SharePoint Governance has always been about: Managing Risk
SharePoint Governance has always been about MANAGING RISK! After talking to many companies – around the world – about governance, it still surprises me how hard it is for us to get to a point, where we have a common understanding of what SharePoint Governance is really all about. Therefore I am putting together a new set of articles pre-titled:
“SharePoint Governance has always been about…”
A continuing lack of common understanding of what governance is all about, is what is making most governance implementations of SharePoint fail. This article talk about the aspect of Risk in SharePoint Governance.
Risk is at the very heart of governance. If you don’t have any risk, you don’t need governance. It’s that simple. I read a recent article on CMS Wire stating that adding Risk to the SharePoint governance equation is something quite new. I don’t entirely agree with that point for several reasons. First of all because – as stated – governance is all about managing risk and there is really no other way to look at it. And also because I have been working with the companies implementing SharePoint Governance Framework for many years now, and it have had the notion of risk built-in right from the beginning. On the other and; a lot of companies have no way to attach risk to governance policies and controls, and therefore can not react accordingly, when something goes wrong.
It’s really quite straight forward. The value of an it system comes from one or more of the following:
– New ability to be productive
– The limitation of cost
– The limitation of risk
What I find interesting about Risk is that with SharePoint, implementing good governance practices is becoming more and more about managing the risk of using SharePoint technology to exploit the other two value-propositions.
There are quite a few risks to manage with SharePoint and the application of SharePoint technology to any new process will introduce new risks. This is not something that is special for SharePoint but is shared by any kind of technology implementation.
Ty to ask your self these questions. What is the risk to the business;
– if the system does not deliver the expected productivity gain?
– if the system does not deliver the expected cost reduction?
– if the system is unstable and goes down (the data becomes inaccessible)?
– if the data in the system becomes accessible for users that was not intended to see these data?
When we are implementing good governance practices, these are the concerns we have. They are real risks that must be managed proactively across the lifetime of the SharePoint platform or service.
In the application of a methodology to run governance, you will eventually have to get into more details. As a part of a governance practice, you define rules (policies) and apply them to the daily use of SharePoint (including apps and information stored in SharePoint). What are the risk to the business, if these rules are not controlled – meaning that you are not compliant with you own rules and don’t even know it? Compliance is a big word in governance – and you should be aiming to maintain a complete set of relevant rules/policies and a practice that ensures that you are always compliant with them.
In the cases that you are not compliant – and there will be cases like that – you need to understand what kind of risk that exposes to your business, to be able to solve the issues in the most efficient way. It’s #SharePoint for business