Monday, March 18, 2013

"Governance" As Used In Current Literature On Management

1.0 Introduction

One might study economics because one wants to explore the ruling ideas of the ruling class in our society. The literature directed to professional management provides another locus for exploring such ideas. I find it intriguing when such literature parallels selected ideas being developed by leftists.

One such idea is that corporations often make political decisions. The allocation of resources, particularly for investment, is a political decision. Some of these investment decisions in the United States are left to centers of private power, that is, businesses. Of course, some investment decisions, particularly in basic research, are made by government. And universities are important here.

I think the use of the "governance" in the literature on management fairly explicitly states a recognition of the political nature of management decisions in large corporations. Some work of the economist Michael Jensen can be seen as concerned with corporate governance. Some literature also discusses subsidiary governance in the corporation. I here provide some examples.

2.0 Governance of Information Technology (IT)

I start with IT governance:

"Effective governance addresses three questions:

  1. What decisions must be made?
  2. Who should make these decisions?
  3. How will we make and monitor these decisions

...For our purposes here, governance is not about creating bureaucracy but determining what decisions must be made, by whom, and how they will be monitored. Providing clarity to the organization about the results of governance decisions and, more importantly, the process of decision making streamlines communications and removes ambiguity...

...It is reasonable to question why 'business needs' appear to be only a subset of the considerations for decisions when surely they should drive all IT decisions? ...Remember that this chapter is about how decisions on business needs will be made alongside other IT decisions. The assumption is that the real, major business decisions are being made in the context of a corporate governance model (which is at a hierarchically higher level in the organization than the IT governance model)." -- Harris et al. (2008): pp. 59-63.

Harris et al. go on to define a number of political structures for IT governance, including monarchies, feudalism, federalism, duopoly, and anarchy.

3.0 information Security Governance

I can cite a number of references (Allen 2005, Allen et al. 2008, Bowen et al. 2006, Westby and Allen 2007) addressing enterprise or information security. Perhaps information security governance should be as a subset of IT governance:

"Information security governance can be defined as the process of establishing and maintaining a framework and supporting management structure and processes to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk." -- Bowen et al. (2006): p. 2
4.0 Conclusions

Doubtless those concerned with other issues and technology areas of importance in corporate management can find definitions and literature on governance for their areas. Leftists and students of management agree: politics includes corporate decisions.

  • Julia H. Allen. Governing for Enterprise Security, CMU/SEI-2005-TN-023, Software Engineering Institute, Carnegie Mellon University (June 2005).
  • Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, and Nancy R. Mead (2008). Software Security Engineering: A Guide for Project Managers, Addison Wesley.
  • Pauline Bowen, Joan Hash, and Mark Wilson. Information Security Handbook: A Guide for Managers, NIST Special Publication 800-100, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (October 2006).
  • Michael D. S. Harris, David Herron, and Stasia Iwanicki (2008). The Business Value of IT: Managing Risks, Optimizing Performance, and Measuring Results, CRC Press.
  • Jody R. Westby and Julia H. Allen. Governing for Enterprise Security (GES) Implementation Guide CMU/SEI-2007-TN-020, Software Engineering Institute, Carnegie Mellon University (August 2007).

No comments: