Digital governance can be hard to grasp. You can’t see it, touch it, hear, taste, or smell it. If you try to think about it, it’s unlikely much vivid imagery will arise — most people would be hard pressed to draw a picture of it to show their child. We can detect its absence, but it leaves few traces when present. We sense it’s important, and long to make it tangible. Yet when considering governance, it is important not to confuse its form with its substance. Perhaps the most elusive aspect of governance is how to know it’s being done well. That question is less about tangible things like committees and policies, and more about values.
How well governance functions matters because governance fundamentally is about accountability. Val Swisher defines a governance model as “guidelines that determine who has ownership and responsibility for various aspects of an organization.” Lisa Welchman, the doyen of digital governance advice, offers a definition in her excellent new book, Managing Chaos: Digital Governance by Design:
“Digital governance is a framework for establishing accountability, roles and decision-making authority for an organization’s digital presence.” — Lisa Welchman
She identifies key elements of governance:
- Digital strategy, which includes “guiding principles” and “performance objectives”
- Digital policies, which are “guidance statements put into place for managing risks”
- Standards, which “exist to ensure optimal digital quality and effectiveness.”
Digital governance involves a mix of role-based power (authority and accountability) and formal rules (policies and standards).
Digital governance resembles other domains of governance in form. All systems of governance rely on a mix of controls. Some rely more heavily on rules, and others rely more heavily on role-based power. Kings rely on their title to declare what’s allowed; economies try to run themselves by relying on self-governing rules.
On a functional level, governance provides coordination and defines the terms of exchange between parties: what each offers, and what each gets in return.
On a psychic level, governance defines norms and expectations. Digital governance is positioned as the answer to digital chaos: managing competing interests and taming random, uneven execution.
People seeking governance, if fleeing a sense of chaos, want solutions that look solid. “Tell us what we should do,” they may ask in desperation. Governance presents a framework for making decisions. With governance, order is restored. And we hope that order is stable.
Where Does Governance Come From?
Governance raises an ontological question: if governance leads, where does governance come from? What decides the process for deciding? The customary answer is a committee of stakeholders. Hopefully this committee is united in a common purpose, so that competing interests and random actions stop happening. Yet the prospect that governance may be beholden to the personalities doing the governing makes the concept seem less solid that it should be.
I want to consider governance not as the answer to the problem of chaos, but as a question. Suppose governance isn’t a solution, but a range of solutions. How do you know which solution is right for you? Will your choice of a governance solution always be the right choice? How do you govern your governance?
Governance, considered as an answer to a need, gets defined as a process for bringing order: for making sure that content activities follow agreed procedures and are consistent. That order is very much needed in organizations. Most organizations realize they aren’t as efficient as they could be; that they produce poor quality content; that they don’t coordinate internally to realize their goals. Order is certainly necessary, but is it sufficient?
When considered as a question — a need that must be defined — governance gets examined through the lens of what’s best. Yes, everyone wants the trains to run on time, but what kind of trains do we want? People have lots of ideas about the right kind of train. For some, such a discussion might appear as a threat to governance. Some might advise to keep your heads down and focus on keeping things running smoothly; don’t get sidetracked by larger issues. But such an attitude can risk keeping the governance discussion limited to only a small range of tactical issues, and stymie consideration of ways to improve operations. By defining governance too narrowly in terms of orderly policies and procedures, organizations can miss out having a conversation concerning what needs to be in place to become great, including topics that defy simple solutions. They can miss out having an honest discussion about whether they are doing things right.
Suppose an organization wants to bring better governance to how up-to-date their content is. What’s the best way to do this, given how big a problem it is for many organizations? The organization could issue a policy mandating that content be up-to-date. But that policy might be difficult to implement consistently across the organization. It might create standards, with guidelines specifying how often to review and update content. But not all parties agree these guidelines are right, each arguing their needs are different from others. Some people produce content that ages quickly; others produce content with a long shelf life. Here we don’t have a debate about the principles involved, or the intent, but the application. Rules aren’t enough: buy-in is needed.
Governance ultimately rests on consent. Different stakeholders need to consent to what is being asked of them in order for guidance to be followed. All stakeholders need to know that what’s asked is aligned with their interests. But if the specific interests of different stakeholders relating to an issue are not the same, governance of the issue may be avoided, or implemented sub-optimally. A uniform standard, while simple to issue, could have the perverse effect of making some people do unnecessary work, while others don’t apply sufficient attention to an issue.
Bad governance is more than simply the absence of governance. Many people falsely assume that by having a governance framework, good governance will result. But governance frameworks can contain three hidden risks that are rarely discussed:
- You have bad policies and standards
- You have policies and standards that don’t account for organizational diversity
- You have a frozen governance structure that can’t adapt to change
Such problems seem minor compared with problems resulting from no governance. Nonetheless, they will be increasingly important issues as digital governance becomes common. Problems can arise because digital governance is typically developed in a vacuum, relying on the perceptions and judgments of the very people who need to implement the framework. Framework viability is a function of the sophistication and self-awareness of the stakeholders involved in the process. Stakeholders largely depend on their own judgments to make decisions, and in effect can be making up their own rules to follow. Few checks are in place to validate that decisions are correct. No one or no thing is telling them they might be doing things wrong.
Some decisions have big consequences. Many organizations are unhappy with their content management system, but they decided on a solution based on what they considered their priorities to be at the time. Their understanding of their needs have since grown, but their CMS wasn’t able to grow with their needs.
Bad Policies and Standards
Organizations want to improve, and many organizations believe they can achieve that if they just work smarter. They believe they already know what they need to know, they just need to tap that knowledge to unleash it. Applied to governance, it means getting the right people in the room, clarifying their roles and responsibilities, and getting respective parties to develop standards relating to their domain of expertise. Organizations trust each party to use their expertise to make the best decisions, and trust that all these decisions will work together in harmony. For reasons of expediency and self-image, organizations believe they have the internal expertise needed to get the job done.
But simply designating people and asking them to develop or select standards won’t automatically result in good standards. You may give authority to someone in a given role to develop a standard. But if that person lacks sufficient experience, or has dated knowledge, he or she may create a standard that everyone follows, but the standard is flawed and counterproductive.
The problem is a systemic one, rather than being a personnel issue concerned with an individual’s lack of knowledge. All individuals have constrained expertise. Most organizational processes have internal checks to contain problems arising from bad decisions. Yet when internally appointed “experts” with shaky understandings of complex topics are forced to make global decisions that others must comply with, the effects of their expertise gaps get amplified significantly. Sometimes the problem is silent: people earnestly doing something counterproductive that isn’t apparent until later.
Compared to other domains of governance, digital governance requires a high degree of internal organizational expertise. With the exception of technology companies and the largest multinationals, most organizations have a scarcity of internal digital expertise. Digital is new, and rapidly changing. It is hard to say what are absolute best practices, because digital touches so many different kinds of organizations that are often more dissimilar than similar.
Let’s consider some areas that Lisa Welchman identified as being candidates for standards. I’ve included a few representative examples in parentheses, and encourage you to consult her book for the complete list.
Digital standards can apply to a range of functions in an organization:
- Design (video design, colors, interactive applications, templates, icons)
- Editorial (tone, terminology, product names)
- Publishing and development (metadata, social software, web analytics, cookies, single sign on)
- Network and servers (domain naming, security, firewalls, auto log offs)
Many of these standards by their nature will need to be internally developed. There may be no proven external best practice to adopt. It’s common for different organizations to pursue diverse practices. Even where one can learn from the practices of other organizations, one needs to select which examples are best fits, and then adapt them to one’s specific organization’s needs. With discretion and judgment comes opportunity to make mistakes.
The needs of digital governance contrast with the template-type of governance that’s available in other domains: to take a policy or standard developed elsewhere, and fill in a few names. In other domains of governance, governance knowledge is a collective good; in digital governance, it’s a competitive good. In digital governance, there is no requirement to comply with what other organizations do. In fact the opposite is true: what is best for another organization may not be best for yours. Unilever and Proctor & Gamble are both sophisticated, successful firms that are direct competitors. But because they are organized differently, it is unlikely one firm could copy wholesale the digital governance of the other and be successful.
It would be rash to equate an organization’s internal collective understanding with the depth and diversity of inputs that shape external standards. In other realms of governance, a large body of collective knowledge about issues exists, on which to base standards. Commercial standards may codify accepted norms that developed over a long period, derived from common law. Corporate governance is guided by principles and guidelines set forth in various statutes and in internationally recognized codes of conduct. Other forms of governance can rely on the “hive mind” — the collective wisdom of many parties defining standards and practices. Global regulatory and internet standards reflect a negotiated consensus of many parties contributing vast expertise. You can’t crowd-source your decisions. Digital decisions must be informed by the myriad variables each organization faces, and address its specific circumstances.
Outsourcing specific standards to another party does not eliminate the need for internal expertise. Embracing an external standard does not guarantee the standard is the best choice to follow. Due to the complexity and rapid evolution of technology, they are often multiple competing standards addressing a topic. Before designating Flash as your video standard, understand the long-term implications of that decision. Research shows that organizations can become uncompetitive when they’ve built practices around a dated standard, and they find it difficult to switch to a newer, more capable one.
Nor is the need for expertise over once the standard is chosen. Somewhat maddeningly, the more important the standard becomes to how an organization operates, the greater the “lock-in” the standard can produce —making changes to a process that serves as a foundation for other processes difficult. Retailers are struggling to adopt RFID, because they are locked-in to bar codes. In the area of content, different elements can have cross-dependencies. For example, design templates embody various internal standards: they reflect many different assumptions about what kinds of content needs to be presented, how to prioritize content, and on what devices. A change in any of the underlying assumptions might trigger a need to change the design templates, which would impact other areas such as workflow.
Dealing with Internal Diversity
Just as there is not necessarily “one best way” for all organizations to implement content processes, there may not be one best way even within an organization. This is especially true for large organizations and those with diverse missions.
Standards can support quality, but their primary role is to support efficiency. People around the world adopt the metric system of measurement not because it is more accurate than other systems of measurement, but because it is efficient for all parties to use a common system. Standards reduce transaction costs. In the digital context, standards smooth transactions by reducing the number of discussions and the time spent waiting on others.
Efficiency and quality can sometimes be at cross-purposes, especially if we consider efficiency as the time or effort involved to do something. Standards ensure consistency, not quality. Quality may be a by-product of consistency, but it also could be sacrificed in the pursuit of consistency.
The goal of consistency raises the topic of compliance. Compliance is a core theme in governance: it is frequently a key metric defining the effectiveness and success of governance. A lack of compliance suggests ineffectual governance, while complete compliance signifies success to many.
Compliance can trigger the pursuit of other values, which may or may not be appropriate. Some might argue for policies and standards to be simple, since simple things are easier to understand and do. Complex things, in contrast, are complicated. Though complication is costly, complex frameworks can also be sophisticated ones, able to achieve more than simple ones. The interaction of different elements can produce synergy. The value of complexity depends both on what it accomplishes, and what burdens it places on people and systems maintenance. Simplicity requires a receptive environment. You can’t dictate simplicity: circumstances need to be right to accommodate it.
Compliance also elevates the perceived value of uniformity. Deviations are easier to see when all people follow uniform standards. The cost of uniformity is the loss of flexibility. Uniform standards can stop bad things from happening, but equally can squash innovation, or stymie people trying to meet their goals if uniform standards don’t support them.
Firms should clarify how different are the needs of various operating units. A firm might have a core standard that is tweaked by different operating units to account for variations. But if there is significant diversity, then expecting that a core standard can be tweaked might not be realistic. One test of the applicability of a universal standard is assessing whether the differences are of degree (variation) or of kind (diversity).
Governance frameworks can be flexible or inflexible, and simple or complex. These factors work together to determine how uniform or diverse they are. The more flexible a complex framework, the more diversity it will have. The more inflexible a complex framework, the more uniform it will be.
The conundrum is that different possibilities are useful in various situations. Organizations don’t want to trade away the benefits of one possibility when pursuing another. So how can they balance these different possibilities? By enabling interoperability.
Interoperability is a concept as vast and rich as governance. It is simply the extent to which things inter-operate: that they are connected in a common system. Interoperability allows integration. How interoperability is accomplished can vary widely. Sometimes uniformity is used, sometimes complexity is involved. Some systems are connected loosely, allowing flexibility, while others are tightly coupled. Interoperability embraces a range of styles that can accommodate different values.
John Palfrey and Urs Gasser at Harvard note in their book Interop that interoperability happens at different layers:
- Human and institutional layer: allowing humans to work together, such as having shared norms and terminology, and procedures for person-to-person coordination
- Tech layer: ensuring technological compatibility
- Data layer: enabling the flow of data
They also distinguish two kinds of orientation:
- Vertical interoperability: the extent that different elements rely on others, and support others, so that high level processes can be built from lower level ones
- Horizontal interoperability: the extent that different elements can be substituted, and swapped, while maintaining overall cohesion in a system.
