family.
Does this definition resonate with you?