24 May 2010

Governing Wiki Governance

A friend of mine today asked what I knew about governance and wikis so I thought rather than just sharing with him I would write a blog post and hopefully help a few others in the process.

Goals of Governance
As Ross Dawson shares in this excellent little interview, the goal of corporate governance is to understand both the risks and opportunities associated with an area and then set policies in place to provide objectives and constraints on behaviour in line with corporate strategic goals. Wow, what a mouthful! Sounds good though right?

In knowledge intensive organisations, communicating expectations to authors within the organisation is important. It guides users toward expected outcomes, outlines what information should and shouldn't be shared, and limits the chance of harassment in the collaborative fray.

With public Wikis, like the online encyclodaedia Wikipedia, governance is a more democratic affair, although even here there is structure. At a talk in Melbourne 3 years ago, Wikipedia founder Jimmy Wales declared it is really a monarchy with many issues requiring a final ruling by him to settle disputes about proper usage and profitable procedures. So what is the best way to govern wiki use inside a corporation?

When is a duck not a duck?
Recently quite a few bloggers have spoken about Social Media Policy, many pointing to public examples like Coca-Cola, Intel, Kodak and IBM. I particularly like the IBM policy because it includes a focus on the positive value of social-media, helping less technical managers understand why they would allow staff to participate. Oracle's policy is concise and is a good combination of clear constraints such as not allowing staff to comment on mergers and acquisitions, while giving a lot of freedom for staff to use social media both inside and outside the firewall so the benefits can be realised by broad participation and discussion.

The question is though, is social media really so different from other corporate IT systems or even personal information security? It is laudable to discuss the special implications and threats presented by the open information architecture that these tools represent, however in many cases the risks are already present in more analogue ways. You may wish to consider simply refining existing policies rather than adding another. In fact with ageing policies and staff turnover, this may be a great opportunity to re-educate your staff on your information policies in general.

Making it happen at the coal-face
Developing policies around publishing is one thing, how they interface with the business is another. When it comes to distributing and enforcing policy, I tend to think a focus on

With social-media tools like Intranets, Podcasts, Wikis and Blogs, different publishing models can offer advantages in different environments. James Robertson's post on Five different publishing models gives a good breakdown of some of the options, but I encourage you to see this as a moving banquet. Even if a more restrictive, fully centralised publishing model works in current systems you may find it limits participation and may even smother a wiki project entirely.

The key is to balance risk and value. Sometimes people strategies can convey and enforce policy better than threats and punishment. Take Disney TV President Anne Sweeney's practice of weekly executive breakfast meetings that use peer-review to mediate new ideas and strategies and at the same time make expectations clear.

A simple taxonomy for starters
Ross Dawson suggests corporate information be broken in to three distinct categories:
  1. proprietary, which you maintain inside your organisation
  2. information that you share with trusted business partners, clients, suppliers or alliance members, and
  3. information that you actively disseminate to the public at large.
Communicating examples of each type can go a long way to helping prevent loss of IP or damaged to your brand while allowing the efficiencies of collaborative systems like wikis to flourish in your organisations.

One last word on getting it right
More important that the perfectly worded policy or precisely aligned implementation strategy is actually the way these are developed in your organisation. Even if it is possible to have the ultimate governance program for your wiki, it may not remain that way for very long.

To focus on a robust policy that restricts in order to avoid failure at all costs will likely introduce a fear of failure that cuts of the participation wiki's need to succeed. On the other hand taking a laissez-faire approach could allow damage to occur without you even realising it.
Jessica Scarpati says "Regulatory bodies treat social media compliance no differently from instant messaging compliance" and employees can innocently place the company at risk without proper education.

I suggest a strong focus on monitoring and a gentle hand when it comes to correction, with a focus on education and resilience to error. Start with basic policies that capture the spirit of your wiki venture, clearly outline a few definite taboos and then review frequently so that the guidelines co-evolve with practice.

Expect a failure or two but insist the organisation learns from its mistakes and doesn't repeat them and you should have the best of all worlds: creative collaboration, communication of corporate objectives & managed risks.