The COBIT 5 makes the distinction between IT Governance and IT Management clearly

IT Governance is the term that exists quite long time ago. Many definitions of the IT Governance was created but it is still vague, but the it is still vague until the COBIT 5 framework established. The COBIT 5 framework makes a clear distinction between IT Governance and IT Management. The COBIT 5 provides a key distinction between the governance and management by their roles and activities.



Governance: “Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives.”

Management: “Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.”

The COBIT 5 recognises the importance of the separating the governance and management, and putting this concept to be as one of its five principles of the COBIT 5.

It is illustrated by a visual diagram as follows:

COBIT 5 Governance and Management Key Areas 

from the COBIT 5 - A Business Framework for the Governance and Management of Enterprise IT (2012)

I like so much this illustration of IT Governance and IT Management by the COBIT 5. It is easier to show out the distinct between them now.

For information of definitions of IT Governance in the past, please refer to the following instances:

• In 2004, Weill and Ross focus on “Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.”

• In 2005, IT Governance Institute ("ITGI") expands the definition: "IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organisational structures and processes that ensure that the enterprise’s IT sustains and extends the organisation’s strategies and objectives"

• Webb, Pollard and Ridley (2006) performed a content analysis on a dozen definitions of IT governance. They noted a “lack of clarity” in the concept of IT governance, but derived a composite definition: “IT Governance is the strategic alignment of IT with the business such that maximum business value is achieved through the development and maintenance of effective IT control and accountability, performance management and risk management” (emphasis mine).

• Van Grembergen and De Haes (2009) focus on enterprise governance of IT and define this as “an integral part of corporate governance and addresses the definition and implementation of processes, structures and relational mechanisms in the organization that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT enabled investments”.

• While AS8015, the Australian Standard for Corporate Governance of Information and Communication Technology (ICT), defines Corporate Governance of ICT as “The system by which the current and future use of ICT is directed and controlled. It i   nvolves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation.”

• In the Board Briefing on IT Governance published by ISACA, it defined: “IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.” This definition is also found in the CobiT 4.1.

------
Notes: COBIT 5: is the latest edition of IT Governance and Management framework developed and established by ISACA (http://www.isaca.org/COBIT)

---------------------

@Written by Mr. Quan, Chan Dieu - CISA, CGEIT, C|CISO, CCNP
This article is written by his personal view and is not represented by any organisation and company that he has been working for.

Reference:

• COBIT 5 - A Business Framework for the Governance and Management of Enterprise IT (published by ISACA 2012)
• http://www.itgovernanceonline.com/it-governance/it-governance-definitions/
• http://en.wikipedia.org/wiki/Corporate_governance_of_information_technology

[If you re-post or copy this article to another blog, please keep the author name of the article in your post]
[If you copy this article to an online or printed journal, please obtain the agreement of the author]
[If you copy the idea or extract a section from this article to your online or paper article, please keep author name and this web URL in your references section]