Governance isn’t a framework. It’s who gets to say no. So let’s start talking about who should.
Let’s start with a confession: Every time someone says, “We need a governance framework,” what they really mean is, “We need to decide who gets to say no.” Governance has become the corporate equivalent of that “family meeting” nobody wants to attend. Everyone shows up, some with their agendas, others with survival snacks, and all pretending it’s about what’s best for everyone. But deep down, we know: this isn’t about frameworks. It’s about power.
Governance Theater: You Know This Scene
You walk into a strategy session. A business unit wants to launch a new app. They bring energy, data, and a compelling user need. Then IT walks in with their binder of frameworks. Security chimes in about risk. Architecture raises a hand: “Is it aligned with the target state?” The app gets shelved for another quarter. Or indefinitely. No one says it out loud, but everyone feels it: the app didn’t fail governance. It failed politics disguised as governance.
Frameworks Are Not the Problem. But…
Let’s be clear—frameworks are valuable. COBIT, ITIL, NIST, ISO, you name it—these are just tools. But tools don’t wield themselves. The problem starts when we mistake the tool for the strategy. Or worse, for virtue. Frameworks become shields. Not in a protective sense, but in a gladiatorial one: pick your framework, then go to battle in the name of “governance.” It doesn’t have to be this way.
Governance Is Just a Fancy Word for Who’s in Charge
We don’t like to say it, but it’s true. Governance is about:
- Who controls the budget?
- Who defines risk?
- Who gets blamed when it breaks?
Governance, in most organizations, isn’t a process. It’s a turf war with a PowerPoint deck.
The Real Currency of Governance: Trust and Accountability
Imagine if we stripped away the frameworks, committees, and review boards. What would be left? Two things:
- Trust
- Accountability
That’s it.
- Trust that your architects won’t let technical debt sink the ship.
- Trust that your security team isn’t fear-mongering, but genuinely managing risk.
- Trust that business leaders won’t ignore controls in the name of speed.
And accountability if they do. But trust can’t be mandated. And accountability can’t be a witch hunt.
How Did We Get Here?
Let’s be generous. IT governance frameworks were created to bring structure and predictability to a messy, rapidly evolving world. We needed consistency. We needed controls. But somewhere along the line, structure became rigidity. Predictability became stagnation. Governance became synonymous with “no.” The intent was noble. The execution? Often weaponized.
What If We Reimagined Governance as Empowerment?
What if governance wasn’t about control, but about clarity? Not gatekeeping, but guardrails. Not slowing down, but steering well. Here’s a wild idea: Let’s stop asking, “Is this compliant with the framework?” and start asking, “Does this help us make a better decision?” Let’s build governance that:
- Makes decision rights explicit
- Embeds principles, not checklists
- Assumes competence, not malice
- Measures outcomes, not processes
The Startup Paradox
Startups don’t have governance frameworks. But they govern all the time:
- Who makes product calls?
- Who decides if you pivot?
- Who owns customer data?
The difference? The lines are clear. The teams are small. And the power struggles are face-to-face, not masked behind steering committees and RACI charts. In large enterprises, we need formal governance. But formality doesn’t have to mean bureaucracy.
The Invisible Hand of Influence
Here’s the uncomfortable truth: The most effective governance doesn’t come from policies. It comes from influence. That respected architect who can frame a problem so clearly everyone nods in agreement? Governance. That security lead who brings up risk without making people defensive? Governance. That CIO who empowers teams to make decisions and own them? Definitely governance. Not a framework in sight.
Kill the Framework?
No. But put it in its place. Frameworks should support decisions, not dictate them. They should guide, not govern. We don’t need more frameworks. We need more:
- Honest conversations about power
- Clear ownership of decisions
- Transparent trade-offs
- Leadership with a spine
Real Talk: Why This Matters Now
The pace of business is only accelerating. If your governance model slows down decisions, people will work around it. Shadow IT? Citizen developers? AI sprawl? They’re not the problem. They’re the symptom of governance that doesn’t serve.
So What Do We Do?
Let’s shift from framework-first to principle-first governance. Ask:
- What are our non-negotiables?
- Who has the authority to say yes?
- How do we escalate disagreement without escalation theater?
- How do we share accountability without blame games?
Build governance like you’d build trust: one clear, honest, empowering interaction at a time.
Your Turn
- What’s the worst governance turf war you’ve witnessed?
- What’s the one governance rule you’d burn first?
- If you could design governance from scratch, what would you keep?
What’s one small shift you’ve made that actually helped governance work?
- A conversation you reframed?
- A boundary you clarified?
- A risk you redefined so it didn’t kill momentum?
🧐 Your practical wisdom might be the breakthrough someone else needs.
💥 Your misstep might be their red flag.
🛠️ Your tiny tweak might inspire a massive rethink.
👇 Drop it in the comments.
This isn’t a best practice exchange—it’s the backchannel for real talk. The governance underground awaits.