Governance and management White Paper
- White Paper
- IT Services
- Service management
February 28, 2019 |
6 min read
- White Paper
- IT Services
- Service management
‘Governance’ and ‘management’ are, unsurprisingly, very important concepts in dealing with any kind of work, yet often the terms are used loosely. Looking at the origins of the two words, we see some commonality. Governance derives from the Greek 'kybernan' for steering ships, and management from the Italian 'maneggiare' for steering horses.
In the corporate environment, we steer activities and resources. Rather than steering, we would say directing, monitoring, and evaluating. In the ITSM context, it is about directing, monitoring, and evaluating the activities in the Service Value Chain, and the resources in the Four Dimensions of IT Service Management, namely People, Information and Technology, and Partners and Suppliers.
The Service Value Chain comprises primary and supporting activities. The primary activities are those directly contributing to delivering the relevant IT services. The supporting activities provide the resources for the primary activities. We refer to these primary and supporting activities as service delivery. This is the substantive work that has to be performed in order to deliver the IT services.
In order to ensure and be assured that the IT services are delivered effectively and efficiently, the people executing this work have to be directed, and their results monitored and evaluated. In other words, service delivery has to be managed. This occurs with varying degrees of detail and depends on a variety of factors such as the competences of the people in question and the importance of the IT services.
Just as service delivery has to be managed, there also has to be degree of certainty that management is also executed effectively and efficiently. In other words, management has to be managed. This is how governance is commonly used – providing assurance that management has been directed, monitored, and evaluated. Most organizations have various levels of management, and each level is accountable to the next level up. The underlying principle is that a body cannot govern itself – it is governed by a higher authority. It is the mechanism by which managers discharge themselves of their responsibilities. The highest level is usually referred to as the Chief Executive Officer, who is accountable for the execution of all activities in the organization. They are accountable to the board of non-executive directors, who represent the owners’ or shareholders’ interests. This is what is known as corporate governance.
The shareholders’ role in corporate governance is to appoint the directors and auditors, and to satisfy themselves that an appropriate governance structure is in place. The board of non-executive directors determines the highest levels of responsibilities in the organization and directs and controls the CEO. Finally, the board reports to shareholders on its stewardship.
From the board’s viewpoint, the CEO is ‘just’ a manager. They are not a governor; they are governed. To prevent confusion, it is useful to be aware of the difference between governance as used in corporate governance, and governance used as management – or control – of management. It is a question of perspective.
When IT is of enough importance to an organization, it is addressed as part of corporate governance and in a way, that is appropriate. Authoritative guidance on corporate governance of IT can be found in COBIT5® and ISO/IEC 38500. ISO 38500 is a compact standard and specifies the requirements to which an organization should comply. It doesn’t specify how. COBIT®5 is a much more extensive body of knowledge. It refers to ISO 38500 and describes how an organization can fulfil governance requirements:
- Evaluation of the current and future use of IT
- Direction of the preparation and implementation of plans and policies to ensure that use of IT meets business objectives
- Monitoring of the conformance to policies, and performance against the plans.
In summary, the activities and resources involved in service delivery are managed at a series of management levels, each level being governed by the next higher level until the CEO is reached. They are subject to corporate governance by the board of non-executive directors, which in turn reports to the shareholders on its stewardship. Corporate governance of IT is part of the board’s remit and is addressed in accordance with the importance of IT as compared to other resources.
About the Author
Mark Smalley, also known as The IT Paradigmologist, thinks, writes and speaks extensively about IT ‘paradigms’ – in other words our changing perspectives on IT. He is an IT Management Consultant at Smalley.IT and Master Trainer for GamingWorks’ The Phoenix Project DevOps business simulation. He is Global Ambassador at the DevOps Agile Skills Association (DASA) and has contributed to many bodies of knowledge in the IT management domain.