Interoperability is like an ecosystem with many variables and possible arrangements. What needs to be harmonized, and how best to accomplish that? How best to balance freedom of action, and group benefits? Palfrey and Gasser note “network effects” can arise from the use of a single standard. The more people who use Facebook, the most useful Facebook is to users. We can imagine a similar network effect in digital governance, where the more employees who embrace a common set of KPIs, the more valuable those KPIs are for making cross-comparisons. But not all interoperability needs to be hardwired. Interoperability can allow diversity, and still let things work together. Palfrey and Gasser cite the example of APIs, which provide a promise to deliver something, but not a commitment on how to do it. APIs are used to swap out old systems, and replace them with new ones that offer the same outputs. An outcome centric definition can be more flexible.
Palfrey and Gasser argue that simple decisions can be imposed from above easily and effectively. Complex decisions are better developed from below. For example, to bring governance to the shade of pink used in corporate branding, it would be more effective to issue an edict from the top saying what Pantone shade to use. But if the issue was how long to retain online user comments, then a low level study might produce a better solution, so that the needs of the social media team and those of the product support team could both be vetted.
When looking at how different dimensions of governance might fit together, we need to ask how reliable are the governance standards? Interlinking parts can have cross-dependencies, and be fragile as a result — if one thing fails, other dependent things fail as well. Governance must be adaptable.
Frozen Frameworks and Adaptability
A governance framework is a means, not an end. Lisa Welchman notes: “Defining a digital governance framework is relatively simple compared with implementing it.” Palfrey and Gasser agree: “Establishing interoperability is just the first stage. Maintaining interoperability is another challenge. Increasingly, we observe cases in which established interoperability unexpectedly breaks down.”
The notion that a governance framework can fail suggests two possibilities. First, part of the framework might have been designed improperly, because it reflected faulty assumptions. Second, the framework becomes out of synch with a changed reality. In both cases, the framework is missing important feedback to check that it is functioning appropriately.
Once again, a preoccupation with compliance can divert attention from the broader issue of effectiveness. Standards are meant to be anchoring, but they can militate against changes that may be necessary. Some standards can evolve, and enjoy a long robust lifespan as the dominant practice. But other standards must be jettisoned and replaced when they fail to deliver the value available from alternatives. A governance framework needs to include mechanisms that allow organizations to pivot when fundamental changes are needed.
To avoid an over focus on compliance, people executing the framework should understand not just what to do, but why it is being done. Lisa Welchman notes that standards need to have a documented rationale. A rationale is important when a standard is created, and remains important as the standard is used. People implementing the standard need to know what the rationale of a standard is, so they can know if the rationale may have changed.
Change can come from anywhere; frameworks will always need changing. Some changes will be internal. A corporate re-organization might shift reporting and responsibilities. A rebranding could necessitate a revision of various standards such as visual and writing style. A shift in corporate strategy and priorities might change what outcomes are measured, and the basis on which routine decisions about content are made. Sometimes firms even change their core business model, or radically refocus their target market.
External changes that impact governance are numerous. Regulatory requirements are always subject to change, touching on policies and practices relating to privacy, pricing disclosures, terms and conditions of sales, and stipulations concerning truth in lending or health claims. Tech standards and norms are in constant flux, and these ultimately impact all stakeholders regardless of their direct responsibilities for technology. Procedures reflect the underlying technology implemented. The flux comes from either rapid, sometimes discontinuous improvements in an approach, or else the sudden emergence of a new alternative with much better performance. Examples of technology practices in flux include SEO practices, web analytics implementations, customer experience customization and personalization approaches, and web security best practices. Sometimes these changes aren’t immediately obvious. Older approaches don’t suddenly disappear, but simply loose momentum as alternatives gain traction. When people feel they have a choice over what practices to use, they often have little loyalty to what they use currently, and are willing to embrace something new that promises more.
Technology risks can involve many factors. By relying on externally provided standards, frameworks, and processes, firms are dependent on outside parties, and so doing, have delegated decisions to others who control their fate. These outside parties may be vendors, standards committees composed of rival firms, or a vague consensus of the state of best practice — a highly unstable benchmark. Outsiders may offer something that’s popular, but not the best long-term solution. The external solution may be lagging in innovation, or in usability. Vendors can be locked-in to their own solutions, and may fail or be slow to adopt new approaches that deviate from their core product. Committees are notoriously slow to reach consensus, especially when fundamental changes are involved. New alternative standards and technical approaches might gain acceptance in the market. Capitalizing on more attractive alternatives can entail switching costs such as training and tooling. Firms that have the easiest time adopting new approaches are frequently the ones that aren’t using another approach already.
