Understanding Governance versus Management of Technology

Lots of talk about ‘governance’ these days in various technology contexts, especially around AI.

Lots of misunderstandings too.

And is it just me, but isn’t GRC coming back into vogue? About 10 years ago, Gartner said GRC was dead! Yet now I see many companies building up GRC functions and procuring GRC tools.

I have a strong background in GRC stemming from the WorldCom and Enron scandals and was first exposed to the concepts when integrating financial business processes and systems into an IBM acquired company 20 years ago, followed by managing a compliance project at Carlsberg Group addressing the so-called ‘EuroSox’ EU directives. And then more GRC-related projects and programmes followed and I've never looked back.

Back to the governance v management conundrum.

Many of us are familiar with the rapidly evolving landscape of technology, especially in fields such as AI and data protection so understanding the distinction between ‘governance’ and ‘management’ is critical for legal, AI, information, technology and data protection professionals (to name a few) to ensure effective oversight and operational success.

While both governance and management are leadership roles, they each have their own unique responsibilities and functions.

Governance: big picture stuff

Governance is all about the big picture and long-term goals. This is the job of the board of directors. They focus on making sure everything the company does aligns with its mission and long-term objectives. Here are some key points about governance:

• Evaluating stakeholder needs
  Making sure the needs, conditions, and options of stakeholders are well understood to set balanced and agreed-upon goals

• Setting strategic direction
  Deciding the direction of the company through prioritisation and decision-making

• Monitoring performance and compliance
  Keeping an eye on how things are going compared to the agreed goals to ensure everything is on track.

The Board constantly asks whether the organisation is working towards its mission, having a positive impact, and being sustainable financially and operationally. They also decide the company’s risk appetite, set up accountability frameworks, and establish policies and procedures.

Management: getting things done

Management is about day-to-day operations and putting the strategic direction into action. Managers are the go-betweens for the board and employees, translating high-level plans into actionable goals. Here’s what management does:

• Communicating expectations
  Making sure everyone knows the mission, strategy, and policies

• Managing operations
  Planning, building, running, and monitoring activities to meet the company’s goals‍

• Reporting results
  Keeping the Board updated on progress and outcomes.

Key differences

Focus: governance is strategic, looking at long-term objectives and overall direction. Management is tactical, focusing on daily operations and implementation.

Responsibilities: governance sets the strategy and monitors compliance. Management plans and executes operations to meet those strategic goals.

Accountability: the board is accountable for ensuring the organisation sticks to its mission and long-term goals, while management is responsible for achieving these goals through effective operations.