Real-World SharePoint Governance

Real-World SharePoint Governance

Lessons from the real world

At the Microsoft SharePoint 2011 conference in Anaheim, California, I spoke with people regarding governance. What is governance? Why is it needed? Why is it so difficult to get right? I bounced ideas off consultants and after some discussion, confirmed what I believe SharePoint governance is, why large companies desperately need it, and why such companies have such a difficult time implementing it.

Some of you might know that you have a problem with governance; others of you might not. To determine whether you have a governance problem, ask stakeholders these questions:

  • Do you get fair representation in governance-related decisions?
  • Can you articulate the purpose and value of a governance program?
  • Does SharePoint provide the content and features that different user groups expect and need?
  • Do users complain about poor experiences (e.g., slow, lack of usable content and features) using SharePoint?
  • Do you experience excessive operational costs, incidents, and outages?
  • Are conflicts between silos of operation degrading teamwork and prompting resistance to SharePoint?
  • Do you have compliance and eDiscovery issues with site data?
  • Do you experience inconsistent messaging and understanding of the SharePoint Service offering?
  • Are you slow to plan and execute SharePoint because of disagreements regarding priority?
  • Do people avoid getting involved with SharePoint?

In this article, I'll provide a practical approach to developing and implementing a company governance plan that can address these concerns. I'll present a real-life scenario that can describe many organizations that use SharePoint farms.

Case Study: Before

I'll use this scenario to guide you through the development and implementation of key governance aspects. I've changed the name and industry of the subject of this case study to protect its privacy.

Company. ACME Widgets Manufacturing Company is a large organization with offices and data centers in the Americas, Europe, and the Asia Pacific region. Three major SharePoint farms in the three regions are heavily utilized by a majority of the company's users. Each department has sites for departmental presence, employee onboarding, and success planning, to name a few. Search is used heavily to find documents related to product development, product marketing material, manufacturing plans, and employee safety guidelines in the manufacturing plants. My Sites are also used to help employees create work places specific to their job needs. External collaboration sites are set up for third parties such as those that provide product design and testing services and for customers, for ordering and feedback.

Existing SharePoint environment. ACME has used Microsoft Visual Studio (VS) to customize SharePoint. There are hundreds of custom Web Parts and other changes, such as master pages, Cascading Style Sheets (CSS), and images. Third-party add-ons provide content services, replication and backup services, monitoring, reporting, and so on. Most of the development was done by contractors who have since gone, there is little documentation or expertise, and little code was tested properly. Poor performance and outages are common because of this lack of testing.

Current user experience. The main user groups are globally distributed business units. The manager of each business unit has a few key staff that provide administration for site collections and sites. These staff members are not formally trained but do their best, considering that SharePoint administration isn't their full-time job; most volunteered or were assigned by the manager to do the work. In some countries, records managers exist because of compliance requirements. In some cases, electronic document and records management tools are integrated with the farms. User experience is a mixed bag, the quality and consistency of site and Web Part naming has declined, and metadata and content types aren't used properly (if at all). Also, business users make heavy use of SharePoint Designer and don't apply any of governance controls, such as quotas or recycle bin settings, because the business units won't approve them. Nor will they purchase third-party management tools because they don't understand the value.

IT department issues. The IT department provides basic support services such as Help desk, monitoring and reporting, backup, and patch management. The company uses several vendors for outsourcing of administration, troubleshooting, and management. No formal IT architects or records managers exist. Little to no development and infrastructure skills exist in IT since vendors provide the services. Finally, IT can't predict capacity requirements because of a lack of resources, important system information, and skill set.

Components of Governance

Now that you understand the scenario, let's take a moment to cover governance from a holistic point of view and break it down into digestible pieces. First, it's important to understand that governance is about the organization: namely people, policy, process, and tools. Let's discuss each of these key components in more detail.

  • Organization: the people at the core of your governance plan. Without active stakeholder involvement, you won't be able to execute a plan. You won't get visibility of the issues or decisions, and you won't get stakeholders' agreement to act. You will have constant infighting and operation silos that will result in operational inefficiencies.
  • Policy: the mechanism for forming the basis of guidance; the rules, as some might say. Policy can be categorized into three types: company, which deals with basic employee and management adherence to rules and training requirements; country, which deals with freedom of information laws; and industry, which deals with consumer protection, financial reporting, and the Sarbanes-Oxley (SOX) Act.
  • Process: the documented procedures that people follow to carry out key tasks and activities. For example, how are governance decisions made? Which criteria are used? How are decisions communicated?
  • Tools: the tools that are used to communicate governance issues, actions, and decisions. Tools also enable you to monitor SharePoint and user activity and compliance. In addition, monitoring reports can help to prove that the system is meeting service level agreements (SLAs). Also, the reports provide visibility into content within the sites, helping management to confirm that users are following information management policy such as applying quotas, not uploading music and videos for personal use, and properly using metadata. Tools are also used for communicating governance-related information such as activities, decisions, and issues.

