The growing importance of governance is unsurprising, as this seemingly dry topic grows in relevance due to fundamental changes in the economy, emerging technologies, and broader societal trends, all of which impact the population at large. One reason for the growing importance of governance is an outcome of changes in the way information is created, distributed, and consumed. Another reason is the outcome of increasingly complex societal issues needing to be addressed. But possibly the greatest driver of this is that citizens and consumers are more informed and engaged than ever, and are demanding greater transparency, accountability, and participation in the decision-making processes that affect them. This surge in importance is further accentuated by the complex interconnectedness of various elements at play in our day-to-day world.
From an IT perspective, various forms of governance are relevant for analyzing governance trends. These include corporate governance, IT governance, data governance, and more recently, AI governance (Figure 1).
Figure 1: The relationships between some of the different forms of governance
Figure 1 encapsulates:
- Risk, by the entirety of enterprise governance (also highlighting why the CRO should report to the CEO)
- Security, in IT governance e.g. by firewalls, and in data governance e.g. by ACL management
- Privacy, in IT governance e.g. by PETs, and in data governance e.g. by consent management
- Audit, in conformance (compliance) and also by means of overall enterprise risk control effectiveness
One way of gathering global governance trend information is to use Google Trends data as a guide to identifying relevant Google search activity in 2023, as well as to identify areas of rapid and related changes in search. This activity was performed as at 8 November 2023 (Figure 2) for this article.
The outcome of the analysis suggests that data governance is the most dominant governance topic in north America, parts of south America, parts of Europe, and Russia, while corporate governance has been a dominant topic in Africa, Oceania, China, and southeast Asia. IT governance is the 3rd highest governance topic, with the most interest in this topic expressed in southern Africa, Australia, the Indian subcontinent, and Canada.
Figure 2: The search volumes of the in-scope governance forms are dominated by searches for data governance and corporate governance. Source: Google Trends
The following is a summary - in descending order - of the top governance searches and search trends:
Top Global Governance Searches 2023:
- Corporate Governance: Description of corporate governance, ethics, risk, and social responsibility
- IT Governance: Description of IT governance, relationship to data governance, relationship to corporate governance
- Data Governance: Description of data governance, relationships to data management, and frameworks
- AI Governance: Relationship to data governance, description of AI governance, relationship to corporate governance, and relationship to IT governance
It is clear that the search for definitions - always topical in data and IT - continues in governance. The top Global Governance Search Trends of 2023 are:
- Corporate Governance: OSFI (Office of the Superintendent of Financial Institutions, Canada), IFRS (International Financial Reporting Standards), and ESG (Environmental, Social, and Governance)
- IT and Data Governance: Generative AI
- AI Governance: Generative AI, ChatGPT, and Bard
Generative AI emerges as a prominent theme across IT, data, and AI governance, indicating widespread interest in the oversight of content-creating AI technologies and solutions. Furthermore, the relationships between IT governance, data governance, and corporate governance, is a strong theme, highlighting the integrated nature of governance as shown in Figure 1. Given this search-based trends analysis, five governance trends emerge:
- Governance Interrelationships
- Generative AI Impact
- Data Governance Frameworks and Management
- Regulatory Compliance and Reporting based on the increased scrutiny and emphasis on regulatory compliance. An explanation for OSFI emerging as a trend (it is Canada-specific) could be that the OSFI site provides good general-purpose corporate governance information
- Environmental, Social, and Governance (ESG) based on the renewed focus on ESG in corporate governance
There are practical implications of these trends in the workplace for holders of each of the major ISACA certifications:
Figure 3: How the skills learned within some of ISACA’s major certifications support the trends
| CRISC | CISA | CISM | CGEIT | CDPSE | |
| ESG | Creating a broader understanding of enterprise risk impact by including ESG factors | Auditing to ensure the integrity of ESG-related data | Integrating ESG data sourcing and data access into information security strategies | Determining alignment between IT strategies and company ESG objectives | Solving for the privacy implications of ESG-related data, especially where individuals are involved |
| Tech Integration | Incorporating converging technology risk (e.g., including generative AI chatbots into business operations) into risk management | Auditing the amplified risk impact of technology convergence both operationally and for security | Managing information security in the context of converged technologies | Aligning technology with business goals by effective IT governance | Incorporating technology convergence considerations into data privacy solutions |
| Generative AI | Understanding and managing risks of AI implementation, including generative AI | Auditing AI systems, ensuring reliability, security, and compliance | Securing information systems against emerging threats, including generative AI | Aligning AI governance with overall IT governance | Solving for the privacy implications and ethical use of generative AI |
| Data | Highlighting the critical role of data in risk management, emphasizing robust data governance frameworks | Ensuring effectiveness of data governance controls | Securing data assets and aligning with data governance principles | Aligning data governance with overall IT governance | Solving for all critical data protection concerns |
| Regulatory Compliance | Understanding and managing the risks related to regulatory compliance | Auditing and ensuring compliance with relevant security and data protection regulations | Developing and implementing information security programs aligned with regulatory requirements | Ensuring IT practices comply with applicable laws and regulations | Managing data privacy in accordance with regulatory requirements |
In conclusion, there are five clear governance areas that deserve focus in 2024 based on an integrated analysis of the search trends in four categories of governance, with practical implications for ISACA’s various certification holders.
If the analysis extends to governance in general, then a few other factors emerge. For example, there is a major trend over the same timeframe with respect to related searches for the Organization for Economic Cooperating and Development (OECD), possibly given the OECDs role in promoting good governance practices in partner countries (there are 38). This is followed by related search trends for the World Bank and e-Government.
Figure 4: Search interest in the term, “ESG”, over the last 10 years. Source: Google Trends
The greatest overall search trends in a general governance context seems to be with respect to the governance implications of ESG, sustainability, socially responsible investing, and MSCI (an organization providing e.g., ESG and climate products for investors). This has been on an upward trend since 2019, although it seems to be peaking.
For ISACA certification holders, irrespective of the governance trends, the skills gained place you well with respect to being career-competitive in the context of those trends as Figure 3 shows.
