Blogs

Governance sucks but doesn't have to

By Chris Walker posted 09-17-2012 16:19

  

Governance is the Super Ego to the Id of collaboration.

If you’re an information consumer or producer, governance sucks. Think about it; all you really want to do is get the info you need or pass stuff on to stakeholders. Maybe what you need is to be able to work on something as a group. You try, but you’re info-blocked at every turn. The amount of crap one must put up with in order to create or consume relevant information, or to collaborate, is enough to drive one to drink (but in a responsible manner & you take a cab home).

Let’s start with something simple ... You want to create a document & share it with stakeholders. Easy, right? Not! It used to be that the biggest challenge was making sure the content was appropriate to the purpose. Now you also have to worry about whether or not the stakeholders have the rights to see the content, how long the content will be relevant for, how many copies there are (or will be), whether or not the content could be relevant in legal proceedings, and where the hell to classify it (what is this “classify” thing, anyways?”).

Governance is all the rules, regulations, legislation, standards, and policies with which we need to comply when we create, share, and use information. Don't misunderstand me; it's not the results or purposes of governance that annoy me, it's how governance is applied. The in-your-face, gavel banging, fanaticism driven approach of many of the legal, risk, and compliance crowd is the issue.

Many of these folks are trying to manage electronic content the same way that paper has been managed; that's like trying to perform “brain surgery too, mama, with a monkey wrench” (props to those who identify the song, band, and album without using any search engines).

TheGood:

·         Facilitates finding what you need when you need it;

·         Reduces legal risk;

·         Preserves history and corporate memory;

·         Secures information from inappropriate exposure;

·         Facilitates good decision making.

TheBad:

·         Increases complexity;

·         Introduces bottlenecks;

·         Prioritizes compliance obligations over getting work done;

The Ugly:

·         Turns users into Records Managers;

·         Users circumvent the rules;

·         Perception is we're making progress, reality is we're not.

WhyThere's Hope

If everybody would just chill for five minutes, we could get this under control in a manner that makes sense and provides the benefits that governance ought to provide.Even though the same rules apply, electronic content cannot be managed the same way as physical content.

·         Users aren't Records Managers, nor do they want to be.

·         Policies aren't the problem, procedures are.

·         Pretending social media doesn't exist won't have any effect on your obligations.

·         Some governance is better than no governance.

·         It doesn't have to be perfect, you just need to make a reasonable effort.

Most credible EIM providers (ECM for you dinosaurs) have the tools to implement effective governance in their arsenals. But don't go to them and ask them to implement governance until you've actually sorted out what it is in your organization. It's your task to develop the policies, it's our task to advise you on how best to develop and implement the procedures.

When you and I sit down and talk about governance, if the only team you bring to the table is Legal/Risk/Compliance, I am going to shut the conversation down in about two minutes. The only way that I can help you implement governance that doesn't suck is to deal directly with all the affected stakeholders (groups, not individuals).One of the toughest collaboration challenges an organization faces may be trying to define a truly effective governance framework that serves the needs of all affected stakeholders. If those stakeholders don’t have a voice, it’s not gonna happen.

If you’re running a real EIM solution and your users have to think about where to file content, you’ve mucked up your deployment. It doesn’t matter if you go big bucket or not, a good deployment uses auto-classification, profiles, workflow, etc. to take the governance burden off the users and put it squarely on the system. If you think classifications and retention schedules are the same thing, there’s not an EIM solution on the planet that’s gonna help you and you’re not an Information Professional.

You’ve done governance right when:

·         Users focus on their jobs, nothing else;

·         You get defensible disposition and it’s implemented;

·         People find the information they need, when they need it;

·         Information leaks are down to an acceptable level (face it, it’s not going to get to zero);

·         Your corporate counsel can focus on attacking instead of defending;

·         Social media doesn’t scare you;

·         The only people thinking about governance are those who are paid to.



#InformationGovernance #Collaboration #compliance #Collaboration #EIM #governance #ECM
7 comments
28 views

Permalink

Comments

10-29-2012 02:02

My subject line may appear inappropriate given that we are talking about Information Governance, yet it is the focus that needs to be considered. If we start with a Governance focus (or GRC focus - (Governance, Risk, Compliance), that's all we are going to get. The key is to never forget that we are doing this for the business. We should never do governance for governance sake, but rather always do it because it adds value in some way to the business. Start with the business drivers, and figure out how it will assist the business goals, objectives and strategic direction, then make sure you implement in a way that meets your compliance and governance requirements.
I fully agree with the comments that we shouldn't try and turn our users into records managers. The only way to do this is to build compliance and governance rules into systems and processes. Our document and record types should be configured such that when we store a new item in the right place, as a specific type, the system automatically knows what to do with it - allocate access and security rights, apportion retention periods etc. Take that away from the users, build it into the systems, and maybe (just maybe) you have a chance of success.

09-26-2012 10:20

Great blog Chris! Thank you. It is a good reminder of the purpose of data governance.

09-25-2012 14:55

Nope - I have it in my music library! They were a fun band. Thanks for the reminder!

09-25-2012 14:15

You didn't use search, did you? :-)

09-25-2012 13:49

You raise some good points - I'll be takeing some of these back to my team.
Also: Little Miss Can't Be Wrong | Spin Doctors | Pocket Full of Kryptonite - Which is now stuck in my head. :)

09-25-2012 11:21

James - thanks for pointing out the error. I make fix all better now.

09-25-2012 10:21

I've been ranting about over-complicating governance. I'm now trying to "grow" governance, modeling it after the growth of traffic regulation.
It's taken more than a century to build a (more or less) cohesive structure of automotive traffic governance. Most states require Driver's Education for new drivers - but we don't provide even an hour's worth of training to the thousands of people who rely on our content-traffic governance in the workplace.
It's not rocket surgery - but too often, it's more complicated, with fewer perceived benefits.
(also, nitpick: I think you're missing a word here. "(face it, it’s going to get to zero);" Leaks will always be with us.)