The Governance Gap: Who Actually Owns This System?

Overview

Ask the IT organization who owns a critical enterprise system, and you will get a name on an organizational chart, probably a role like "System Owner" or "Application Manager." Ask that person how the system actually works, who the key users are, what the system's dependencies are, and what would happen if it went down, and you may get a much less clear answer.

This is the governance gap: the distance between nominal ownership and actual understanding and control. It exists in virtually every large organization. It is one of the most underappreciated sources of risk, friction, and project failure in enterprise IT.

What Governance Is Supposed to Mean

In enterprise IT, governance refers to the policies, processes, and accountabilities that define how technology is managed — who makes decisions about it, who is responsible for its operation, and how its use is controlled.

Good governance means that for every significant system, there is clear accountability. Someone understands what the system does and why it exists. Someone is responsible for its availability and data quality, approves changes, manages the vendor relationship if it is a commercial product, and decides when it should be retired.

Good governance also means documented standards for how systems are built and integrated. Changes go through a controlled process that includes testing and approval. The organization maintains a current inventory of what systems exist, what they do, and how they connect to each other.

Why Governance Gaps Form

Governance gaps form through a predictable set of mechanisms.

System owners change. The person who originally owned a system leaves the organization, is promoted, or moves to a different role. Their replacement inherits nominal ownership without inheriting the knowledge. The documentation, if it existed, is out of date. The real understanding of how the system works lives with people who are no longer the nominal owners.

Systems outlive their sponsors. Many enterprise systems were implemented to solve a specific business problem under the sponsorship of a specific executive. That executive moves on. The business problem is considered solved. The system stays, because other things have come to depend on it, but the organizational energy around it dissipates. Nobody is actively managing it. It just keeps running.

Shadow ownership emerges. In the absence of effective formal governance, informal governance takes over. The person in the business unit who uses the system every day, the analyst who built the reports on top of it, the junior IT person quietly maintaining the integrations: these people become the de facto owners. They have the knowledge. They do not have the authority or the accountability. When something goes wrong, there is a mismatch between who gets called and who actually knows what to do.

Documentation is never written, or goes stale. Organizations consistently underinvest in documentation. Building a system is visible and rewarded. Documenting it is invisible and time-consuming. Over time, the gap between what exists and what is documented grows. When the people who carry that knowledge leave, the documentation gap becomes a crisis.

The Retirement Risk

One of the most acute manifestations of the governance gap is the knowledge concentrated in employees approaching retirement.

Many critical enterprise systems were implemented decades ago. The people who implemented them, who understand the business logic embedded in them, and who have years of experience with their idiosyncrasies are often in their late fifties or sixties. When they retire, irreplaceable knowledge leaves with them.

Organizations that have not captured this knowledge, through documentation, structured knowledge transfer programs, or apprenticeship arrangements, face a genuine operational risk. When a critical system behaves unexpectedly and the person who could diagnose the problem has retired, resolution time can be measured in days or weeks rather than hours.

This risk is not hypothetical. It is playing out in real time in many organizations, particularly those that rely on mainframe systems and COBOL code.

The RACI Problem

A common approach to governance is the RACI matrix, a tool that assigns Responsible, Accountable, Consulted, and Informed roles for decisions and activities. RACI matrices are used to clarify who does what and who is ultimately accountable.

The problem with RACI in practice is that it is a document, not a reality. A RACI that assigns accountability to a role that does not have the budget, the authority, or the knowledge to exercise that accountability is not governance. It is documentation of a fiction. Real governance requires that the people in the accountable roles actually have the information, authority, and resources to do the job.

What This Means for AI

The governance gap creates specific problems for AI initiatives.

When an AI project needs data from a system, it needs someone who can provide authoritative information about what the data means, how it was collected, what business rules were applied to it, and how reliable it is. If the governance gap means that nobody knows the answers to these questions, the data cannot be trusted for AI purposes without significant investigation.

When an AI system needs to write back to enterprise systems — updating records, triggering processes — it needs clear governance over who authorizes those writes and what controls exist. Without it, the AI system is operating without the guardrails that prevent errors from propagating through the organization.

The AI system itself also needs governance. Who owns it? Who monitors it? Who is accountable when it produces a wrong answer? Who decides when it needs to be retrained? The same governance principles that apply to traditional enterprise systems apply to AI systems. Organizations that do not establish clear AI governance before deployment are creating future governance gaps of their own.