Further thinking on our 'think tank' discussions. Keen to keep the conversation going.
It seems to me that there is a current trend to refer to all kinds of enterprise wide control mechanisms as 'governance', or 'governance frameworks'.
There's undoubtedly a need for a distinct term that signals the existance of enterprise wide control mechanisms, which may impact all parts of the enterprise, particularly for large enterprises where there is so much happening that does not apply to everybody and may be the concern of very few. The term 'governance' seems to have taken on this mantle (the cynical might say that in some cases this is because it's also associated with Board control of an enterprise and therefore imparts vicarious importance to the subject at hand). However this use of the terminology is also a source of confusion, teasing apart what is genuinely a component of a Board's 'command and control' system from cross enterprise management.
I'm reasonably happy that governance can be applied to the smallest of 'enterprises', e.g. the family (thanks for the example Rob). Also that it may be described in the context of particular functions or domains (e.g. moral governance of the family), but only when this is clearly set into a wider governance context, i.e. is a particular aspect of governance of the enterprise as a whole (the entire family in this case).
So perhaps the terms 'IT governance' or even 'IT Security governance' should really be understood as a shorted version of 'IT aspects of enterprise governance' or 'IT Security aspects of enterprise governance'. Which means that it should be clear how any particular 'aspect' of governance fits with the rest (it doesn't stand alone). Also, that the 'aspects' should have clear links to the 'board' (general staff or whatever), from a direction perspective (what kinds of decisions should the board be making - where is board direction needed) and reporting perspective (what kind of information does the board need to make those decisions). If the board isn't making decisions regarding an 'aspect' (it doesn't directly impact those ultimately responsible for the activities of an enterprise) then its probably not governance.
What do others think? (you need to login to comment)
PS - Notes on the think tank session will follow shortly.
Ron Segal
- Login to post comments
- 138 reads
Fri, 18/04/2008 - 7:43pm
HI Ron - I really appreciate that you and I now agree on a few points, as per our discussion - that (1) IT Governance defined as a separate from the Corporate Governance established will only serve to accentuate the 'silo' effects that IT professionals are so troubled with. (2) that the human element is important. Robs family analogy is useful upto a point, I think.
So, I am glad I did stand up and comment on this and thanks that you have recieved my remarks well! however, I must comment that 'moral governance' as a 'function' does not appear to be useful analysis. Being 'moral' and 'ethical' is better described as an attribute of a function being performed by an entity. Here again - there are practical limits to how it is dealt with/measured. I think what is of more useful to this discussion - is to be aware that people, ethical factors apply as much to the IT function of an enterprise as the rest of the corporation. Its too easy to be focused on the "mechanics" of 'IT Governance" - like reporting/information flows and loose sight of the fact that organisations can spend a lot of money to 'present' themselves, go through the motions but not have a significant guinine positive effect on their corporate culture. Further still, the bigger the 'game' - the larger the incentive to go through the motions.
Governance is primarily a personal responsiblity. There is only so much that 'the board' , 'someone higher up', assurance and other professionals can do. Ultimately, it is upto each individual to be vigilant - to evaluate for himself/herself as to weather he/she is (demonstrably ) participating in doing the right thing - and must constantly evaluate/communicate to assess what is the 'right thing' for a given situation.
I hope this helps,
Nitish Verma
www.essencenetworks.com