Spotlight on Governance
By Stacey Hamaker, CISA
he recent spate of high-profile corporate bankruptcies has intensified the call for improved corporate governance. This article provides an overview of the following forms of governance, then discusses how they relate to one another: • Corporategovernance • Enterprise governance • Information technology (IT) governance First, this article will define the three forms of governance. Table 1 provides a comparative chart that outlines some of their differentiating characteristics. Second, it will look at the emerging concept of enterprise governance illustrated in figure 1. Next, the value of good governance practices will be examined. Andfinally, there are questions provided to help an organization assess its own governance practices. As boards of directors resolve to strengthen their corporate governance practices, they will inevitably need to strengthen their capabilities in the areas of accountability, transparency and disclosure. Enterprise governance provides the comprehensive accountability framework that coordinates allmanagement activity including corporate governance and information technology governance. Most of these management activities are dependent upon effective and reliable information.
Enterprise governance is a relatively new informal term that refers comprehensively to the way an organization is managed. One description from the Information Systems Audit and Control Foundation(ISACF) describes enterprise governance as “the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.”4
Information Technology (IT) Governance
IT governance isa formally recognized discipline that is considered an integral part of enterprise governance. Although information technology is managed by the head of the information services department, the responsibility for IT direction lies with the board of directors and the executive team. A primary proponent of IT governance is Information Systems Audit and Control Association (ISACA), which, in 1998,created the IT Governance Institute. This group is dedicated to defining and promoting the concept of IT governance. “IT governance consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.”5
Corporate governance is a concept that evolved during the 1990sand has been endorsed by most global stock exchanges. One of the most widely recognized international proponents of corporate governance is the Organisation for Economic Co-operation and Development (OECD). This is a multilateral organization composed of 30 of the world’s leading economies.1 In 1999, the OECD developed a set of recommendations called the Principles of Corporate Governance. Theseprinciples were later endorsed by the G7 Finance Ministers and became incorporated into the OECD Guidelines for Multinational Enterprises (MNE) in a chapter on disclosure and transparency. Since then, many other international organizations and governments have adopted similar principles and guidelines. The corporate governance structure of an organization is defined by its corporate charter, bylawsand formal policy. The importance of good corporate governance increasingly is recognized worldwide as a best practice.2 “Corporate governance initiatives aim to create boards that are more responsive to shareholders by attempting to balance the CEO’s power with the board’s ability to act as genuine custodians of the organization.”3
Enterprise Governance Is the Accountability Framework