IT Governance model or concept can be misleading because of the tendency within the IT sector to transpose the terms ‘management’ and ‘governance’.
Almost everything that is touted today as IT Governance by the industry is actually just plain old IT management. Governance and management are fundamentally different things.
Tools that used to be promoted as IT management or IT service management tools suddenly became IT governance tools. COBIT, which always regard as “the best practice for it management” or ITIL, which always regard as “the best practice for it service management”, is mentioned frequently these days as an IT governance model.
An architect of the ISO-38500 standard believes the best way to ensure smooth IT operation and prevent high-profile IT project failures is to introduce director-level IT Governance.
The statement of the ISO 38500 architect above that involve the director-level on the discussion of IT Governance will of course sound strange to people who do not know clearly about the origins of IT governance concept.
For those who do not know about the origins of the concept of IT governance, consider IT governance is the same as IT management.
Today lots of among the IT people assume or unconsciously assume the meaning of governance is the same as management, whereas in fact governance different from management.
The ignorance or confusion is actually not only among the lay people, but most are also among the experts who exposed the confusion.
Just look at the claims by some experts some time ago which said that as yet no standard that can be used as a single framework for IT governance, but there are some standards that can be used as a reference to create an IT governance framework, they are COBIT, ITIL and ISO 27 002.
In the course it seems that COBIT is the most diligent to promote itself as a framework for IT governance that lately a lot of people are affected, think and believe that COBIT is the only standard that is suitable to serve as an IT governance framework.
The opinions of experts who say that the standards above, especially COBIT, can be used as an IT governance framework, it indiactes a confusion.
Why is that?, because actually COBIT, ITIL, or ISO 27002 is more suitable as an IT management framework rather than as an IT governance framework.
So, what is the appropriate framework for IT governance?. In 2008 ISO published ISO 38500 which was titled as Corporate Governance of IT or IT Governance. Why is ISO 38500 more suitable to serve as an IT governance framework, and not COBIT, ITIL or ISO 27002?.
ISO 38500 standard was made specifically to meet the requirement of IT Governance Framework, this is different to COBIT or ITIL or ISO 27002 which was from the beginning not made for the IT governance framework, but what was being tried to do was to attempt to match and to fit with any standard to serve as an IT governance framework.
The core concept and should keep in mind is that the original intent of IT governance concept is to provide guidance to a company that IT strategic decisions are not only on the level of CIO, but also on the level of the board of directors, commissioners and stock-holders.
The concept of IT governance is inseparable from the concept Corporate Governance as IT governance is part of Corporate Governance.
The difference between governance and management in terms of the difference between Corporate Governance and Corporate Management are as follows:
Governance focuses on oversight, accountability and strategic decisions, while management focuses on strategic decisions, management decisions and control, and operational management.
Intersection between governance and management is on the area of strategic decisions. Coverage area of governance is the upper-middle, while the coverage area of management is the lower-middle.
In Corporate Governance, the area discussed is around the role of directors, commissioners and shareholders. Similarly, the area should be discussed in IT governance should be in the area around it.
Just as there is a clear difference between Corporate Governance and Corporate Management, there should be also a clear difference between IT governance and IT management.
If the coverage area of Corporate Governance is the upper middle and the coverage area of Corporate Management is the lower middle, and thus also the coverage area of IT governance should be the upper middle and the coverage area of IT management should be the lower middle.
COBIT, ITIL and ISO 27002 are the standards that the coverage area is the lower middle, and ISO 38500 is a standard that the coverage area is the upper middle, and thus COBIT, ITIL and ISO 27002 are suitable if they are used as IT management framework and ISO 38500 is suitable if it is used as an IT governance framework.
As stated at the begining almost everything that is touted today as IT Governance by the industry is actually just plain old IT management, however, as explained above governance and management are fundamentally different things. IT Governance model can be misleading because of the tendency within the IT sector to transpose the terms ‘management’ and ‘governance’.
Just look at the terms of (except IT Governance) Information Security Governance, Data Governance, Information Governance, or even storage governance and bandwidth governance, it is clearly seen that the word governance in these terms mean the same as management, whereas there is a clear distinction between governance and management.
ITGovernanceOnline.com website is updated frequently, several times a month. So, you can revisit every month or check the history of interesting updates of the website on What’s new on the website?.