The Building Blocks of a Governance System
So far we've established that governance provides a systematic way for organizations to make decisions. Let's take a closer look at the primary building blocks that comprise a governance system:
- Precepts -define the rules that govern decision-making
- Processes - coordinate precept-related decision-making activities
- People - assume roles and make decisions based on precepts
- Metrics - measure compliance to precepts
Note that these building blocks can be collectively or individually referred to as governance controls.
A precept is an authoritative rule of action. Precepts are the essence of governance because they determine who has authority to make decisions, they establish constraints for those decisions, and they prescribe consequences for non-compliance.
Precepts codify decision-making rules using:
- Objectives - broadly define a precept and establish its overarching responsibility, authority, and goals
- Policies - define specific aspects of a precept and establish decision-making constraints and consequences
- Standards - specify the mandatory formats, technologies, processes, actions, and metrics that people are required to use and carry out in order to implement one or more policies
- Guidelines - are non-mandatory recommendations and best practices
Within some IT communities, the term "policy" is commonly used instead of "precept" in relation to governance systems. However, as just explained, a policy can technically be just one aspect of a precept.
Also, even though a precept can contain standards, certain precepts themselves are considered standards. Therefore, it is important to not be confused when the precept name includes the word "standard" (such as Service Design Standard precept), and the precept itself further contains one or more standards that support corresponding precept policies.
A process is an organized representation of a series of activities. It is important to make a distinction between governance processes and other types of processes related to IT. Governance processes provide a means by which to control decisions, enforce policies, and take corrective action in support of the governance system. Other processes, such as those employed to carry out project delivery stages, can be heavily influenced by governance precepts, but are not specifically processes that are directly related to carrying out the governance system. Technically, any process is considered a management activity, but a governance system is dependent on governance processes to ensure compliance with its precepts.
An organization is likely to use a variety of processes to support its precepts. Some may be automated, while others require human effort. Automated processes can help coordinate tasks (such as steps required to collect data for approvals), but can still rely on people to make important decisions (such as making the actual approvals based on the presented data). Examples of decisions that typically cannot be automated include review and assess investment proposals, review system and service designs, and select products and technologies.
People (and groups of people) make decisions in accordance to and within the constraints stipulated by governance precepts. For a governance system to be successful, people must understand the intents and purposes of the precepts and they must understand and accept the responsibilities and authorities established by the precepts. Governance systems are therefore often closely associated with an organization's incentive system. This allows the organization to foster a culture that supports and rewards good behavior, while also deterring and punishing poor behavior.
When exploring the involvement of people in relation to governance systems, it is further necessary to identify the role or roles they assume. Organizational roles position people (and groups) in relation to governance models and further affect the relevance of precept compliance and enforcement.
There are two ways that people can relate to precepts and processes: they can help author the precepts and processes and they can be dictated by their application. In this book, we explore both types of relationships.
Metrics provide information that can be used to measure and verify compliance with precepts. The use of metrics increases visibility into the progress and effectiveness of the governance system. By analyzing metrics, we gain insight into the efficacy of governance rules and we can further discover whether particular policies or processes are too onerous or unreasonable. Metrics also measure trends, such as the number of violations and requests for waivers. A large number of waiver requests may indicate that a policy might not be appropriate or effective.