For some people, it’s spiders. For some people, it’s fingernails down the blackboard…
For me…it’s discovering a RACI chart being trotted out as the “solution” to a governance breakdown.
I mean, the hairs on the back of my neck stand up…my eyelid starts to twitch…my hands begin to shake…and all I want to do is just shout, as loudly as I possibly can:
But I don’t. I mean, hey…that’d be unprofessional, right?
Here’s the thing. And I even saw RACIs as the recommended solution for ironing out a governance gaffe in the pages of a hallowed publication from McKinsey & Company the other day. But as my mother always said, “Just because you see Johnny McKinsey doing it, it doesn’t mean you need to do it too. You know better.”
And yet…we don’t.
Part of the issue is that we don’t really have a “simple” tool that works…*cough*…as well as the venerable RACI chart where it seems deceptively clear who’s supposed to do what, and how all that fits in to the grander scheme of things.
If you have the discipline, and you add the appropriate disclaimers, you can create RACI charts that aren’t quite so head-wrecking. However, this isn’t easy, because far too often, we’re trying to use the RACI chart to figure out what the governance model should be…
…instead of figuring out the governance model first, and then trying to communicate it effectively to the parties involved.
I despise them (as you might’ve guessed), and I’ve even flat-out refused to create them for clients in the past, because the problem with governance relationships is that there’s really 2 problems:
Problem #1: they’re multidimensional, leading directly to
Problem #2: they’re context-specific.
So what do I mean by that. I mean that if you and I are part of the same process trying to accomplish an objective, your view of the world is different than mine…which is different again to the person who owns the objective we’re actually trying to deliver.
To actually even come close, you really need at least a 3D model to allow you to express this context in an intelligent way, because when it comes right down to it, a governance model is really a network of binary agreements between two or more parties that identify all parties roles in implementing that agreement.
In SABSA, this is really how we represent Trust, and there are rules for that, as you might know. But one of the things I’m going to talk about in the upcoming December issue of the print Security Sanity™ newsletter is really being able to understand, untangle, model and communicate the complex risk governance relationships and also how – if you must – corral those into a RACI that at least doesn’t add to the confusion it’s supposed to be trying to solve.
Either way, once you’ve learned the art and power of governance analysis and modeling, you’ll be able to communicate effectively…
And all the pretty ladies, around the world…
the boys, the girls…
your brother, your sister and you mamma too
will understand why those succa RACI charts ain’t so fly.
If you want to make sure you get this delivered to your door in December, you need to make sure you’ve subscribed before the end of the month. To do that, all you need to know is behind this link right over here:
Andrew S. Townley
Archistry Chief Executive