Governance Framework: Mechanisms for Information Management and SharePoint

Much of the Governance Models I’ve seen as of late still focus heavily upon how to set permissions in SharePoint.  In previous blog post I stated I don’t believe this is governance but rather the enforcement end of governance.  It this posting I’ll address some of the aspects of establishing a governance.

 For me the initial question of governance boils down to what are your objectives for governing.  Sounds a bit of circular logic, hopefully I can clear that up.  There is a business reason for having SharePoint deployed unless it’s just a technical toy, a let’s see what it can do pilot or a use it because we have it for free.  These are variations of a solution looking for a problem.  My recommendation is to go get some coffee, put your feet up with several other and brainstorm what and why you want to use it, if not go to a technology briefing to see the technologies possibilities and then brainstorm.

 When I look at SharePoint I see features that could enable two key organizational capabilities:

  •  Information Management
  • Workflow

 Information Management is a broad topic and there are various aspects to it.  SharePoint is not and out of the box solution for such.  It has some new features in 2010 that are still, for lack of a better word, primitive.  However, so too are the organizational competencies that SharePoint would help to address.  Information Storage and Retrieval is only slightly better that desktop search as implemented in most companies that I’ve surveyed.  The rational for such is that companies are still trying to figure out how to organize their information.  While many companies have librarians, most of them are focused on hardcopy management or external searching not establishing information management policies and procedures.   Only recently have a seen job titles for taxonomists and information architects that are described in terms other than application UI/UX responsibilities.                  

 Workflows are another broad area, but most efforts I’ve been seeing are towards automating desktop procedures or routing documents for approvals.  It seems that all the value stream and process knowledge that corporations had built up in the past decade has been filed away or discarded mid-stream before benefits could be achieved.  We know seem to be on a path of bottom up vs. top down.  I believe either extreme is wrong.   Workflows or process automation and tracking has the possibility of integrating the silos that companies have had so much problem breaking down.  However, that takes effort to follow the value streams across the departmental boundaries.  Something I.T. organizations have been assumed to have the charter, but often end up structured as the departments working with resulting in becoming silo’d themselves.  Think about your I.T. organization most seem to be structured into Infrastructure and then application areas (finance, marketing, engineering, manufacturing, etc.)  This is a counterforce to breaking the silos corporate executives would want to have happen.  This is not however and I.T. problem so much as a corporate governance problem.

 Having set the content here are a few of the mechanisms I had implemented that over time have put some organizations on the path.

 First, Information Management governance is not about permissions as previously stated.  IM Governance and its implementation in SharePoint is about having an executive decision function that determines the policies and procedures on how information is to be managed.  Issues like what is a record, who is responsible for creating them –though most people create them without knowing.  How and where information should be storage throughout its lifecycle, cradle to grave.  Policies and procedures such as this eventually drive SharePoint permissions.  Some of these issues require both Human Resource and Legal department input to help develop as well as procedures/processes to ensure compliance.

 Next Workflow issues should be looked upon from a broader perspective.  How should smaller workflows and the information they carry be joined together.  I recently witnessed an organization that had several workflows automated, sounds great so far.  Upon inspection, much of the information was not only overlapping but feed the next departments process.  Sounds like a great candidate to link together right?  However, the structures that carry the information and the representations of that information were incompatible.  However, the results from one department’s work were get this manually rekeyed into another similar but different workflow.  Thus what could have been a streamlined process is human bridged multiple times resulting is all the issues with manual transcriptions.

 The governance mechanism I used is some other organizations was to have workflows (processes) diagramed and cataloged, along with the data, purpose and context of the information.  This became the role of the Business Architecture Group and the review board.  While it may seem like a bottleneck and it could become one.  The Business Architecture Group was a meta-data management function about corporate information as well as an advisory function for application development.  They did not have the authority to stop development from building applications, but they could advise as well as recommend to the CIO that applications be revised or changed based upon reviews.  This prevented Business Architecture from holding up development until they approved any plans.

 Through publishing the catalog and information library, having a policy that developers should check the catalog while designing applications this created a system where common information elements where continually developed and exploited. 

 These few mechanism have put some organizations ahead of their competitors in using information as a competitive edge.

I.T. Governance / SharePoint Governance

Had great discuss with my friend Owen Allen, last night that help me remember and crystalized some the concepts and principles I remember putting together when I developed the IT Governance in the mid-90s at Microsoft as part of establishing an internal Enterprise Architecture Practice.  Some of the points I was making back then and today when I’m speaking at SharePoint Saturdays is about the difference between governance and enforcement. 

Today most of the discussions around governance are addressing how to set permissions and access to sites.  Who can access, who can update, who can delete.  In my perspective, activities around setting these permissions are the enforcement end.  The analogy is to say that the police govern us.  As far as I know that isn’t the case.  Police enforce the laws that the governance produces. 

 With that premise, the model I put forth to Microsoft back then was to use the US Constitution as a model for governance.  Most of my peers back then were intrigued on how I would merge what they called politics with Information Technology.  However, when you look at how businesses operate there are a lot of politics around setting strategy and operating agendas, so too with how to manage the I.T. function.

 Questions like who should decide who has access?  Where should money be invested?  Who should information be managed? And how to make these decisions are all the real content of governance.  The end result of putting together the systems and processes to support these types of decision-making is what I would call governance.  When I proposed some of these structures, I was initially met with some skepticism and questions about complexity.  My reply was look at how you handle money decisions in corporations, should information, the corporation’s means to control itself be managed any less seriously.  Fast forward a few years Pete Weil releases his book on I.T. Governance confirming much of what I had proposed, but the effort remained a slide note in I.T. maturity.  Enter the InforGlut, AIIM, SharePoint, Cloud, and other information management issues–despite the diversion of switching technologies; shared drives to project sites, on-premise to cloud, etc.- and now governance.  As I continue outlining my chapters for my Enterprise Architecture book, the methods and tools I kept internal to my EA practice seem to be more important to codify and distribute in the coming months.  

I’ll be at SharePoint 2011 October in Anaheim, the Sunday before, with friends and peers at what we’ve called a SharePoint Salon working to explore and codify these ideas