Data governance fails not because the technology is wrong but because the politics of institutional arrangements make real enforcement impossible. Decoupling explains why policies sit on paper while nothing changes.
Every organization I have read about that installs a data governance platform ends up asking the same question a year later. Where is the return? The data catalog is live. The lineage tool traces every column back to its source. The quality dashboard shows scores that nobody opens. The policies are written and approved. And the revenue number still arrives in four conflicting versions every quarter. I kept seeing this pattern in paper after paper and case after case, and the explanation I kept reaching for was always about better tooling or more training or clearer roles. None of those are wrong. But none of them get at the structural reason governance programs fail, which is that they are institutional arrangements being managed as IT projects.
DiMaggio and Powell (1983) gave IS research the vocabulary for understanding why organizations converge on similar practices. Coercive isomorphism comes from external regulatory pressure. GDPR forces data governance standards onto companies whether they want them or not. Mimetic isomorphism comes from uncertainty. When competitors announce data governance programs, boards start asking why their company does not have one. Normative isomorphism comes from professionalization. When every CDO at every conference talks about data stewardship frameworks, those frameworks become the accepted standard of practice. The study materials I have been working through are emphatic about one trap: coercive must be external. A CEO mandate to "govern our data better" is not coercive isomorphism. It is an internal directive, which is a different mechanism entirely.
The isomorphism frame explains why governance programs get launched. It does not explain why they fail after launch. For that, Meyer and Rowan (1977) provide the sharper tool. Their argument is that formal organizational structures often reflect the myths of institutional environments rather than the demands of actual work. Organizations adopt formal structures to gain legitimacy, resources, and survival prospects, independent of whether those structures improve efficiency. The adoption is ceremonial. The structure exists on paper because it must exist on paper. And then something happens that I think every data professional recognizes but rarely names with institutional theory: the formal structure decouples from the actual work.
Meyer and Rowan (1977) describe decoupling as the process by which organizations buffer their formal structures from evaluation on the basis of technical performance. Inspection is minimized. Coordination between structural units is handled informally. Goals are made ambiguous. Data on technical performance are eliminated or rendered invisible. The formal structure stays intact because it provides legitimacy, but the actual work proceeds through informal coordination, workarounds, and the assumption of good faith. Every data governance program I have read about that produces policies nobody follows and lineage maps nobody checks is a textbook case of decoupling. The governance structure exists. It was approved. It has a steering committee. It has documented data ownership assignments. None of that is fake. It is genuinely institutionalized. It just does not touch the day-to-day work of defining, collecting, and using data, which continues through the informal channels that existed before the program was announced.
This is where the Lawrence and Suddaby (2006) concept of institutional work becomes important, though I need to be honest about the sourcing. Their chapter in the SAGE Handbook of Organization Studies is referenced in multiple papers I have read, including Kokshagina et al. (2023) on regulation of algorithmic control and Klein and Braido (2024) on digital entrepreneurship. The concept is clear from these secondary sources: institutional work is the purposive action of individuals and organizations to create, maintain, or disrupt institutional arrangements. Creating means defining new rules, advocating for new norms, constructing new identities. Maintaining means protecting existing institutions from threats, reproducing norms, enabling existing practices to continue. Disrupting means undermining assumptions, disconnecting rewards from existing practices, making the current arrangement seem less inevitable or legitimate. I do not have the original Lawrence and Suddaby (2006) chapter in my local files, so I cannot quote it directly, but the framework is consistent across the papers that cite it and it fits the data governance problem precisely.
Data governance is institutional work. It is not a technology deployment. It is the work of creating new rules for how data is defined, owned, and used, maintaining those rules against the constant pressure of business units that want to operate locally, and disrupting the existing institutional arrangements that treat each department's data as its own property. When governance fails, it fails because the people doing the governance work do not have enough institutional power to create, maintain, or disrupt. I wrote about this from a different angle in a post on why data governance fails without executive sponsorship. The CDO who cannot force the VP of Sales to redefine a qualified lead is doing institutional work without institutional power.
The three types of institutional pressure map onto data governance in specific ways. Coercive pressure brings GDPR, HIPAA, SOX, and sector-specific regulations. These force governance programs into existence, and they produce policies and documentation that satisfy auditors. They do not produce effective governance because compliance and governance are not the same thing. An organization can be fully compliant with GDPR's data protection requirements while still running four conflicting revenue definitions. Compliance says the data is protected. It does not say the data is governed. Mimetic pressure brings the industry benchmark. When competitors publish case studies about their data maturity, when consulting firms release maturity models, when industry bodies publish data governance frameworks, the pressure to adopt grows. But this pressure produces governance programs that look like the benchmark, not governance programs that solve the organization's actual data conflicts. The maturity model becomes the myth, and the myth gets institutionalized whether or not it changes how anyone works. Normative pressure creates CDO roles, data steward certifications, and professional standards. These are important for building a field of practice. They also create the conditions for decoupling, because they provide the vocabulary and the formal structures that satisfy legitimacy requirements without requiring anyone to change their actual behavior.
Meyer and Rowan (1977) predicted this with remarkable precision. They argued that organizations which incorporate institutionalized myths into their formal structures gain legitimacy and survival advantages independent of the immediate efficacy of the acquired practices. The data governance policy is adopted because it is the institutionally appropriate thing to adopt. It is maintained because removing it would signal that the organization is not taking data seriously. It is decoupled from practice because enforcing it would require telling business units that their local definitions and processes are now wrong, and nobody with that authority is willing to do it.
The organizations where data governance actually works, and I acknowledged this in my earlier post, are organizations where something forced the issue. A regulatory penalty that cost real money. A public reporting failure that embarrassed the CEO. A merger that made it impossible to operate with conflicting data definitions. These events created the conditions for institutional disruption. The existing arrangement, where each unit owns its own definitions without consequences, was no longer sustainable. Someone with authority had to impose a new arrangement. That imposition is creation work in the institutional work framework, and it required power that most data governance teams do not have.
I think the institutional work framework also explains why data governance programs tend to produce more documentation than change. Creating institutions through documentation is the easiest form of institutional work. You write policies, define roles, publish standards, and present them to the steering committee. This is the advocacy and defining that Klein and Braido (2024) describe in the context of digital entrepreneurship ecosystems, adapted here to data governance. It is real institutional work. It creates norms and expectations. But it stops at the formal structure. It does not reach the informal work practices that define how data is actually used. The gap between the formal policy and the informal practice is exactly where decoupling lives.
The uncomfortable implication is that better technology will not close this gap. I wrote about a related problem in my post on why zero-trust data governance will be necessary by 2028. The technology for tracking lineage, enforcing quality rules, and flagging AI-generated content is improving. But these are tools for governance that already has institutional authority behind it. They do not create that authority. A data catalog that nobody consults is decoupled governance infrastructure. A quality alert that nobody acts on is decoupled governance theater. The technology makes enforcement easier for organizations that have already done the institutional work of establishing and enforcing data definitions. It does not substitute for that work.
I also think the institutional lens refines the isomorphism argument I made in my post on why everyone copied everyone else's AI strategy. Organizations adopt data governance for the same mimetic reasons they adopt AI strategies. The pressure to appear legitimate in a field where governance is becoming a norm is real. But adoption and effective use are different things. DiMaggio and Powell predict the adoption. Meyer and Rowan predict the decoupling. Lawrence and Suddaby, as I understand their framework through secondary sources, provide the vocabulary for what it would take to close the gap. Creation, maintenance, and disruption are all forms of work that require power, resources, and skill. Without them, the governance program exists as an institutional myth, providing legitimacy without effectiveness. With them, the governance program could become what Meyer and Rowan would call a tightly coupled structure, where formal policies actually shape day-to-day practice.
The field does not have enough research on what successful institutional work looks like in data governance. Most case studies I have encountered document the failure modes: policies that exist on paper, data stewards who have no enforcement power, executive committees that meet quarterly and accomplish nothing. What would a study of data governance that successfully moved from decoupled myth to tightly coupled practice look like? It would track the institutional work of actors who had the authority to disrupt existing arrangements, the resources to create new ones, and the persistence to maintain them against constant pressure to revert. That study would probably not be a technology story. It would be a political story about power, legitimacy, and the deliberate construction of new institutional arrangements. Data governance is one of the places where IS theory meets organizational reality most directly, and the theory tells us that the reality is institutional, not technical.
About the author
Share
More notes
Related notes