As the adoption of enterprise content management systems increases in the enterprise, so does the need for effective governance of ECM technology and processes. IT governance in general is no small topic, and it almost always requires more effort than one would want. When it comes to ECM, proper governance is more than a method of control: It’s a way to ensure that the expected benefits of building and deploying a system are realized – and without it, failure is inevitable.
According to the IT Governance Institute, governance consists of leadership as well as organizational structures and processes designed to ensure that an organization’s IT systems can help sustain and extend corporate strategies and objectives. That is the tactical and strategic value of successful governance, but what about the human element?
The institute’s definition, while still valid, was created with IT only in mind. However, in the age of apps and the cloud, end users are king. Governance efforts without their involvement are destined to be unsuccessful. In the world of ECM governance in particular, there must be a tight marriage between the governance process and users. Thus the definition of governance is evolving into a more collaboration-oriented one that takes sole responsibility out of the hands of IT. Nearsighted IT departments may be leery of that, but in the end, the collaborative approach is mutually beneficial.
When an organization implements governance processes as part of an ECM strategy, it is – or should be – making a conscious effort to do each of the following:
- Ensure that ECM investments generate business value.
- Mitigate the risks associated with the deployment of ECM software.
- Get business users to use the technology, and to use it properly.
ECM governance comes in two categories: platform governance and application governance. Platform governance is where IT is used to living. It involves governance of the system infrastructure, security provisions and other technical aspects of an ECM deployment. In most organizations, platform governance could be handled 100% by the IT and security staffs. However, when managed exclusive of application governance, common problems often pop up – for example, ostracized users, uncontrolled content growth and questions of who’s in charge.
The user side of governing enterprise content management systems
Application governance can’t be implemented without the participation of knowledge workers. It involves applying governance policies to specific content management issues and processes, and it must be addressed throughout the different phases of an ECM system deployment.
During the planning and requirements gathering stage, application governance requires gaining an understanding of the content that will be managed within the ECM system, how users interact with the content, potential content management improvements and regulatory compliance issues. During implementation, it includes deciding what ECM features will be used, how they will be used and who can use them. And during the deployment and adoption phase, it includes creating and specifying policies for proper use of the ECM system as well as methods of engaging and training users and metrics for validating and auditing system usage.
In the past, application governance often was overlooked or approached with a “let them at it” mentality. Meanwhile, platform governance was used by many IT departments as a wall between the business use case and the process of standing up and managing servers, ultimately creating a wall between IT and end users.
Now that wall must be torn down. The differences between information architecture and software architecture, and between user rights and compliance, have been blurred. The ability for a user to create a folder and the question of whether a user can grant ad hoc security rights to a document are examples of the two forms of governance overlapping in ECM. Such questions could be considered matters of either platform or application governance, as they involve both security and content organization issues.
The bottom line is that both types of governance are required components of ECM deployments. However, the majority of the available time should be spent on application governance: Poor application governance is the cancer of ECM project success.
Pulling together IT and knowledge workers as part of an ECM governance program does add a political dimension to the process. But while the initial involvement of business users can be slow, complicated and painful, the long-term effect typically is better adoption of ECM systems and adherence to governance policies – and, in the end, greater praise for IT.
Recognizing the variables of ECM systems governance
But there’s more to ECM governance success than involving end users and paying attention to application governance. Unfortunately, the perception often is that governance is a one-size-fits-all endeavor. While sample governance plans abound, cookie-cutter governance ignores the highly variable aspects associated with user requirements and how the knowledge workers within a particular organization will use the ECM technology.
An ECM governance framework shouldn’t be built in a vacuum. The first step for any organization taking on the governance challenge is to set up an ECM governance committee – often formed and directed by IT but involving key personnel from each department or business unit. This group should be the organization’s champion for using the ECM system correctly, and it should also serve to alleviate some of the governance workload from IT. In addition, it can function as an internal mechanism for crowdsourcing governance best practices.
Ideally, governance starts with the initiation of an ECM project, and it should be treated very much like project management, where the risks, costs and usefulness of a system are primary concerns. There is a spectrum of how deep organizations are willing to dive into governance, from the basic concept of “don’t do something you shouldn’t do” to developing a prescribed, wizard-driven system that forces users to do the right thing. The latter ensures the highest level of control over content, but it often frustrates users and threatens adoption. The former gives users the most amount of autonomy, which is great for adoption but can be bad for content quality. Most organizations end up somewhere in between.
ECM governance shouldn’t be viewed as a one-time plan that is published and never referenced or updated thereafter; it should be treated as an evolving framework. The governance process, while often filled with pain and frustration, can’t stop. Sound governance is a mandatory part of any ECM deployment and often the determining factor in the success or failure of ECM systems.
About the author:
Chris Riley is the founder of LivingAnalytics Inc. and senior ECM and document capture architect at ShareSquared Inc., a consulting firm in Pasadena, Calif. Riley has more than 12 years of experience in the ECM and document-recognition technology fields, and he holds AIIM’s ECM Practitioner and Information Organization & Access Practitioner certifications.