Framework
Governance is more of a political problem than a technological or business one. Technology focuses on matching interfaces and invocation protocols. Business focuses on functionality for serving customers. Technology and business are focused on requirements. While governance gets involved in those aspects, it focuses more on ensuring that everyone is working together and that separate efforts are not contradicting each other. Governance does not determine what the results of decisions are, but what decisions must be made and who will make them.
Key Elements
Internal elements of the governance framework include:
- Strategy and direction matters including corporate and operational plans
- Compliance and accountability measures such as policies, procedures, delegations and audit and risk management processes
- Performance monitoring including, as a minimum, financial reporting and performance management
- Structures and relationships including organisation structures, business processes, standards of behaviour and roles and responsibilities
- Board developed documents to provide the strategic direction needed to respond to the governance framework
- A governance policy handbook. Core documents should include Board and committee charters, code of conduct, corporate plan and annual report meeting procedures, delegations and establishing legislation, a list of Board members and a declaration of interests form
Simply put, it's putting structure and controls around how organizations align decisions, activities, processes and stakeholders with business strategy and objectives. Ensuring that companies stay on track to achieve their strategies and goals, and implementing good ways to measure performance (putting structure around measuring business performance). One popular method involves instituting a Balanced Scorecard, which examines contribution in terms of achieving business goals, being a responsible user of resources and developing people. It uses both qualitative and quantitative measures to get those answers.
Investors are scrutinising operations of companies in which they put their money. As growing numbers of terrorist attacks have hit corporations – such as the bombs exploding at the US owned Marriott Hotel in Jakarta or the HSBC bank headquarters in Istanbul – shareholders are becoming aware that company value is at risk.
Shareholders have realised that, as a consequence of events like 9/11, the organisations in which they've invested may be vulnerable through factors that they can't influence so they want to be sure those organisations are protected. The language they're using may be different, but the underlying pressure is about protection, as a result of this pressure, companies' end of year filings are starting to include references to "operational risk" and "protection of the business".
However, it is not only shareholder pressure that has brought such factors as business continuity to the attention of the board of directors. The regulatory environment established in the wake of corporate scandals at companies such as Enron and WorldCom is also driving awareness that securing data and assets is a governance issue. Most prominent are the Basel II regulatory framework – an overhaul of capital adequacy rules for banks – and the US Sarbanes-Oxley reforms of corporate governance that affect any company whose shares trade on US exchanges.
Legislation is pushing companies to protect data necessary for such auditing. As a result, corporate boards have taken a greater interest in their IT security.
Governance makes sure that all stakeholders' interests are taken into account and that processes provide measurable results.
Investors are scrutinising operations of companies in which they put their money. As growing numbers of terrorist attacks have hit corporations – such as the bombs exploding at the US owned Marriott Hotel in Jakarta or the HSBC bank headquarters in Istanbul – shareholders are becoming aware that company value is at risk.
Shareholders have realised that, as a consequence of events like 9/11, the organisations in which they've invested may be vulnerable through factors that they can't influence so they want to be sure those organisations are protected. The language they're using may be different, but the underlying pressure is about protection, as a result of this pressure, companies' end of year filings are starting to include references to "operational risk" and "protection of the business".
However, it is not only shareholder pressure that has brought such factors as business continuity to the attention of the board of directors. The regulatory environment established in the wake of corporate scandals at companies such as Enron and WorldCom is also driving awareness that securing data and assets is a governance issue. Most prominent are the Basel II regulatory framework – an overhaul of capital adequacy rules for banks – and the US Sarbanes-Oxley reforms of corporate governance that affect any company whose shares trade on US exchanges.
Legislation is pushing companies to protect data necessary for such auditing. As a result, corporate boards have taken a greater interest in their IT security.
Governance makes sure that all stakeholders' interests are taken into account and that processes provide measurable results.
