Organizations are contending with increasingly dynamic and demanding external and internal environments by making good corporate governance accessible and fit for application through the adoption of governance practices that sustain value creation. Governance and management systems are being designed to reinforce and govern a holistic, interrelated set of arrangements that can be understood and implemented in an integrated manner using organizational structures, processes, practices and ethical, conscious behavior.
Governance and Management
Corporate governance is the system that a governing body exercises ethical and effective leadership to establish:
- An ethical culture
- Sustainable performance and value creation
- Adequate and effective control by the governing body
- Trust in the organization, its reputation and its legitimacy
Putting corporate governance into practice requires a holistic and integrated set of arrangements that can be evaluated and directed to create the value stakeholders expect.
Organizations often use a wide variety of resources and governance mechanisms to achieve their purpose, strategic goals and to fulfill stakeholder needs. Leveraging resources requires the establishment of accountability, assignment of responsibility, and transparency and fairness in how work gets done.
The implementation of corporate governance starts with an examination of the roles and responsibilities for decision-making processes, specifically those that impact the achievement of strategic goals. This will reveal who is accountable and who is responsible for the practices and governance mechanisms required to achieve governance outcomes. A governance and management system institutionalizes the organizational structures, processes and ethical, conscious behavior.
Technology and Information Governance
While governing bodies are expected to be proactive in ensuring that information assets are leveraged for growth, there are few tools actually available that provide governing bodies with sufficient oversight. A governance and management system provides an integrated solution that brings the governors and the managers together and provides a holistic approach for them to effectively govern and manage the current and future use of technology and information.
Such a system provides the means to institutionalize the enablers of good corporate governance. People, process, technology and information come together in an integrated governance and management system that enables value creation and supports the achievement of strategic goals.
An organization’s capability to govern and manage is developed within a governance and management system and enhanced through the use of a suitable mix of enablers:
- Principles, policies and frameworks
- Processes, practices and activities
- Organizational structures, roles and responsibilities
- Skills and competencies
- Culture and behavior
- Service delivery components
- Information management
Orchestration and Choreographing the Practices
Corporate governance is not accessible or actionable if the application of the underlying practices cannot be influenced. To achieve the organization’s purpose and strategic goals and deliver value to the stakeholders, the governing body and executive managers must evaluate and direct the regular and ad hoc daily activities of internal and external parties.
Leadership and organizational structures are of little benefit if they cannot influence the organization’s processes and practices, direct the alignment and prioritization of value delivery, govern risk management, optimize resource usage and track performance.
A governance and management system provides the functionality required to orchestrate those responsible and choreograph the implemented practices how the governing body and management want to direct operations, effectively manage risk, consume resources and comply with regulatory obligations.
Being fit for purpose is paramount. Every governance and management system should be crafted in accordance with size, available resources, and complexity of strategic objectives and operations so that it suits the organization and sustains value creation.
Maintaining a Framework for Governance
Regardless of any technical and organizational arrangements deployed by management, these arrangements will be fundamentally undermined if operated outside an effective risk management and governance regime. It is essential that the implemented corporate governance framework ensures procedures, personnel, physical, technical and organizational arrangements, and that controls:
- Remain effective throughout the lifetime of service delivery and value creation
- Are responsive to changes in the services and value delivery propositions, and
- Change in accordance with threat and technology developments
A documented governance and management system ensures that corporate governance is understood and communicates which practices are required to support service delivery, performance standards, value creation, regulatory compliance and internal controls. Records of assigned responsibilities, current status, analysis, evaluation and completion demonstrate compliance with the selected principles, policies, frameworks, standards, and legal and regulatory requirements applicable to the practices assigned.
The governance and management system incorporates the priority, status, sequence and timing of actions; enables the monitoring of capability, progress and outcomes achieved; and coordinates continuous improvement.
Peter Hill will speak on Governance & Management at EuroCACS in Dublin 30 May-June 1 2016.
Peter Hill, CISA, CISM, CGEIT, IT Governance Network
[ISACA Now Blog]