A simple explanation of governance can be googled quite easily: “The need for governance exists anytime a group of people come together to accomplish an end”. See, easy!
In the case of an enterprise or government organization we can be a bit more specific in our definition: “Ensuring a strategic approach in context of longer term organizational goals and sustainability, while executing day to day activities in a coordinated way”. Right there in that definition a hierarchy is revealed. A strategic approach requires the existence of a strategy from which organizational goals are to be derived that will steer the day-to-day decision making and activities.
Next to the strategic, tactical to operational hierarchy of the purpose of governance there is also a form of hierarchy within governance itself. Corporate governance (or institutional governance within the public sector) supersedes IT governance which supersedes cloud governance.
A formal governance framework establishes chains of responsibility, authority, and communication. It describes the roles of people involved, their responsibilities, the ways in which they interact, and the general rules and policies regarding the lifecycle of IT services.
IT Governance is among other things used as an accountability system. To determine who’s responsible and who’s accountable; to register the provider to user relationship; as well as the demand and supply relationships. Let’s determine who is ultimately accountable for the outcomes achieved, with the aim of establishing a mutual respect for each other’s decision-making authority. If we add policies to guide decision making and an organization wide adoption of standards we can facilitate consistency of management. Strengthening compliance and reducing risk.
With IT Governance we can also achieve continuity of expectations. Expectations of IT and reality often do not match. We want IT initiatives to bring the innovation and benefits they promise and we therefore must have the ability to measure the returns on IT investments.
With cloud governance we strive for the same goals as IT governance such as compliance with laws and regulations but we also want to comply within existing standards and policies (where applicable). It is therefore imperative to design for cloud within the Enterprise Architecture.
It is stated that under IT Governance the least that we want is technology that is adequate and relevant. However, with the Digital Transformation not only impacting technology but also our organizations business models, organizational structure and processes, we want to be as closely aligned with the business as possible. Business objectives drive digital transformation and should therefore drive our cloud investments.
To best achieve synergy, working agreements within the internal cloud eco-system of users and suppliers and contracts between suppliers and demand and delivery parties should be in place.
Cloud brings some specific challenges such as ensuring data integrity and preventing data loss. A cohesive operating model and a well-defined change management process are sure to help. A large benefit of cloud is the speed with which services improve and innovate. Continuous improvement should be embedded within the DNA of the new organization and its processes.
The outcomes of our governance activities differ throughout the hierarchy. On a strategic level we have to know that we are performing against our set targets and conforming to our leading requirements. We should have the knowledge that the transformation is being managed, that our (IT) objectives are being met and that there is a working governance framework in place.
Tactical considerations center around our system of internal control. Does our governance framework work, are we in control of our control?
Of importance on the operational level is verification that we are applying our principles, adhering to policies, standards, laws and regulations and fulfilling requirements of service capabilities and contracts.
Communicating the results of our efforts up the chain of command is key to good governance. If we don’t have information we will never feel in control. Without that feeling of control it is impossible to establish trust in our organization. Trust is needed to empower our ever increasing self-managed enterprise.