If your business is not subject to any external governance process, you’re free to spend your money as you please. But you’re not free to suggest your approach is applicable to those who are governed by external frameworks of spending and accountability for that spend, without a testable confirmation this idea doesn’t violate those governance principles.
Governance includes: Responsibility for a specific duty, task, or decision. Authority to influence behaviours. Communication of decisions. Empowerment to give individual's authority to act.
The governing of IT systems has two distinct components.
- A structural component that pertains to the organisation’s information technology activities, the way those activities support the goals of the business, and the people who help manage those activities.
- A process component that defines the decision-making rights associated with IT as well as the mechanisms and policies used to measure and control the way IT decisions are made and carried out within the organisation.
All businesses that operate inside governance frameworks, which address:
- Risk, Conformance and Compliance - COSO, CoBit, ISO 27001, ISO 38500
- Development Change control - ISO 12207, CMMI, CoBit, OPM3, Prince2
- Information & Technology Balance Sheet - Balanced Scorecard, Zachman
- Operations - ITIL, ITPO, PCI DSS, BCM/BS25000, ISO 20000, TCO/ROI, ISO 27001, CoBit
- Business Strategy - Balanced Scorecard
make use of estimates in their decision support processes. To suggest Not Estimating can be the basis of those decision making process is to willfully ignore these principles.
If it’s not your money, you don’t get to do as you please. If it’s your money, do as you please no one really cares. If it’s your customer’s money, confirm with them how they expect you to behave when spending that money.
