A Simple Model for Information Governance, Part 2 of 3

By Christian Liipfert posted 01-26-2014 15:29



In the first installment of this piece, on January 17, I introduced “Information Governance,” and the squishiness of the term. Do people use “Governance” because it is more theoretical, loftier, sexier, or current, or does it sell more product or services than “Management”?  I asked and answered the question as to who’s responsible and accountable for “Governance.” I mentioned “culture” and the impact of the Federal Sentencing Guidelines.

“Governance” and “Management” are sometimes used interchangeably. I submit that there are clear distinctions. In this installment, I describe my proposed model for distinguishing and discussing “Governance” and “Management.” This is, like all models, for convenience of discussion only.  It is by no means perfect.  There are overlaps and inconsistencies, but hopefully those do not unduly detract from the use of the model to frame the discussion of “Governance” and “Management” in the context of “Information.”

The model is simple:  Height, Width and Length.  I don’t have a graphic.

In this installment, I look at Height and Width as I explore the Governance-Management hierarchies from top to bottom and from left to right. 


Hierarchy, subsidiarity, federalism and monarchy are all important structural concepts applicable to “Governance” and “Management.” What they all have in common is a structure where someone at the top or the center is responsible for establishing the rules that everyone else further down the organogram or further out from the center must follow.  In successive stages, this works like a waterfall; at each stage or layer in the journey from the top or the center, someone at that stage or layer can impose additional rules that everyone else further down or further out needs to obey.  Any exceptions to these rules must be approved by the level or layer that created the rule.

In a corporation, the structure is largely hierarchical, with six major elements establishing the Height:

1.      Society

2.      Law

3.      Shareholders

4.      Board of Directors

5.      Management

6.      Employees and others


Each of these six elements has different powers to affect those further down the chain or further out from the center.  The breadth of these varying rights and accountabilities is discussed here as the Width.

1.      Society

First, there is Society. Society provides some basic assumptions that are collectively called “culture.”  The culture varies depending on the context, with the sub-culture being different inside a church or a school versus a fraternity house.  As it applies to corporations, Society allows people to invest and conduct business with limited liability, provided certain levels of conduct are met, such as having an approved purpose and complying with applicable laws.

2.      Law

Second, there is Law. Government provides the laws, and the regulators and enforcers, to impose and enforce those laws. Law is subservient to Society, in the sense that Society can require Government to change the laws, but Government can’t require Society to live with laws that Society does not accept. Thus, in the US at least, Law is subject to the consent of the governed. In the context of corporations, Law requires that a corporation maintains a certain separateness from its shareholders and abides by the applicable laws and regulations.

3.      Shareholders

Third, there are the Shareholders. The Shareholders operate within the culture created by Society and are subject to the Law.  The Shareholders select from among the available legal purposes to pick, broadly, what the corporation is for, beyond returning profits to Shareholders for their investment. The Shareholders also pick the Directors to govern the overall operations of the Corporation. The Shareholders, in theory at least, approve the corporation’s articles and bylaws.

4.      Board of Directors

Fourth, there is the Board of Directors. Within the constraints provided to them by the Shareholders, Law, and Society, the Directors oversee the running of the corporation’s business. They agree upon the mission and vision of the corporation, set strategy and policy, establish budgets, and monitor the performance of the corporation. They hire, compensate, remove, and delegate powers to the Chief Executive Officer, and monitor his or her performance operationally and against budget in accordance with the Board’s broad directions. They communicate with the Chief Executive Officer and the Shareholders. The Directors are fiduciaries, with duties of loyalty and care to the corporation and the Shareholders.

The Directors provide a reasonable review of the hazards to which the corporation as a whole is exposed and the controls and mitigations Management has in place to address them.  The Directors approve the policies that are applicable to everyone within the corporation, thereby essentially setting up additional “private” laws with which all the corporation’s agents must comply.  The Board allocates decision-making power at the Board level (to the extent not covered in the by-laws) and between the Board and Management. The Directors also have additional duties to establish, promote, and maintain the sub-culture of the corporation.

5.      Management

Fifth, there is the Management, which in turn is divided into three parts: first, the officers; second, senior management; and, third, line management. Officers and other members of management are agents of the corporation itself; the officers themselves may also be fiduciaries. Management is subject to Society, Law, Shareholders and the Board.  Management sub-allocates decision-making powers.

Management organizes its employees and activities, determines how and where to operate, and establishes management and reporting structures.  Management protects and maintains the corporation’s assets, making sure that those assets are neither given away nor wasted. Management selects, hires, trains, promotes, compensates, and fires employees. 

Management is responsible for knowledge of, compliance with, and implementation of, the applicable laws and the policies adopted by the Board, and establishes additional policies for the organization. Generally, these policies are deployed on a waterfall basis, i.e., the officers adopt and enforce policies that apply to the senior management, which in turn adopts and enforces additional policies applicable to the next lower level, and so forth, until you reach the lowest level of management, which develops the processes by which the employees reporting to them operate.  These processes are one of the controls by which Management assures itself that operations are in accordance with applicable law and with corporate policies.  Management confirms that the processes are being followed, and that contractors are living up to their obligations.

Management identifies the operational hazards to which the corporation is exposed, and develops controls to avoid the occurrence of those hazards and to mitigate the impact if those hazards nonetheless occur.  Management, through its actions, demonstrates its commitment to and promotes and supports the culture established by the Board.  These actions include the people Management hires and promotes.

Management reports to the Board on the corporation’s performance, including reports on Operations, Finance, and Compliance.

6.      Employees and others

Line management (the first layer of Management that has employees reporting to it) tells those employees what to do and how to do it.  These instructions come largely by way of processes that the employees then operate. As agents, employees are legally obligated to follow the lawful instructions of those above them in the corporate hierarchy. Employees are responsible for adjusting to the culture established by the Board and promoted and supported by Management.

Line management manages the relationship with third parties, such as contractual counterparties.  By way of contract, these third parties are told what needs to be done or provided, and when, and what other restrictions and policies apply.  These third parties operate within the cultures of both the corporation that has engaged them and the corporation that employs them.

Next Installment

The next installment addresses the Length dimension, and ties the discussion back to “Information.”

#InformationGovernance #compliance #Structure #information governance #policy
1 comment


03-23-2016 06:30