Per COBIT 5, a framework created by ISACA for IT management and IT governance,
Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives.
Governance should be the responsibility of the Board of Directors under the leadership of the chairperson. Specific governance responsibilities may be delegated to special organizational structures at an appropriate level, specially in complex organizations.
In other word, governance is responsible for:
- Evaluate to determine balanced, agreed-on enterprise objectives to be achieved
- Direct through prioritization and decision making
- Monitor performance, compliance and progress against agreed direction and objectives.
Management in in the business of planing, building, running and monitoring activities in alignment with the direction set by the governance body to achieve the enterprise objectives.
Management should be the responsibility of the executive management under the leadership of the CEO (Chief Executive Officer).
Why we separate governance and management?
One of most important things about IT governance is that, historically, IT has been told to govern themselves but it is extremely difficult in practice. IT team need direction and guidance from a higher authority to provide expected values to the organization. By separating governance and management from each other we not only try to promote accountability at all organizational levels but also achieve a mechanism for good enterprise governance that focuses on stakeholder value by balancing performance and conformance.