Figure 1 depicts these components. Table 1 shows the basic steps, activities, and outcomes for designing and implementing your governance solution.

Figure 1: Governance model components
Figure 1: Governance model components 

 

Case Study: After

Now, back to our case study. What can you expect after you implement your governance program? Let's take a look at the expectations and effects of the governance plan, based on ACME's experience.

Company. When your governance plan is in place and you've had a few meetings with all the stakeholders, expect to have a new, improved, and deeper understanding of the value and importance of SharePoint to the organization. Why? People now have a forum to communicate their expectations and grievances.

By opening direct lines of communication with the business units, architectures, project management office, and purchasing, expect to hear new feedback (good and bad). You can use this feedback to market the solution proactively within the company and drive adoption. You can also use it to scope any risks or gaps as potential projects for which you can deliver improvements or fixes, helping to build credibility through visible wins.

All participants should also expect to invest a few days each month towards governance (i.e., attend meetings and review issues, actions, and decisions). Finally, expect improved teamwork and less conflict thanks to transparency and better understanding.

SharePoint environment. Expect less coding and improved quality of service thanks to the more rigorous management controls that governance implements, such as change management, communications, and evaluation of key environmental changes and requirements that facilitate the expected quality of service.

Specifically, governance creates a shared forum for the technical and business stakeholder to review changes, especially those that are complex and have long-term impacts such as customizations. The louder, more dominate voices often get the say, but with a balanced representation of stakeholders, all have a greater chance of being heard -- especially the IT administration teams. After the business has reviewed the support costs incurred from bad code and other poorly thought out changes, governance will mandate proper assessment of customizations, especially those that could be risky (e.g., costly to support, outage causing) to SharePoint.

By having access to all the stakeholders, architects and administrators can share their assessments and views, which otherwise would not be heard. Business users will now hear first-hand how poorly designed and implemented customizations led to reliability, cost, and performance issues. Architectural assessments will be provided to the governance team, with cost benefit assessments that explain the potential ongoing management issues and proposed changes.

When the business users understand the full cost (i.e., build, cost of ownership, service risk, impacts to upgrades), they probably will be inclined to resist heavy customization and instead except a little less function at a fraction of the cost and risk.

Governance will also enforce proper change management, especially for customization that requires VS code. Code will be forced to go through proper quality assurance because the team will have access to more expertise and projects will include proper, mandatory testing. Incident support costs from venders will drop thanks to fewer problems with the platform and code. Governance will enforce proper end-user training so that users and administrators don't inadvertently compromise SharePoint (e.g., by using SharePoint Designer to manipulate large lists, thus causing SQL issues, or to modify sites, thus leading to upgrade issues).

With education programs in place, business users will now use SharePoint Designer carefully because they understand the impacts to the upgrade process and of working with large lists. Now that business users understand governance controls such as quotas, recycle bin settings will be implemented and will help with controlling storage growth, reporting, and large lists.

Current user experience. Expect improvement to information architecture and overall content after agreeing on an information architecture plan, publishing guidelines, training, and review process. Specifically, end users will have a voice on the governance committee.

Any usability issues will get more attention than when voiced only to a limited audience such as IT. When subject matter experts are used to write and review content, the user experience will improve because SharePoint's vocabulary will be closer to users' vocabulary. Also, site owners will now be aware of records management and will help facilitate compliance through records management practices and proper use of electronic document records management tools.

IT department solutions. With the governance program in place, open communication will occur when all parties begin trusting one another. IT will now have a stronger voice, whereas in the past it might not have been heard because of the dominance of the business stakeholders.

This open communication will facilitate transparency around issues and decisions, leading to more trust and understanding among all parties. As a result, expect to spend less time on fire-fighting and blame-pointing.

SharePoint will have an improved architecture when IT support and architects talk and share experiences in the governance forum. Also, skills issues will become more visible, training programs can be mandated and initiated, and venders will be asked to provide and or improve their skills and services.

