As we all know, different laws, regulations, and standards make it clear that for a company to deliver greater value and benefits to its stakeholders, the organization’s executives and IT departments must be very closely aligned. But for this to happen, it is extremely important to know how to differentiate between Governance and IT Management. And you? Do you know how to differentiate and separate Governance from IT Management?
Currently, there are several different lines of thought and theories on how each company should structure and differentiate the formulation of its strategic planning from the execution of the strategic plan. Why, then, should we separate governance and management? What is the best framework to support this model?
Why separate governance and management?
One of the biggest problems with IT governance is that, historically, IT has been obliged to govern itself. Based on my experience with strategic planning, I can tell you that this is an extremely problematic situation.
IT needs guidance and direction from a higher authority, one that can give it greater value for the company. By separating governance and management, accountability is promoted at all levels and, moreover, it focuses on stakeholder value, balancing performance and compliance.
According to ISACA’s COBIT5 framework, Governance ensures that stakeholder needs, conditions and options are assessed to determine balanced objectives to be achieved, setting direction through prioritization and decision-making, as well as monitoring performance and compliance.
This means that governance should:
- Evaluate and determine balanced objectives that the company must achieve
- Provide direction through prioritization and decision-making
- Monitor performance, compliance and progress based on agreed direction and objectives
The main responsibilities of governance are to assess, direct and monitor. This definition comes directly from COBIT, which adopted it from the international governance standard ISO 38500.
Management, on the other hand, plans, constructs, executes and monitors activities that should align with and help achieve the goals of Governance.
To better understand this distinction, think of it like this: Governance is the responsibility of the executives (or executive board), and Management is the responsibility of the managers.
How does COBIT support this model?
Currently, COBIT is the only framework that helps companies achieve their governance and IT management goals, encompassing benefits and optimizing risks and resources.
COBIT supports Governance and IT Management based on five key principles and seven enabling principles. The principles include: satisfying stakeholder needs; engaging the entire company; applying a single framework; using a holistic approach; and separating governance and management.
In the illustration below, we can see how COBIT classifies not only the IT Governance of the company, but IT Management as well. There are five domains (four management and one governance) that align and assist in the separation of governance and management.
Frameworks are not standards and can be modified to better meet the needs of companies, as long as the necessary separation between governance and management exists. Without this separation, there is a risk with regard to responsibilities at different levels.
Currently, there are a number of tools that can help you with this task. SoftExpert provides a solution that can help you, with its full set of resources, to translate strategy into operational objectives, defining and gathering data that ensures better business performance and that allows you to monitor your progress.