Governance is a broad term. It derives different meanings depending on the situation and the type of industry you are lurking into. The word government takes its origin from governance, and typically governance is the powerhouse where decisions are taken. It houses the brains behind the organization that takes expectations of all stakeholders, translates them into management controls that draws the boundary for resource management, and verifies the performance of delivery from time to time. Resource management refers to managing investment capital, infrastructure, software and people.
Governance signifies leadership, oversight and consistent management in organizations. The decisions made at the governance body is looked upon as an axiom that’s followed (rather) blindly rather than seeking second opinion. With this context, conflicts arising out of company rules, strategy and tactics are minimal if not nil.
Governance in organizations is typically conducted at the company board level. From time to time, several decisions are taken at the board level, and these decisions getting trickled down to the rest of the organization after translating into commandments, and placing them in a container called as the policy document. The document contains the objective that the company wants to achieve, defines the target audience who would directly and indirectly be affected by the decision and the policy statements that defines the boundary, rules of the game and the strategy. The policy document acts as a guiding beacon for the strategic decisions to be converted to tactical and operational activities. Additionally, policies bring in the much needed standardization for setting the tone for processes and procedures to follow suit.
To state a classic example, every organization will have a documented information security policy. This policy basically states the boundaries of confidentiality, integrity and availability which are the pillars of information security. It further lets employees know the dos and don’ts of computing device usage, email handling, password strengths, steps to be taken while disposing desktops and laptops, and rules governing internet usage. This policy document tells gives you insight on a number of aspects, from a what to do perspective but does not address the how to do part of it. The how to is addressed by the process document which throws light on the means of getting to the objective rather than defining it.