New Book Review: "Under Control"

New book review for Under Control: Governance Across the Enterprise (CA Press), by Jacob Lamm, Sumner Blount, Steve Boston, Marc Camm, Robert Cirabisi, Nancy E. Cooper, Galina Datskovsky, Christopher Fox, Kenneth V. Handal, William E. McCracken, John Meyer, Helge Scheil, Alan Srulowitz, and Robert Zanella, Apress, 2010, reposted here:

A team of 14 executives from CA (formerly Computer Associates) assembled this collection of related essays, each of which can feasibly stand alone as separate white papers, on governance across the enterprise. While other texts have been written on this subject matter in the past, the authors believe that they provide a unique perspective, since CA has directly experienced the consequences of its own inadequate governance in the past.

After introducing the concept of enterprise governance, the authors present discussions on policy management, risk management, portfolio management, risk governance, IT governance, and information governance, as well as their relationships with the regulatory environment, finance, and sustainability. The two appendixes comprise the compliance and risk committee charter of CA, as well as the corporate governance principles of CA.

This reviewer especially appreciated the high-level overview by Jacob Lamm, Executive Vice President of Strategy and Corporate Development at CA, on the rise of governance and how governance looks today. As Lamm writes, "like many terms in the public eye in recent months, governance is in the eye of the beholder, and definitions can vary from one author to another. But the essence of the definitions is generally the same. Put simply, governance is the culture, policies, procedures and controls that help ensure a company will meet its business goals".

Lamm continues by recognizing that "governance is far from a new concept; corporations have long practiced it. But there has been a change in the level of attention tiven to governance. This increased emphasis has been driven by the needs of the corporation, the stockholders, and regulatory bodies". Lamm then discusses some of the key business drivers for improved corporate governance, and then presents the key goals of good governance, and some of the activities and roles that this might entail.

The diagrams in this text remind this reviewer of those that one might find in many books published by Harvard Business School Press. For example, the diagram on common risk management approaches that Sumner Blount provides illustrates well the four permutations of the manner in which risk can be addressed (accept it, transfer it, mitigate it, or avoid it), and the diagram on likelihood and impact of risk that Rob Zanella provides depicts well the relationship between these two concepts.

In addition, although CA approaches are discussed throughout this text, the references to third-party materials are abundant. For example, Network Frontier's Unified Compliance Framework (UCF), a repository that harmonizes IT controls from over 400 international regulatory requirements, standards, and guidelines, is discussed. Recommended especially to those new to governance or seeking to expand their understanding of how governance is increasingly needed following the economic crisis of 2008, as a consultant this reviewer is looking forward to more business texts that balance the sizable and reputable catalog of technical texts already published by Apress.