Estimated reading time: 3 mins
‘Governance’ is a term that is becoming more and more popular in today’s business. Governance, in essence, is the process of policing an organization internally, making sure standards and policies are adhered to, budgets are kept and that decisions are rational and appropriately transparent. Governance is there to ensure your organization complies with Sarbanes-Oxley, should it be required to. In the eyes of many people, governance stalls progress, stifles intuition and innovation, and is entirely bureaucratic. But which is it? Well it can be both, depending on how it is applied and perceived by those being ‘governed’.
As technical professionals, it’s our job to make decisions and implement technology, whether it be IT, product rules, calculate risk, etc. To do that job, we need skills, experience and judgment. We apply them at our discretion. But how do you know you apply those things in line with policy, regulation, risk appetite and without bias, using all the facts? Governance functions are there to help you know, and to also report this to senior Execs. Often their work appears as dashboards for Execs, where each ‘measure’ (mostly an arbitrary scale of compliance) is scored, often as a RAG (Red: Bad, Amber: Not bad, but not good, Green: Good)
The irritation of governance, I have concluded, is that in order to gain a view on each measure, a bunch of questions need to be answered, forms filled, meetings held and time committed. But moreover it generally requires the governance body to have some, equal or more knowledge in the subject areas of those being governed and how that subject fits into the big picture of an organization. The esoteric nature of technical subjects can mean this is very difficult to actually achieve. This can result in risks and issues being misreported, incorrectly measured or badly articulated up towards Execs. Then you have to spend time unravelling it and getting the story straight. The sum total can be a lot of wasted energy and time. Even worse is when technical projects and initiatives are discarded at the thought stage due to concerns about getting it by the long arm of the internal law! Innovation suffers. It can create a huge overhead at great cost.
So is this is an attack on governance? Actually no. Not at all. In fact I think governance is essential for a modern organization to tick. Governance can prevent a business making a stupid decision. It can retain corporate memory so that the organization knows why a decision was made and what compromise was accepted. Governance can give an organization’s Exec valuable information to make rational decisions from (Execs can tend to act on intuition alone!) But governance has to be applied effectively and appropriately. You won’t have control of that, well not at least all the time. But as a technical professional, you can have influence over the process, by building a trusting and open relationship with the governors, building credibility. By working closely with a governor such as Internal Audit, you can use policy to guide decisions, preventing further rework and rectification. It will also help you build in some latitude with the body so that you can have influence of what is ‘governed‘ closely, or not. In past appointments I have made the first move with Internal Audit by inviting them in, for example, to team meetings and giving them an open slot. I’ve also instigated the construction of a Risk Register (where risks under my control are documented and actively managed). The result of this was a growing relationship based on trust. Governance should not be feared, but it should be controlled and influenced appropriately and with integrity.
I can’t stress this enough; building a strong relationship with governance will give you an edge. Governance isn’t a pain in the ass if you don’t make it that way.