At the corporate level, especially in the shadow of the Sarbanes-Oxley Act, governance has come to mean ethics and truthful financial reporting.\nIn IT circles, it more commonly means resource management, especially investment (e.g., project) approval processes.\nSome think of governance as the mechanisms of accountability to ensure that staff deliver on their promises.\nStill others define governance as management controls to make sure that the IT function does what it\u2019s supposed to. This often takes the form of committees that "help" IT leaders make their management decisions, especially popular in two situations.\n\nWhen the CIO or the IT organization is unpopular, governance is used by business-unit leaders as an excuse to meddle in the management of IT in ways that arm\u2019s-length customers would never do to their suppliers in the real world.\nWhere IT is decentralized, the term is used to justify some form of corporate control over the various business-unit IT groups that were originally established to circumvent corporate controls, generally resulting in political battles, stress, wasted time, damaged relations and little in the way of benefits to anybody.\n\nThe Real Meaning of the Term\nSo what\u2019s the real meaning of the term?\nAll of the above. Governance means all the processes that coordinate and control an organization\u2019s resources and actions.\nIts scope includes ethics, resource-management processes, accountability and management controls.\nImplementing Governance\nWith this broadly defined challenge, what should CIOs do about governance? Let\u2019s first look at what doesn\u2019t work....\nIn many cases, governance has been implemented in a narrow and often harmful way\u2014as oversight through steering committees and auditors. The results are generally bureaucratic, imposing convoluted approval processes on already-burdened organizations. Heavy-handed, top-down controls squelch entrepreneurship, bog organizations down and drive administrative costs up.\nAdmit it, the last thing we need is more bureaucracy! Fortunately, oversight is not the only mechanism of governance.\nOversight prevents people from doing the wrong thing, be that making a bad investment or disregarding ethics and law. But why is oversight needed? Why do people do the wrong things and hence need to be controlled?\nOrganizations generate signals that guide everybody\u2019s behavior. Most leaders recognize the power of metrics, but signals also come from an organization\u2019s culture, structure, resource-management processes and methods. When these signals are poorly designed, people do the wrong things and oversight is needed to catch them.\nAs an alternative to oversight, leaders can adjust the signals within an organization so that people automatically do the right things in the first place. This systemic approach creates an environment where staff are empowered and entrepreneurial, yet behaviors and resources are controlled and well coordinated.\nLook at the way the real world works. In a market-based economy, entrepreneurs naturally please customers and manage suppliers because that\u2019s what it takes to succeed. The need for auditors and police is minimal, and certainly does not extend to daily management decisions.\nSystemic governance is less costly, more comprehensive, empowering, flexible, and highly responsive since everybody is continually adjusting their behaviors to the needs of the situation. Oversight should only be used as a last resort, when systemic governance just can\u2019t ensure sufficient control.\nIn practical terms, how can CIOs implement governance systemically?\nEthics and Integrity\nEthics and integrity can be treated through culture. Contrary to popular beliefs, culture is one of the easiest things for a CIO to change. The key is focusing on behaviors rather than values. To change culture quickly, leaders document all the desired behaviors (practices), then roll them out with education, modeling and metrics.\nWhen the right behaviors are well defined and widely practiced, then even when one person slips, others around him or her are there to catch the organization before it falls into dangerous practices.\nResource Governance\nThe IT organization is a business within a business, serving customers throughout the company (its market) with a range of products and services. In this context, the resource-governance processes within organizations can be considered an \u201cinternal economy.\u201d\nMost of us believe in market economics outside the office. The same principles can be applied within organizations. Instead of bureaucratic hurdles, market economics provide the most effective approach to resource governance. See Beneath the Buzz: Portfolio Management for one model for this.\nIT budgets can be treated as accounts that belong to clients, put on deposit at the beginning of each year in order to buy IT\u2019s products and services all year long. When clients manage these, their expectations are more likely to match available resources. Meanwhile, IT is empowered (like any entrepreneur) to manage its business without clients\u2019 meddling. It can decide its cost structure, including setting aside time and money for sustenance activities like training and product research, as long as its prices remain competitive. And it can invest in its infrastructure (with funding approved by its chain of command, not by clients) to provide reliable services now and in the future.\nAccountability\nAccountability depends on a healthy structure. Good organizational structure defines jobs based on the lines of business within the IT organization (not old-fashioned roles, responsibilities and tasks). It defines what groups \u201csell,\u201d not what they do. Structuring around lines of business establishes individual accountability for results\u2014the products and services delivered to customers both in the business units and within IT itself. As with ethics, personal accountability can be reinforced through culture. An organization\u2019s culture can define the behaviors of empowerment that manage people by results rather than by telling them what to do.\nControls\nControls go beyond resource governance and individual accountability. Particularly where an IT function is decentralized, corporations are concerned about compliance with product standards to gain bulk-purchasing discounts, and with architectural standards and policies to ease systems integration. Again, the best form of governance is systemic. The only reason decentralized IT staff would deviate from corporate directives is if it\u2019s in their parochial best interests to do so.\nThe answer is not to demand altruism (self-sacrifice for the greater good) and then attempt to enforce it (a losing battle). Instead, business units should benefit from corporate coordination.\nFor example, if corporate staff offer products at a price that\u2019s lower than what business units could buy independently, then business-unit staff will naturally buy through corporate IT. When corporate IT staff view business units as clients and approach them in a customer-focused manner, they build voluntary consortia to get bulk-purchasing discounts. And they don\u2019t antagonize clients who choose to pay more for products that are non-standard but better fit local needs.\nAs to standards, it\u2019s reasonable for corporate executives to demand that business units submit data (such as financials) in a standard format. With this as a management requirement, standardizing IT protocols becomes the most cost-efficient way to get the job done.\nThe Result\nThe result of systemic governance is an IT department that empowers clients to choose what they\u2019ll buy and then delivers on its promises. It is customer focused, and produces good value while investing in its own capabilities to ensure its future viability. And systemic governance empowers staff without any loss of control.\nThis kind of organization doesn\u2019t need committees to oversee it, complex approval processes to make sure clients aren\u2019t asking for things they don\u2019t really need, or inflammatory attempts to disempower corporate or decentralized IT staff.\nWith a systemic approach to governance, people naturally do the right things because the \u201crules of the game\u201d are set up that way.\nDean Meyer helps IT leadership teams design high-performance organizations. Author of six books, numerous monographs, columns and articles, he brings innovative systematic approaches to what others consider the \u201csoft\u201d side of leadership. Contact him at firstname.lastname@example.org or visit his website for information that can help you implement these ideas, or with suggestions for other buzzwords to analyze in future columns.