Graham Oakes CEng FBCS gives nine steps to good decision-making in information governance.

Organisations fail to manage information for a variety of reasons - insufficient resources, unclear objectives, inconsistent processes and so on. Many of these reasons stem from one root cause: people make conflicting decisions about what to prioritise, which standards to apply and which tools to use. These decisions create duplication and rework, divert resources from the most important issues and reduce the quality of outputs. Resolving these conflicts is the realm of governance.

Good governance defines a clear decision-making process. It defines roles and responsibilities up front. This then allows people to focus on understanding the issues and identifying good solutions. Without such focus, they spend time arguing about decision rights, detracting attention from the decision itself. At worst, decision-making degenerates into politicking and indecision.

Here are nine factors to consider when establishing governance structures.

1. Remember governance is political

Governance addresses concerns such as:

  • Who is empowered to make which decision?
  • What process must they use to make those decisions?
  • Who must they consult as they make decisions?
  • How will you monitor the effectiveness of these decisions?

These are political questions. To address them, you need to think about how power is exercised within your organisation. Some people have power because they manage key resources; some have power through their rank; some because of their expertise. For each decision, ensure that the appropriate mix of power is brought to bear, both to make the decision and to make it stick.

2. Separate governance from management

Governance and management are distinct. Governance identifies who is responsible for making decisions and what process they use to make legitimate decisions. Management is about actually making the decisions - gathering information, balancing trade-offs, etc. If governance encroaches too heavily on management, it risks:

  • Losing sight of overall priorities;
  • Encroaching on people’s professional judgement;
  • Making decisions without adequate understanding of operational context.

Governance sets the boundaries and principles within which people operate. If it tries to replace their skills and judgement, it will probably fail.

3. Engage stakeholders at all levels

Many decisions affect information management - setting priorities, defining information types, creating metadata schema, defining design guidelines and so on. To define a framework that coordinates these decisions, you must identify the relevant stakeholders, understand their perspectives, and gain their buy in. To do this, consider questions such as:

  • Which executives make decisions affecting information management?
  • Where does information influence the actions of frontline staff?
  • How does information management affect different organisational units?
  • Which people are involved in the life cycle of different information types?
  • Which external organisations influence the way you manage information?

4. Establish clear roles and responsibilities

Once you understand the stakeholders, you can map out their accountabilities and decision rights. RACI models can be invaluable here. These provide a simple way to identify who is:

  • Responsible for a decision, undertaking the actions necessary to make it.
  • Accountable for a decision, approving it and being held to account for its results.
  • Consulted about the decision during the decision-making process.
  • Informed about the decision once it has been made.

5. Establish oversight bodies

The bread-and-butter of information governance is about defining and enforcing policies, standards and guidelines. You probably need to establish bodies to oversee this work. Consider:

  • Who defines policies and standards?
  • Who approves them?
  • Who enforces them?
  • Who implements them? i.e., who uses which standards in their day-to-day work?

There is no one-size-fits-all way to allocate these responsibilities. The structure appropriate to your organisation will depend on factors such as size, culture, and regulatory environment.

A key consideration, however, is likely to be the trade-off between central and devolved oversight. Central oversight makes it easier to apply standards in a consistent way. It may also allow you to optimise utilisation of specialist skills. On the other hand, devolved oversight means that decisions are made closer to the point of creation and use of information, where local circumstances are better understood. It can also build a greater sense of ownership.

6. Focus on what’s important

People make hundreds of decisions every day. Let them. There’s a word for governance that focuses on the minutiae while losing sight of the bigger picture: bureaucracy. Effective governance pays most attention to the small set of decisions that has a big impact on overall performance.

7. Attend to details

Although the big picture is crucial, it’s also true that ‘the devil is in the details’. Good governance separates overall vision and strategy from details of policy and execution. It ensures there is clear ownership of all elements.

8. Address conflict

Conflict is a natural state within organisations. People have differing goals. Resources are constrained. Different perspectives lead naturally to different opinions. Don’t ignore this conflict - it will eventually surface. Identify where conflicts may arise and map out mechanisms to address them. How will priorities be defined? Who has the authority to decide? What are the bounds to the trade-offs they can make?

9. Build in feedback

You won’t get everything right. Even if you do, your organisation will evolve. Create feedback loops so you can learn from experience and improve over time.

Feedback happens at two levels. First, about individual decisions - how will you know whether they were correct, or if they need to be adjusted? Second, about the decision-making process - how will you know if it’s operating effectively? How might it be improved?


Well-defined governance ensures we know:

  • Which decisions have greatest impact on our objectives;
  • Who to involve in making these decisions;
  • What decision-making process to use;
  • How to track outcomes.

This increases the likelihood that we’ll make good decisions.

Organisations that avoid discussing governance ultimately spend a lot of time on it, addressing it afresh for each decision as they argue about roles and accountabilities and due process. They end up with little energy for the decision itself. The result is poor decisions.

This article is based on Graham's full report 'Information Governance: Enabling good decision making in complex organisations'.

Graham Oakes’ book, Project Reviews, Assurance and Governance, is published by Gower.