Measuring Success

If you address these key components correctly, then you can expect the following benefits, which you can use as key indicators:

  • Improved user experience: Users can find what they want fast through browsing and searching. There are fewer Help desk calls to find information, more downloads, and more SharePoint users. Your reporting tools can provide this information. Also, you consider third-party usability assessments (before and after) to set a baseline and measure progress.
  • Reduced operational costs: Fewer support incidents are opened with Microsoft; fewer incidents are opened in general because of a reduction in infrastructure and code problems. Your incident management tools can provide this information along with reports from your venders (e.g., Microsoft Technical Account Manager).
  • Reduced or eliminated conflict and silos: Your governance meetings, management, and staff can provide this information.
  • Consistent messaging and understanding: The governance team and other key stakeholders understand the governance system and are satisfied with the outcomes.
  • Improved speed of execution: Less conflict and fear of SharePoint execution and better alignment facilitates faster execution. The project managers and tech leads can be a resource for this benefit.

Lessons Learned

I hope that this article provided you with a different approach to talking about governance for your SharePoint environment. When doing my research, I found that many businesses were focused on tools or focused on high-level IT governance, which don't necessarily map well to SharePoint. From a lessons-learned perspective, here are some key points to remember:

  • Senior sponsorship is crucial: IT-only governance will deliver only marginal results. You need business, architecture, project management office, and purchasing, and venders onboard.
  • Get all the key stakeholders actively involved: Include key business and IT influencers and decision makers that have a stake in SharePoint. Generally, look to people in business, architecture, project management office, purchasing, and venders.
  • Communicate often: Use the tools you have to communicate issues, decisions, reasoning, and so on. Use a SharePoint site and email. Transparency is key to building trust among the various stakeholders.
  • Keep an issues, action, and decision log: This helps with transparency, understanding, and trust-building. You're helping to bridge gaps in understanding and representation.
  • Patience and persistence: Remember, you are influencing company culture and this takes time. Be persistent and don't give up. Take time to reflect on progress and be patient.

Have feedback, ideas, or questions? Email me at [email protected]. And if you'd like to know more about governance, take a look at the resources listed here in the Learning Path.

Learning Path

Architecting SharePoint Governance, by Dan Holme

National Computing Centre: IT Governance

IT Governance, by Peter Weill

The Forgotten Half of Change, by Luc De Brabandere

Governance in SharePoint Server 2010

 

 

Table 1: Steps for Implementing Governance

Step

Activities and Description

Outcomes

Identify a senior sponsor.

This person is very senior, has a broad network in the organization, and must be able to align and have final decision as needed.

The senior sponsor's commitment is received.

Identify the key stakeholders.

Identify the key users and their departmental managers within the business. Also identify the project management office, architecture, and purchasing leads.

A list of contacts that represent the stakeholders is created. (Excel is a great tool for this purpose.)

Document the current values for the measures of success.

Obtain metrics for user experience, operational costs, conflicts and silos, understanding of governance, and project speed of execution.

A list of metrics is assembled and agreed to.

Document the charter.

Document the scope, purpose, and values.

The scope, purpose, and values are documented and agreed to.

Document the guiding principles.

Establish a list of principles, such as using consumer off-the-shelf software, maneuverability, lowers cost of ownership, simplified administration, scalability, reusability, buy before build.

Stakeholders create and agree to a list of principles.

Create a communication plan.

Conduct research regarding the key pain points or gaps in the stakeholder experience. Work with the senior sponsor to craft a message. Document the communication format, audience, and schedule.

The communication plan is documented and agreed to with the senior sponsor and key stakeholders.

Create a governance site.

Create a governance site with a contact list, document library, calendar, issues, actions, and decisions log.

The site is created.

Set realistic goals for the first year and establish review cycles.

Work with the stakeholders to set goals for the governance program. These quarterly goals are at first very simple: agreeing to stakeholders and guiding principles, creating a governance site, holding a kickoff meeting, and aiming to address smaller issues such as navigation problems and training.

The goals for the first 12 months are documented and agreed to and a review date is set.

Launch the governance committee.

The governance committee is launched officially, using your communications office.

Communications are sent.

Schedule quarterly reviews.

The reviews must focus on accomplishments and progress. Set realistic goals; start small so that you have early wins.

Quarterly reviews are scheduled. An agenda for the reviews is understood and agreed to.

 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish