Harmonisation: the starting point for de‑siloed ICT governance

When organisations aim to de‑silo their ICT governance, the first reflex is often to look at tools, processes or management systems.
In practice, these initiatives frequently fail for a simple reason: governance cannot be coherent as long as roles, responsibilities and reference frameworks are not harmonised.

In the MS4ICT methodology, harmonisation is not a secondary activity.
It is the true starting point of any sustainable de‑siloing effort.

De‑siloing starts with identifying “who is who”

In many organisations, the same function is perceived differently depending on the perspective adopted.

A common example is the Risk Manager.

  • From an IT perspective, the Risk Manager is often seen as part of the finance function.
  • From an executive perspective, the role may be viewed as a control or oversight function.
  • From a legal perspective, responsibilities are not always explicitly linked to regulatory obligations.
  • From an HR perspective, the role may be defined only partially or administratively.

The result is a familiar situation:
the function exists, but under fragmented interpretations, without a shared transversal understanding.

In such contexts, ICT risk management is often reassigned to another role — for example ICT Risk — not because this is methodologically correct, but because roles and responsibilities have not been harmonised and therefore do not naturally connect.

Harmonising roles and responsibilities

One of the core principles of MS4ICT is to harmonise roles and responsibilities before any other action is taken.

Harmonisation means:

  • clearly identifying a function,
  • defining its responsibilities consistently,
  • linking those responsibilities to legal, regulatory and normative obligations,
  • ensuring that the function is recognised in the same way by IT, executive management, legal, HR and control functions.

This harmonisation recreates the links that should have existed from the beginning, and constitutes a first level of de‑siloing — without introducing any new tool or system.

Harmonising by aligning, not by inventing

A second essential dimension of harmonisation is to rely on existing external standards, rather than creating isolated internal references.

In the risk domain, for example, using harmonised taxonomies such as those published by ENISA makes it possible to:

  • structure risk catalogues coherently,
  • facilitate comparison between frameworks,
  • avoid the proliferation of local definitions,
  • strengthen consistency over time.

Linking an organisation’s internal risk catalogue to an external standard already constitutes a concrete act of harmonisation, fully aligned with the MS4ICT approach.

Harmonising management systems

Harmonisation does not apply only to roles or risks.
It also applies to management systems themselves.

When an organisation operates, for example, both an ISMS and an AIMS, these systems are often managed separately, with distinct references, risks and controls.

MS4ICT is based on the principle that these systems share a common foundation — notably the one defined by ISO/IEC 27001 — and that linking them to this foundation is an act of harmonisation and standardisation.

The objective is not to merge management systems, but to make their relationships explicit, restoring a coherent governance reading.

Why harmonisation is indispensable

Without harmonisation:

  • de‑siloing remains theoretical,
  • information is duplicated,
  • responsibilities overlap or conflict,
  • governance becomes difficult to explain and demonstrate.

With harmonisation:

  • roles are clearly defined and recognised transversally,
  • risks are structured around shared references,
  • management systems can be linked without being confused,
  • governance becomes readable, coherent and sustainable.

In MS4ICT, harmonisation is not optional.
It is the foundation upon which the coherence engine can later establish effective links between responsibilities, risks, obligations and decisions.

Conclusion

Before attempting to de‑silo governance through tools or projects, it is essential to de‑silo through meaning.

Harmonising roles, responsibilities and reference frameworks is the first building block of any coherent ICT governance.

From this harmonised foundation, MS4ICT deploys its management system and coherence engine, enabling single information, multiple views, and explainable 360‑degree governance.