- Governance is different from management because governance must be EXTERNAL to the object being governed.
- Governing agents do not have personal control over, and are not part of the object that they govern.
For example, it is not possible for a CIO to govern the IT function. They are personally accountable for the strategy and management of the function. As such, they “manage” the IT function; they do not “govern” it.
At the same time, there may be a number of policies, authorized by the board, that the CIO follows. When the CIO is following these policies, they are performing “governance” activities because the primary intention of the policy is to serve a governance purpose. The board is ultimately “governing” the IT function because they stand outside of the function and are only able to externally direct, control and evaluate the IT function by virtue of established policies, procedures and indicators. Without these policies, procedures and indicators, the board has no way of governing, let alone affecting the IT function in any way.