What is governance anyway?

Best practice

04 July 2023

6 minute read

Brooke Skinn, Asset Management Governance Leader at Cargill, explores the true meaning of the word governance in both theoretical and practical terms.

Have you heard the term “governance” a lot lately? The word seems to be in a lot of seminars, corporate lingo, job titles, and auditor’s audit plans. Raising a problem at work to leadership, governance is something they likely will use as a potential solution. Gaps in a process or items that were missed or skipped, governance can fix that too. So, what is governance anyway?

I get this question a lot as the word has been in my job title not once, but twice now in my career. When I originally got my first job with a governance title, I had no idea what it was. This was back in 2016 and it was a word I heard a lot, and I knew it meant rules or something like that. I remember thinking of it as a form of government governing a specific topic. I have learned a lot since then and have found even more needs for governance in the corporate world than what I see existing today.

I began thinking about how to define and teach governance, and to do that I needed to understand where the word came from and what was making it so popular in corporations today. The word has been seen in the text since the late 1800s; however, it picked up steam again in the 1990s. During the early 2000s bankruptcies, market crashes and corporate insolvencies (like Enron), this word became the fuel for solutions globally. The Sarbanes–Oxley (SOX) Act of 2002, a US federal legislation passed because of these financial disasters, began to drive public companies into building governance and controls to ensure proper checks and balances were in place and prevent future corporate insolvencies due to lack of controls. This sounds pretty good and all, but once again what is governance is still not that clear besides knowing it provides checks and balances within a company.

Defining governance

I like to start with this definition of governance:

“Governance is the way rules, norms, and actions are structured, sustained, regulated, and held accountable”.

This definition fits more into the spaces that I, as a governance leader, work in daily. I like to think of myself as the sheriff enforcing the laws of the land. Governance are rules and standards that must be followed and when they are not followed, metrics/reporting would drive remediation for things that do not comply. A great example of this would be vehicle registration.

Vehicle Registration governance

There is a law that states all vehicles on the road must have current registration. There are ERP systems that collect and store the data for all the known vehicles sold and owned in a given country. Each owner is notified of the renewal of their registration and when the expiration date comes if that registration is not renewed the vehicle is no longer meeting the law to be on the road driving. How this law is enforced varies by country, but typically it is the police or traffic controllers that stop and write up a citation for non-compliance. Now the police officers do not get to pick what the processes are to register the vehicle or how owners are notified. They just are there to enforce what the laws are as published. The laws that are written are up to the government to define and publish. As a governance leader, I am here to support the organization in the processes and rules that each team is following today, much like the police officer in the example above. I work with the teams to identify their larger risks, fail points, and process gaps and help to catch these and ensure the teams are remediating or eliminating them as quickly as possible. Unlike the police officer, I do help create the rules and ensure they are documented, published, and employees are trained.

Corporate strategy

What makes good governance is when a company has a corporate strategy on how they will document and enforce governance. What makes great governance is when the company is actively enforcing and remediating any failures to the published governance rules and standards. Within the IT Asset Management (ITAM) world, governance can be very helpful, and most of you are probably already doing governance and you didn’t even know it. That report that shows out-of-compliance licensed software is a governance process.

So why is good and great governance important? I find it to be the self-auditing that takes place before an audit. Within a formal or informal audit, the policies, processes, and standards that are published within a company will be tested. The failures and misses are then documented, and a formal report is issued to remediate the gaps. So how does governance help? We help by formally showing we know what our rules/standards are, we know where the failures and gaps can take place, we have reporting/metrics to remediate any as they happen, and the auditor can review and test and typically will not find any issues as the company is actively finding and remediating them as they take place.

Nobody likes governance, but we all know we need it to keep checks and balances in place and resolve issues before they become bigger issues and/or audit findings. Governance becomes a security blanket for any team as well as for leadership within a corporation knowing the teams are actively ensuring processes are being followed and failures corrected.

What is governance anyway?