Miko Matsumura has posted some key points about what "governance" is all about, and its worth a read for anyone that wants to lean more about the matter.
For example, Miko gives us a working definition of governance ("the creation, communication, enforcement, maintenance and adaptation of policies across the SOA lifecycle of design time, run time and change time.") and explains why this matters:
"SOA has too many moving parts. This means that without mechanisms of control and enforcement, business policies can be breached (resulting in individuals acting in ways that hurt the organization) and technical policies can be breached (resulting in nonfunctioning, inefficient or noncompliant technical services)."
Governance is one of those terms that's being bandied about by countless vendors, but the definition isn't exactly clear yet in an SOA sense. Is it more akin to corporate governance -- who runs and sets priorities and policies for the business? Or IT governance -- establishing procedures for software change management, etc.? Because it traverses so many parts of the enterprise, SOA governance requires both levels of thinking.