Leadership through Governance

FacebookTwitterGoogle+LinkedInEmail
Description
This lesson focuses on governance, which is managing the organization as a whole.  If an organization is not managed carefully, then there could be issues. IS auditors must familiarize themselves with various policies and rules within organizations. [toggle_content title="Transcript"] When we think about governance, we think about the fact that it’s managing the organization as a whole, and when that’s done properly that is, in effect, showing leadership. So it’s an important connection to make between governance and leadership to think about. For instance, if you were part of an organization that is known for having very high ethical standards, then the governance of that organization is probably responsible for that. To institute a culture where the management respects the employees, and vice versa, and the customers are treated fairly and lawfully. If your organization is not governed properly, now you’ve got different issues. For instance, if there are not well-defined consequences for misbehavior, or if the process for making decisions at levels below the highest level: if that’s not managed carefully then you might end up with people in middle management, or even lower levels of management, making decisions that have an adverse effect on the organization and it wasn’t their intention to cause a problem but a problem happened anyway because their management decision wasn’t approved. And there was no need to have it approved. Examples might be things like a manager decides to change the way they do things or they decide that certain changes to a system don't require a formalized change control process. I’ve seen this in organizations that I’ve worked for. And sometimes people say, ‘Oh, that person’s being a cowboy.’ They’re just kind of shooting from the hip, doing what they think is best without getting approval and that might work well in certain environments, but, ultimately, if you’ve got people making decisions in an uncoordinated fashion that’s going to cause issues at a later time. And the issues could be catastrophic. There could be, you know, civil lawsuits accidental destruction of data, or leaking of customer information because it wasn’t properly protected and someone didn’t go through an assessment and authorization process for their system and now it’s not secure and is vulnerable to hackers. These are all different scenarios that might unfold if we don't have correct governance to demonstrate leadership for the organization. So, it’s one thing to govern the organization correctly, but we still have to think about discovering problems in the way that that’s done. So, that’s where auditing comes into its own - We know that the auditor needs to be familiar with what the organization does, all of the policies that are created to manage its processes, the business logic involved, maybe even some lower level details about how certain transactions are handled within the organization. So once the auditor understands those things, then they can make the connection between proper governance and results-based testing to show that the governance is effective. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel