Further thinking on our 'think tank' discussions. Keen to keep the conversation going.
It seems to me that there is a current trend to refer to all kinds of enterprise wide control mechanisms as 'governance', or 'governance frameworks'.
There's undoubtedly a need for a distinct term that signals the existance of enterprise wide control mechanisms, which may impact all parts of the enterprise, particularly for large enterprises where there is so much happening that does not apply to everybody and may be the concern of very few. The term 'governance' seems to have taken on this mantle (the cynical might say that in some cases this is because it's also associated with Board control of an enterprise and therefore imparts vicarious importance to the subject at hand). However this use of the terminology is also a source of confusion, teasing apart what is genuinely a component of a Board's 'command and control' system from cross enterprise management.
I'm reasonably happy that governance can be applied to the smallest of 'enterprises', e.g. the family (thanks for the example Rob). Also that it may be described in the context of particular functions or domains (e.g. moral governance of the family), but only when this is clearly set into a wider governance context, i.e. is a particular aspect of governance of the enterprise as a whole (the entire family in this case).
So perhaps the terms 'IT governance' or even 'IT Security governance' should really be understood as a shorted version of 'IT aspects of enterprise governance' or 'IT Security aspects of enterprise governance'. Which means that it should be clear how any particular 'aspect' of governance fits with the rest (it doesn't stand alone). Also, that the 'aspects' should have clear links to the 'board' (general staff or whatever), from a direction perspective (what kinds of decisions should the board be making - where is board direction needed) and reporting perspective (what kind of information does the board need to make those decisions). If the board isn't making decisions regarding an 'aspect' (it doesn't directly impact those ultimately responsible for the activities of an enterprise) then its probably not governance.
What do others think? (you need to login to comment)
PS - Notes on the think tank session will follow shortly.
Ron Segal
- Login to post comments
- 1808 reads