Given the scope of change possible, is it better to manage change from the top-down, or bottom-up? The answer depends on the maturity of the organization’s governance framework, and how unique and forward-looking the organization sees itself.
Lisa Welchman cites the example of the US Social Security Administration, which has a centralized governance framework that enabled it to execute changes globally. Government organizations are oriented more to top-down direction, and are often late adopters of popular practices rather than pioneers of new practices. But centralization can hinder change as well.
As an organization’s governance matures, it may make sense to devolve responsibilities, and move to a more federated structure. Top-down change can mandate wide implementation, but it will often be reactive to major problems, instead of responsive to emerging requirements. By the time a central committee gets involved with assessing and deciding on the need for change, the magnitude of the issue could be severe.
Palfrey and Gasser note that future-proofing is difficult to accomplish when the authority to fix the problem is detached from the consequences of the problem. They cite a common incentive problem where no one wants to spend money now on problems that may arise in the future. Unless everyone in an organization is starting to feel the impact of change equally, there may be a tendency for a centralized decision making apparatus to defer making across-the-board changes.
Palfrey and Gasser advocate diversity in practices to foster innovation. “Diversity among systems that work together but are not necessarily the same can ensure innovation continues along multiple fronts. Diversity within systems can help prevent lock-in over time.” In such a framework, parties that are adversely impacted by existing standards are free to experiment with new ones, to develop more effective standards and policies that can address changing needs. There new approach needs to work together with the wider suite of approaches in the framework, but does not need to be identical to what others are doing. For example, if one division decided they needed more detailed content analytics, they could collect these, provided they still collected analytics on the core attributes that are used throughout the organization. Other divisions could then learn from the experience of the more detailed analytics, and decide to implement tracking some or all of these additional attributes.
No matter the degree of centralization used, governance frameworks can benefit by using scenario planning to explore what could go wrong that would upset existing governance. What pillars in the framework might be shaky? What might break is something stopped working, or needed to be replaced? What pillars in the framework could create bottlenecks if they became less efficient over time? How might existing policies and standards hinder adaptation, perhaps because they are so embedded in other activities they are difficult to modify? The goal is to map the interdependencies, and consider possibilities that component practices need change or are overtaken by events.
Stress Testing Reliability
How does one create a reliable governance framework in an unreliable world? The best way is to have some precepts and questions to evaluate the policies, standards and procedures used in a governance framework.
There is no simple solution for ensuring governance is effective and remains so. But here are a dozen ideas to consider:
- Define minimum standards to satisfy rather than mandatory ones to comply with
- Emphasize the outcome that needs to be achieved, rather than the means to achieve it
- Distinguish what needs coordination from what needs standardization
- Balance efficiency and flexibility — too much of either can be suboptimal
- Prioritize uniform standards for areas that have uniform needs, but use caution when considering uniform solutions that could directly impact content relating to diverse and distinct product or audience segments
- Identify areas for continuous improvement, to avoid trying to lock down a solution before fully understanding needs
- Don’t hard-wire standards into automated procedures when the standards might need to change quickly, and making such a change would involve extensive systems rework
- Periodically cross-check your assumptions about the future with outside advisors
- Where appropriate, give units the flexibility to translate a directive into procedures that match its unique operating circumstances
- Set an expectation that procedures will undergo continual refinement
- Consider ways to allow horizontal interoperability (substitution of standards or procedures) to support flexibility and innovation
- Embrace an agile mindset
The challenge of knowing what’s best never goes away. Organizations will continually need to adjust their governance to accommodate both internal and external factors. The assumptions underpinning governance frameworks are often less stable than they appear when they are decided. That may seem unsatisfactory, but it’s entirely consistent with other dimensions of business, where agility is paramount, and pivoting is often required.
Despite the sometimes open-ended nature of digital governance, it’s important to take action, and not be paralyzed by the unknowns. Reliable governance requires constant renewal. Governance can seem like a messy process, but the alternative of doing nothing is even messier.
— Michael Andrews