Skip to main content

Understanding Governance versus Management of Technology

·3 mins
GRC AI Governance Accountability Frameworks Executive Communication

Lots of talk about ‘governance’ these days in various technology contexts, especially around AI. Lots of misunderstandings too.

Lots of talk about ‘governance’ these days in various technology contexts, especially around AI.

Lots of misunderstandings too.

And is it just me, but isn’t GRC coming back into vogue? About 10 years ago, Gartner said GRC was dead! Yet now I see many companies building up GRC functions and procuring GRC tools.

I have a strong background in GRC stemming from the WorldCom and Enron scandals and was first exposed to the concepts when integrating financial business processes and systems into an IBM acquired company 20 years ago, followed by managing a compliance project at Carlsberg Group addressing the so-called ‘EuroSox’ EU directives. And then more GRC-related projects and programmes followed and I’ve never looked back.

Back to the governance v management conundrum.

Many of us are familiar with the rapidly evolving landscape of technology, especially in fields such as AI and data protection so understanding the distinction between ‘governance’ and ‘management’ is critical for legal, AI, information, technology and data protection professionals (to name a few) to ensure effective oversight and operational success.

While both governance and management are leadership roles, they each have their own unique responsibilities and functions.

Governance: big picture stuff #

Governance is all about the big picture and long-term goals. This is the job of the board of directors. They focus on making sure everything the company does aligns with its mission and long-term objectives. Here are some key points about governance:

  • Evaluating stakeholder needs Making sure the needs, conditions, and options of stakeholders are well understood to set balanced and agreed-upon goals

  • Setting strategic direction Deciding the direction of the company through prioritisation and decision-making

  • Monitoring performance and compliance Keeping an eye on how things are going compared to the agreed goals to ensure everything is on track.

The Board constantly asks whether the organisation is working towards its mission, having a positive impact, and being sustainable financially and operationally. They also decide the company’s risk appetite, set up accountability frameworks, and establish policies and procedures.

Management: getting things done #

Management is about day-to-day operations and putting the strategic direction into action. Managers are the go-betweens for the board and employees, translating high-level plans into actionable goals. Here’s what management does:

  • Communicating expectations Making sure everyone knows the mission, strategy, and policies

  • Managing operations Planning, building, running, and monitoring activities to meet the company’s goals

  • Reporting results Keeping the Board updated on progress and outcomes.

Key differences #

Focus: governance is strategic, looking at long-term objectives and overall direction. Management is tactical, focusing on daily operations and implementation.

Responsibilities: governance sets the strategy and monitors compliance. Management plans and executes operations to meet those strategic goals.

Accountability: the board is accountable for ensuring the organisation sticks to its mission and long-term goals, while management is responsible for achieving these goals through effective operations.

Author
Tim Clements

Browse by Topic

access controls accountability accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation article 12 article 13 article 22 article 25 article 28 article 30 article 32 article 35 article 46 article 5 article 6 article 7 audit and assessment automated decision-making awareness awareness campaigns behaviour change beyond legal board reporting case law change management cloud infrastructure compliance monitoring consent cookie compliance cross-border transfers customer success dark patterns data accuracy data breach notification data flows data mapping data minimisation data processing agreements data protection data protection by design data protection day data protection hero data protection leader data quality data residency data retention data science data sovereignty data subject rights datatilsynet deceptive design direct marketing dora dpia education employee data employee engagement enterprise architecture eprivacy esg executive communication external legal counsel finance and banking gdpr gdpr at 10 generative ai governance grc healthcare horizon scanning hr and data protection hr and employment incident response information security intellectual property internal communications international transfers lawful basis leadership lego serious play machine learning marketing nis2 privacy by design privacy culture product management profiling public sector purpose limitation quantum computing records of processing regulatory guidance risk management risk reduction ropa sales security software development special category data standard contractual clauses strategic planning sub-processors supply chain sustainability system design third-party risk training design transparency trend radar ux design vendor management visual communication weak signals workshop facilitation

Related Posts