The Governance Gap: Who Actually Owns This System?

Overview

Ask IT who owns a critical enterprise system and you will get a name on an org chart — probably a role like "System Owner" or "Application Manager." Ask that person how the system actually works, who the key users are, what the system's dependencies are, and what would happen if it went down. The answers get much less clear.

This is the governance gap: the distance between nominal ownership and actual understanding and control. It exists in virtually every large organization, and it is one of the most underappreciated sources of risk, friction, and project failure in enterprise IT.

What Governance Is Supposed to Mean

In enterprise IT, governance refers to the policies, processes, and accountabilities that define how technology is managed — who makes decisions about it, who is responsible for its operation, and how its use is controlled.

Good governance means that for every significant system, accountability is clear. Someone understands what the system does and why it exists. Someone is responsible for availability and data quality, approves changes, manages the vendor relationship, and decides when the system should be retired. Good governance also means documented standards for how systems are built, a controlled change process that includes testing and approval, and a current inventory of what exists and how everything connects.

Most organizations have some of this on paper. What they have in practice is different.

Why Governance Gaps Form

The mechanisms are predictable.

System owners change. The person who originally owned a system leaves, gets promoted, or moves to a different role. Their replacement inherits the title without inheriting the knowledge. Documentation, if it existed, is out of date. The real understanding of how the system works lives with people who are no longer the nominal owners.

Systems outlive their sponsors. Many enterprise systems were implemented to solve a specific business problem under the sponsorship of a specific executive. That executive moves on. The problem is considered solved. The system stays — because other things have come to depend on it — but the organizational energy around it dissipates. Nobody is actively managing it. It just keeps running.

Shadow ownership emerges. In the absence of effective formal governance, informal governance takes over. The analyst who built the reports on top of the system, the junior IT person quietly maintaining the integrations, the business user who works in it every day — these people become the de facto owners. They have the knowledge. They do not have the authority or the accountability. When something goes wrong, there is a mismatch between who gets called and who actually knows what to do.

Documentation is never written, or goes stale. Building a system is visible and rewarded. Documenting it is invisible and time-consuming. Organizations consistently underinvest in documentation. Over time, the gap between what exists and what is written down grows. When the people who hold that knowledge leave, the documentation gap becomes a crisis.

The Retirement Problem

The most acute version of the governance gap involves knowledge concentrated in employees approaching retirement.

Many critical enterprise systems were implemented decades ago. The people who built them, who understand the business logic embedded in them, who know why a particular field is populated the way it is — they are often in their late fifties or sixties. When they retire, irreplaceable knowledge leaves with them.

Organizations that have not captured this through documentation, structured knowledge transfer programs, or apprenticeship arrangements face a genuine operational risk. When a critical system behaves unexpectedly and the only person who could diagnose it has retired, resolution time is measured in days or weeks, not hours.

This is not a hypothetical. It is happening right now in organizations that rely on mainframe systems and COBOL code.

The RACI Problem

A common response to governance gaps is the RACI matrix — a tool that assigns Responsible, Accountable, Consulted, and Informed roles for decisions and activities.

The problem with RACI in practice is that it is a document, not a reality. A RACI that assigns accountability to a role that does not have the budget, the authority, or the knowledge to exercise that accountability is not governance. It is documentation of a fiction. Real governance requires that the people in the accountable roles actually have the information and resources to do the job — not just their name in a cell of a spreadsheet.

What This Means for AI

The governance gap creates specific problems for AI projects, at both the data level and the system level.

When an AI initiative needs data from a system, it needs someone who can provide authoritative information about what the data means, how it was collected, what business rules were applied, and how reliable it is. If the governance gap means nobody knows the answers, the data cannot be trusted without significant investigation — which takes time that most projects do not budget for.

When an AI system writes back to enterprise systems — updating records, triggering processes — it needs clear governance over who authorizes those writes and what controls exist. Without that, the AI is operating without the guardrails that prevent errors from propagating through the organization.

And the AI system itself needs governance. Who owns it? Who monitors it? Who is accountable when it produces a wrong output? Who decides when it needs to be retrained? The same principles that apply to traditional systems apply to AI. Organizations that do not establish clear AI governance before deployment are creating new governance gaps of their own — ones that will be just as expensive to deal with later as the legacy ones they inherited.