There is some concern out there these days about the use and misuse of the term “governance.” As Ed Horst, VP of Marketing for AmberPoint, puts it, “Everybody wants control and the term ‘governance’ pushes that button.”
There are issues around “run-time governance”: How are the systems performing? Are they operating as they are supposed to? Are they up and available? Are exceptions effectively handled? And then, there are governance issues in relation to design and implementation.
The problem with governance, argues Horst, is the "exuberant belief that if they could just write down the policy somewhere, then it will be followed and enforced. There’s a lot of enthusiasm for the idea that if one puts all their policies in a registry, then the problem of governance will be solved. But just like an employee policy manual that is produced by the HR department, it doesn’t mean that everybody follows the rules. Even if you have written down the company strategy somewhere, it doesn’t mean that everyone will follow the strategy. There’s a reason why in every organization there are managers."
So what is the solution? As Horst sees it (and, as he freely admits, he is not a disinterested party), there must be a "police force." In other words, there must be a system in place -- a policy governance system -- to ensure the rules are enforced. It is not simply enough to have a registry that stores the policies; they must be actively managed and compliance must be assured. Otherwise, Web services are likely to be introduced that are in violation of corporate policies -- creating IT havoc, system breakdowns or security breaches in the process. "The mistake is to think that if you write it down you are done," says Horst. "Someone must be the traffic cop."