Governance and management: A lesson from COBIT 5


A colleague had just finished the delivery of a wonderful presentation on leadership when our boss asked, “What is the difference between leadership and management?” Once I had sufficiently explained that leadership could also be termed as governance, making a contrast between leadership (now governance) and management was absolutely easy–all thanks to COBIT 5.

ISACA recently released COBIT 5, and I downloaded my personalized copy of the framework alongside other documentations such as an overview, implementation guidance, enabling processes and toolkits. One of the key principles of COBIT 5 that differentiates it from COBIT 4.1 is the separation of governance from management. This is quite apparent from the cover page, which features the phrase “The Business Framework for the Governance and Management of Enterprise IT.”

No matter how seemingly similar the lexical meaning of the words “governance” and “management” may be, in IT they are distinct. COBIT 5 explains this.

Governance: Governance of enterprise IT (GEIT) is the responsibility of the board of directors, typically under the leadership of a chairman. In a political system, it may imply the role played by a president together with members of the executive team. It involves mainly direction setting, decision making and monitoring performance against the direction set. With GEIT, (and extracting from COBIT 5 as a benchmark), there are five processes. Within each process are the elements of evaluate, direct and monitor (EDM). The processes includes: Ensuring Governance Framework Setting and Maintenance; Ensuring Business Delivery; Ensuring Risk Optimization; Ensuring Resource Optimization and Ensuring Stakeholder Transparency.

Management: Management, on the other hand, mainly involves controlling in alignment with the direction set by governance. The (executive) management team under the leadership of the chief executive officer or managing director is ultimately responsible for this. Again using the political system an illustration, it may imply the roles played by differing government parastatals, agencies and departments. In COBIT 5, it involves planning, building, running (operating) and monitoring plan/build/run/monitor activities in alignment with direction set to achieve enterprise objectives. It consists of four domains which are an evolution from COBIT 4.1: Align, Plan and Organize (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA).

Based on the above information, it becomes imperative to note that, despite the distinctiveness, the definitions of governance and management also influence the interactions between both aspects of governing and managing enterprise IT. These principles as provided in COBIT 5 enable enterprises to build effective and efficient frameworks that optimize information and technology investment for the benefit of stakeholders.


Nurudeen Olaotan Odeshina

Consultant, Digital Jewels Limited, Nigeria

Follow him on twitter @Ibn_AbdulRahman

Published: 5/29/2012 8:14 AM

View full post on ISACA Now: Posts

. . . . . . . .