I write this article as a member of the International Standards Organisation (ISO) workgroup for governance of IT standards, to debate the definitions for governance and management. Why, you might ask is there a debate? Is it not clear with definitions in abundance!?
Well, when it comes to standards, it is critical to define the terms used in a standard, so that these terms – when translated into numerous languages – do not lose their meaning or intent. The purpose of this article is not to offer definitions on these terms. Rather to highlight a more fundamental reality; that the governing body often neglect custodianship of its governance of IT role and leave it to management. This issue is not about who performs the governance of IT tasks, but rather having an understanding of what role the governing body plays vs. management.
For many years governance has been left to managers (inclusive of executive managers) to perform. Today, principle-based references like King III and ISO/IEC 38500 have elevated IT onto the governing body’s agenda. These authoritative references don't instruct the governing body how to govern, but rather what they are accountable for.
The legislative environment and size of an organisation within a country will influence the measure of segregation of governance and management roles. The key is for individuals tasked with governance and management responsibilities not to cause confusion by muddling up governance and management outcomes. In the governing role, one steer the organisation to fulfill the mandate of the owners. In a managing role, one establishes structure, people, processes and technology to give the owners’ mandate feet on the ground. Governance and management are two sides of the same coin. If one governs without proper management response, you aspire to a future without the means to reach it. If one manages without proper steering (governance), you run towards no particular destination.
The symbiotic relationship between governance and management should not be left to chance (flipping the coin), but should be consciously designed and embedded into the DNA of the organisation. In future, organisations can expect two publications: “Corporate governance of IT implementation guide” (38501) and “A model of the difference between Governance and Management” (38502) to guide the design and implementation of governance of IT.
ISO project editor for ISO\IEC 38501 – Corporate Governance of IT implementation guide
Co-author of book on Governed Service Management™