Content copyright . CHL Global Associates. All rights reserved.
Abstract:
How Effective Corporate Governance Facilitates Security and Assurance
IT Operations and Security are often challenged with implementing manageable, verifiable controls in the face of other pressures and priorities. Corporate governance has the job of ensuring that IT is managed not only correctly, but also most appropriately for the organization and its stakeholders. Board members meet this duty of care by asking trenchant questions, and carefully considering the answers they get from all parts of the organization.
A significant problem is that the answers to board question may not be the right answers, may not be clear, or may actually obscure the facts. The board of directors and its audit committee can provide tremendous value to help solve problems, but this role is often underestimated or completely misunderstood. The board often represents a tremendous pool of knowledge and expertise among people who are motivated to solve problems. In leading organizations the board often helps solve IT security issues. These effective practices can be applied in other organizations as well.
Le Grand explores open questions and effective solutions such as: "How much IT knowledge must an auditor have? Or, does the responsibility reside in the other direction? (i.e., How much knowledge must IT have about audit?)"; The top ten "tricks and tips every auditor should have learned from their mentor(s)"; How to foster effective interfaces between audit, operations, and security (including the special kinship between security and audit that often is not understood or exercised), and What The IIA is doing to help improve information security assurance.
Contact CHL Global Associates for this and other professional guidance.
