Governance Organizations

I am a member of IBM’s Data Governance Council formed to bring thought leaders together to develop best-practice models in data governance. At a recent council meeting, one member said her company already had several formal governance organizations for various programs, but needed help bringing it all together. This made me wonder if in many respects, most companies were still looking at governance as separate pieces of a puzzle rather than a puzzle with many pieces?

In my role as a former Chief Compliance Officer, I had established a governance organization brought together with one senior level compliance official from each business unit. These individuals collectively formed the Enterprise GRC Committee and provided the much needed centralized high-level oversight.

The beauty of this organization was that it created experts on the requirements within each business unit and the group had an enterprise view of all things related to governance, risk management and compliance. It had the ability to repeat a consistent process, define consistent use of supporting technology and evolve as new demands were placed on the company at any level.

With this time-tested approach under my belt, the thought of distinctly separate governance organizations doesn’t make sense to me. You don’t need a separate governance organization; you just need a consistent organization and process that can continue to evolve as your enterprise program scope expands.

I would be interested to read your thoughts and comments, especially if you have a successful Enterprise Governance organization in place. It would particularly helpful to understand how your governance organization is structured and how broad a scope is being served.