While working for SharePoint ISVs Axceler and Metalogix as chief evangelist, I lived and breathed the topic of governance. While it's true that I don't talk much about migration anymore -- the other topic I was once known for -- governance continues to be a hot topic, even within the social collaboration space. During a couple of customer demos last week, the topic came up with concerns over managing all of the disparate tools their end users were adopting and trying to get their internal IT teams to support.
Alas, that's the history of information technology. When I entered the space at the beginning of the 90's, the topic of IT sprawl was already a concern, with many of the "desktop publishing" applications that were beginning to pop up on the fledgling Windows 3.1 giving end users access to functionality that they previously had to shop out to designers and experts. You could probably say that the era was the beginning of the "citizen developer" movement. But I digress.
So, how do we know if your systems are compliant if your end users are using whichever tools they want and whatever device they want? Is there a documented governance model, and if so, how often are changes made to that model? Do these documents and processes reflect the current standards governing your systems, or were they antiquated and irrelevant as soon as they were published? How are changes and updates to policies and procedures identifies, much less implemented?
Most governance documentation comes with an expiration date due to changing business requirements and shifting legal and regulatory constraints. The fact is that governance is a living, breathing, ever-changing activity -- however, lessons learned through project experiences are seldom reflected in governance documentation, causing new projects and teams to reinvent the wheel each time.
Even when the governance body is well-managed, that success is generally the result of one strong leader -- and that success is difficult to perpetuate once the leader departs the team or company. Long-term success come by "codifying" those best practices into company memory, creating "governance blueprints" for your organization.
Beyond capturing corporate and system requirements, your governance activities necessitate a strong change management model. This is especially important if you have open policies about the tools and devices end users can adopt, as an increasing number of companies support. Part of change management is having a clearly defined and communicated plan -- which may include (and I strongly recommend) a logical diagram of your business requirements, systems constraints, and the policies and procedures to maintain all of them. Having this visual component, I have personally found, makes it easier to communicate the plan, but also helps you identify where changes need to be made when need tools or processes are introduced, or when your business requirements change. And believe me, they always change.
With an overarching view, your team can better understand where governance rules are, or should be, applied to your systems. A little bit of "systems thinking" can go a long way in governance planning. You will better be able to manage business-led changes to requirements, see the effects of system updates, or the impacts of legal and regulatory changes. With a blueprint of your governance activities, you can more proactively monitor and manage your business systems and technology platforms.
Of course, it is incredibly difficult and time-consuming to build out visual maps of your systems and infrastructure, and map out your governance policies against them. Few organizations recognize the value of the exercise, but doing so makes it easy for teams to capture supporting documentation and artifacts and correlate that data with their related policies and procedures. It also helps your organization to develop a shared understanding of the governance methodology (sort of like a governance baseline against which you can measure your progress) and capture best practices as they are surfaced. With a baseline in place, and a system for capturing your collective learning, employees are better able to learn from the experiences of others, and understand the impacts of a change by quickly showing which related policies and procedures are impacted.
Simply put, compliance is easier when people can locate the policies -- and they have a shared understanding of the overall governance model. Gone are the days when governance was something that resided in a binder -- on a shelf, forgotten and gathering dust. To be effective and successful, governance must be an active and transparent part of the organization. People need to know where to go find the latest policies and procedures, and to see the impact of business changes.