The Governance – Management Difference

As it was discussed earlier, Berle and Means in the 1920s did not make a distinction between directors and managers (Berle and Means, 1932). They state that

Such laws include the Sherman Antitrust Act of 1890, the Securities Act of 1933 and the Securities Exchange Act of 1934. It is noteworthy to acknowledge that corporate management status is prescribed by law. Therefore any changes in that status must consider and abide by those laws. These laws – and consequent other laws and regulations – are aimed at first and foremost to protect shareholders’ rights, and secondly the rights and responsibilities of those who act on their behalf.

The ordinary officers as Berle and Means call them however should be considered in terms of the CxO (Chief – Executive, Financial, Operating, Information, Security etc. Officer). The reason for this is that the CxOs form the group called Senior Management. This group is considered part of the corporate governance issue (Cochran and Wartick, 1988), while middle management should be considered as part of day to day operations.

This concept was picked up again in the 1980s during the formation of agency theory. Board of directors inactivity and passivity, and the emerging duties of the Board as an internal auditor of management forced the attitude of “confidence in management” to change (Nader, 1984, pp.130ff). It also created the need to reconsider the definitions of governance and management. This was not just semantics, but framework and the inter-relationships needed to be considered.

One of the most useful frameworks came from Mueller, the Arthur D. Little Chairman of the Board. He suggested, that

<back to top>

It is important to note, that Mueller uses the frame of “overseeing strategic direction”, not the creation of strategy. Weill and Ross in a recent publication about IT governance consider senior management as part of corporate governance, and intrinsically include strategy within the corporate governance framework (Weill and Ross, 2004, p. 5). Their work is discussed in more detail in a subsequent section of this review, only the shift of focus is highlighted here.

It can be argued that “overseeing strategic direction” is not equivalent with strategy creation. While Cochran and Wartick suggest that governance is strategy oriented (Cochran and Wartick, 1988, p. 6), Mueller’s definition has a different emphasis. In Mueller’s view the emphasis is on the identity of the institution. As it is discussed later, it fits well with the etymology and meaning of the word “governance”. It can be suggested that strategy fits into the overlapping areas of governance and management. Further study is needed to review and reassess this intersection of corporate governance and management.

As a contrast to governance, Mueller offered the following definition of management:

One can see from this definition that management is concerned with day to day activities. Etymologically the word “management” arrived to English through the Italian word “maneggiare”, originating from the Latin word “manus”, which means “hand”. This implies that management is a hands-on activity. The person is in direct contact with the subject managed. This direct contact is the important aspect here. “Manage” conveys the idea of skilfully handling people and/or material (subjects and objects) to achieve results.

The common usage of the word “management” again indicates to get things done through people and by people. In this sense management happens from the firs step of the corporate ladder to senior management level. Management has a strong operational focus and direct involvement.

The operational activities of management are not replicated at Board level. The agency theory that brought governance into focus indicates that there is a distance between the directors, the shareholders they represent and the managers they oversee. Governance ensures that the right managers are doing the right job in the right way, in the best long term interest of the shareholders.

<back to top>

While this distinction is relatively easy to make at corporate governance level, the lines are getting somewhat blurred, when one moves to the daughter disciplines, which are the main focus of this research. Therefore it is worthwhile to dissect, to compare and contrast governance and management. The result can be a more accurate insight into how and who performs either area. The clear delineation between governance and management can determine where IT governance and information security governance fits. This in turn will determine whether the term “governance” is the appropriate terminology for these disciplines.

When evaluating Mueller’s definition, Cochran and Wartick summarised that the main differences between governance and management are orientation, focus and the nature of system (Cochran and Wartick, 1988, p. 6). It can be added that governance is concerned with the future, while management is concerned with the present. This does not negate the fact that governance also means control as discussed later. Performance monitoring and assessment (OECD, 1999), while it is looking at past, is future oriented, because the purpose of performance assessment is to improve performance in the future. It can also be suggested, that corporate governance is goal oriented, while management is attainment oriented.

The separation of governance and management is also important from the viewpoint of who is in charge (Firstenberg and Mankiel, 1994 and Lorsch and McIver, 1989). The issue of controlling the corporation and the structure of relationships at the top is very important, because of the power and impact of the corporation (Berle and Means, 1932). As Lorsch and McIver presented, directors do not view themselves as pawns of management (Lorsch and McIver, 1989). It can be suggested that directors are rather managers of managers. However this “management” is different from the senior and middle manager activities and it is appropriate to use governance to describe the activities of the Board of directors.

Understanding the “management of management” concept of corporate governance is an essential element of contextualising IT governance and information security governance. Current literature of IT governance and information security governance should be considered from this point of view. Otherwise a gap would exist between corporate governance and these aspects of information management. The continuum of governance flowing from the top would be broken and information management could become “orphaned”. While there are aspects of IT or information security governance that fall under the jurisdiction of corporate governance, careful investigation is needed to identify these aspects and separate them from aspects that are considered part of management rather than governance.

<back to top>

This section considered the distinction between governance and management. As different aspects of governance were identified, the focus was on the fact what governance is not. A clear difference between governance and management can be identified. The focus, the orientation, the power exercised is different so are the participants. This differentiation is essential and can have significant consequences.

After considering what corporate governance is not, it is worthwhile to examine what the word “governance” means. This will further clarify the subjects of this research, and could clear apparent inconsistencies that seem to exist between corporate, IT and information security governance. The next section will take a closer look of the term “governance” from etymological and practice point of view.


<back to top>