08 January 2015

Managers don't govern, they are governed

As people often use the word 'governance' in various and therefore confusing ways, I spent a while looking at some authoritative sources of governance wisdom, from which I've summarized the statements below. I now have a better understand of what governance is and what it is not. The statements without a reference, are my own opinions.

1. Corporate governance is the system by which organizations are directed and controlled. [ISO 38500, 2008, adapted from Cadbury, 1992 and OECD, 1999]

2. Boards of directors are responsible for the governance of their companies. [Cadbury, 1992]

3. The shareholders’ role in governance is to appoint the directors and auditors, and to satisfy themselves that an appropriate governance structure is in place. [Cadbury, 1992]

4. The responsibilities of the board include setting the company’s strategic aims, providing the leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship. [Cadbury, 1992]

5. A board of directors often has several committees, e.g. compensation committee, audit committee and governance committee,  to assist the board with the discussion and decision making within the board. [Andriole, 2009]

6. The board determines, within the bounds of laws and regulations,  which aspects of their organization they wish to direct and control by means of policies and plans that they issue to their executives, and, implicitly or explicitly, which aspects are left to the discretion of their executives.

7. From a semantic perspective, when directing and controlling aspects of the organization are delegated to executive management, this should be called management, not governance.

8. Directors are members of the most senior governing body of an organization, and include owners, board members, partners, senior executives or similar, and officers authorized by legislation or regulation. [ISO 38500, 2008]

9. Governance is by definition non-executive, although directors may also have other roles of an executive nature.

10. Directors should govern IT through three main tasks:
a) Evaluate the current and future use of IT
b) Direct preparation and implementation of plans and policies to ensure that use of IT meets business objectives
c) Monitor conformance to policies, and performance against the plans
[ISO 38500, 2008]

11. Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options, setting direction through prioritisation and decision making, and monitoring performance, compliance, and progress against plans. [COBIT 5, 2012]

12. Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. [COBIT 5, 2012]

13. When an auditor reports to the board, auditing is part of governance's monitoring activities; otherwise it's part of management's monitoring activities.

14. Managers (including senior executives in their role as executives) don't govern, they are governed. They participate in governance activities by following the board's directives, and by demonstrating that they have done so - this is part of their management task. 

[Andriole, 2009] Boards of Directors and Technology Governance: The Surprising State of the Practice, Stephen J. Andriole
[Cadbury, 1992] Report of the Committee on the Financial Aspects of Corporate Governance, Adrian Cadbury 
[COBIT 5, 2012] www.isaca.com
[ISO 38500, 2008] www.iso.com
[OECD, 1999] OECD Principles of Corporate Governance

No comments:

Post a Comment