Goal: Say “governance” and actually mean something
Pick your vibe: boardroom snack or full meal.
30-second version

IT Governance = how we make tech decisions on purpose, not vibes.

One-liner

Governance is who decides, what gets built, what’s allowed, and who owns the risk for technology across the org.

Punchy one-liners
  • Definition
    If nobody knows who decides, you don’t have governance – you have a group chat.
  • Purpose
    Governance is how tech work lines up with business goals without burning people out or breaking laws.
  • Guardrails
    Good governance says “yes, like this” more than it says “no”.
  • Risk
    If risk has no named owner, the risk secretly belongs to IT.
  • Value
    “We shipped it” is delivery. Governance cares if it actually changed anything.
Cheat codes
Ask this: “Who gets to say yes/no/not now on this tech decision?”
Sanity check: If starting this project doesn’t force any trade-offs, someone’s lying.
Red flag: “The business” owns it. (That usually means nobody does.)
Governance win: We changed scope, timing, or funding because the rules said so – and everyone saw it.

Use this side in exec rooms when attention is low and buzzwords are high. Flip to Deep Dive when someone says “ok, how would this actually work here?”

Reality Check

“We need better IT governance.”
Ok cool, what does that actually mean?

Working Definition

IT Governance is how we decide, prioritize, and own the risk around technology so that IT work lines up with business goals on purpose, not by accident.

Who decides
What gets built
What’s allowed
Who owns the risk
What people say (vibes only)
  • “We’ll stand up a governance committee.”
  • “We need more oversight.”
  • “Let’s add another approval step.”
What it really is (receipts)
  • Clear decision rights (who decides what).
  • Agreed priorities and funding rules.
  • Non-negotiable standards & controls.
  • Named owners for risk & outcomes.
Core Pillars

If your “governance program” doesn’t touch these, it’s probably just theatre.

Decision Rights Who can say “yes / no / not now” for tech changes and spend?
Prioritization & Demand How do ideas become funded work? What gets dropped when we’re full?
Standards & Guardrails What’s the approved way to build, deploy, secure, and integrate?
Risk & Compliance How do we handle security, privacy, and regulatory “must-do” items?
Architecture & Data How do we avoid random tech sprawl and duplicate data chaos?
Value & Outcomes How do we know this project actually helped the business?
One-line test
If you can’t answer who decides, based on what, and what happens next… you don’t have governance, you have vibes.
Spot the Difference
01 · Decision Rights

Who actually owns the call?

Governance makes it painfully clear who gets to say: “yes”, “no”, or “not yet” on tech things that matter.

  • Who can approve a new system or major change?
  • Who can accept security or downtime risk?
  • Who can stop a project if it drifts?
02 · Demand & Portfolio

How ideas become funded work

Governance turns random requests into a visible pipeline:

  • Single place to submit and view requests.
  • Shared criteria: risk, value, effort, dependencies.
  • “If we start this, what slips or stops?” is answered.
03 · Standards & Guardrails

Freedom inside the fence

Governance is not “no fun allowed.” It’s:

  • Clear patterns for infra, security, and data.
  • Reusable templates, pipelines, and controls.
  • “If you build inside the guardrails, we move fast.”
04 · Anti-Patterns

“Governance Theatre” checklist

  • Endless steering committees with no authority.
  • Slide decks about “alignment” but no hard choices.
  • Rules written once, never updated, never enforced.
  • Everything is a “special exception.”
05 · Quick Gut Check

Are we actually governing?

We can name the people who own key decisions (not “the business”).
We have a visible queue of work, not just inbox chaos.
We have 3–5 non-negotiable standards everyone actually uses.
For major changes, we know who owns the risk and can prove they signed off.
We can show at least 2 projects where governance changed the plan.
06 · 30-Second Script

When someone says “we need governance”

Try this:

“Cool. When you say ‘governance’, are we talking about who gets to decide, how we prioritize work, what standards we build on, or who owns the risk? If we can’t answer those, it’s just another meeting.”