One of the most quoted words in use in tech management and marketing these days is ‘governance’. What do we actually mean by this and why is it such a big and ongoing topic?
Governance refers to "all processes of governing, whether undertaken by a government, market or network, whether over a family, tribe, formal or informal organization or territory and whether through laws, norms, power or language” (Wikipedia)
Governance is the exercise of political, economic and administrative authority necessary to manage a nation’s affairs (OED)
We get that fact that it’s about overseeing and running and managing. In fact, it’s basically running the show.
So is governance just another word for management? In some ways this could be true and often the term governance is used both separately and interchangeably from management, particularly when referring to processes and IT Service Management (ITSM) functions. For example: “the Problem Management process had no governance”, “there is a lack of governance around the implementation of the new ITSM tool”, or “our IT organisation suffers from a lack of governance”.
Some words are frequently used in a nebulous way as a means of sounding intelligent or interesting but actually avoiding the issue, like “we need better governance here” when we mean “management isn’t doing its job” or “this process has no governance”’, meaning “no one is owning or managing the process”:
Whatever the taxonomy, there are often issues around the management and policing of processes, tasks, and general areas of work delivery that need to be clarified and reinforced to all concerned.
Let’s take a look at governance, management, and leadership…and ultimately how this defines culture.
This is the over-arching (executive) system that is in place in an organisation to manage and maintain quality, standards, compliance, security, and ultimately successful delivery of services. It requires a number of coordinated components – people, roles, responsibilities, guidelines, means of reporting, means of decision-making, transparency, and auditability. For all of these there is no excuse for ignorance – they are expected and must be understood and delivered by those with executive responsibility.
In a limited company this is the legal responsibility of directors who may face serious consequences if they do not dispatch their duties in relation to the interests of the organisation and its shareholders. All directors and executives of all types of organisations are bound to follow and execute good governance of their organisation and its best interests. If not, they face not only the wrath of stakeholders (customers, employees, debtors), but also their justice system.
The reason for mentioning this in some detail here is that IT is no longer a fringe activity that company directors can brush off and feign ignorance of. Now, IT is the business and they need to understand their responsibilities associated with it.
The flip side is the need for IT to have more elevation in terms of positioning within organisations – direct access to board level discussion, not just a commodity team that reports to the Finance Director (who may or may not have any interest or understanding of it).
For IT, ISO 38500 is a simple and really useful standard that all C-level/directors/executives should own and understand. It’s only a few pages and written in non-IT terms – it’s also a simple and really effective checklist for the things that they are responsible for in relation to IT. Every director/executive should own a copy.
For ITSM, governance is often used in a number of ways – not only referring to the need to define processes, procedures, and accountabilities, but also for the controls, checks, and measures in place to ensure that these are being followed.
So governance is about people, ensuring that other people are doing what they are supposed to, as well as taking clear action and steps to follow up if they are not. Often the first part gets done (not always well, but it happens), however it’s the second part that fails, either due to lack of good governance in the organization or due to weak management.
And so, sloppy culture is born…
If it’s the job of the executive to set and control the way an organisation is run, then it’s the job of the management team to execute it.
Simple? Well of course this depends on whether the organisation has a governance structure in the first place, and then the extent to which this is applied and communicated. Some clear key points are needed:
In ITSM terms, if there is not a clear and strong culture around good governance across an organization, it will be difficult to make end-to-end processes work successfully.
This is the crux and real critical success factor for most ITSM projects, i.e. the strength or weakness of corporate culture and the willingness or otherwise of middle management to challenge and contravene it. This is the reason, frankly, that most ITSM implementations are still centered around incident management, support and Service Desk operations – it’s been too difficult politically to go further.
For example, it would be difficult to make some basic processes work across an organisation if managers know that it will not be supported by their peers or even by their (peers) management. Weak corporate governance will be the biggest challenge for the project. Some managers will have the skills and attributes to take this on but many will not, and those not interested can hide behind this culture.
There is also the problem with ITSM/ITIL that when we say Incident/Problem/Change Management, we mean manager, and so everyone thinks that there is someone responsible somewhere for doing this, when of course this should be a global, shared responsibility.
Leadership is another often used word these days, particularly in the context of personal skills.
In other words, anyone and everyone can and should show leadership, regardless of their role or position. Leadership is not just about being a manager, it’s about taking personal responsibility and leading by example.
Leadership can mean the Service Desk analyst who takes personal ownership of an incident and goes the extra mile with the customer to ensure that the issue is resolved, perhaps beyond the stated SLA. This could also be someone who digs in and stops a change happening at a CAB because they believe this will impact the customer experience or up-time, even if some of the IT management folks are insisting that this should go ahead.
These and other examples can show great initiative, passion, and care for the customer and the service provided. They require some courage, and in some cases the need to challenge authority and process. By definition, they happen regularly in orgnaisations with good governance and management, but only sporadically, if at all, in those with poor management, governance, and culture.
So culture is actually the tone and rules set by the executive (consciously or not) and the degree that this is then implemented and maintained by the management. It’s no coincidence that in organizations with a clear, positive, and transparent governance and management, the culture needs less rules and micro-management to enforce it.
Leadership should be encouraged from all people in an organisation but this depends heavily on the prevailing culture already in place.
Clearly the process of changing culture is not a simple or speedy one, which depends on commitment and real leadership from those who can influence governance and management alike, as well as inspire others to show leadership qualities.
In ITSM, for too long we have seen culture change as a project line or checkbox that needs to be added to our plan but often isn’t fully defined or understood, yet ultimately this will determine success.
So with an impartial appreciation of the current maturity levels of governance, both management and culture in your organization will help you to set realistic and tangible plans for your ITSM project – that in itself shows true leadership!