This lesson focuses on understanding the corporate structure and discusses the various roles in a corporate structure:
- The Board of Directors
- Audit and Oversight Committee
- Chief Executive Officer (CEO)
- Chief Operating Officer (COO)
This lesson also discusses consulting firm roles and how they relate to organizations. [toggle_content title="Transcript"] Alright, so let's look a little bit at the corporate structure. This is an important concept for the auditor to understand. Each organization has its own structure that may vary from division to division, or maybe the organizational structure looks different to the auditor from other places they've worked in the past. So having a good ORG chart that's clearly labelled and shows everyone's roles is a really good foundation to have to begin with. This also helps the auditor decide who needs to be contacted or worked with in order to get the appropriate level of authority for certain decisions and for certain information to be revealed. So, thinking about some of these members of your typical organization, we have a board of directors. Typically it's composed of investors and advisors. The board typically also advises the CEO and the CFO, the Chief Financial Officer of the organization, so they discuss among themselves what they think the priorities are for any given issue and make their recommendations to the top level leadership in the organization. Then you have an oversight committee in a lot of organizations. This is not always required but it typically does exist. So this could be people that are on aboard as well but are not part of the normal business operation. This gives them a different perspective somewhat from what the people on the board of directors might have. The oversight committee will also perform a function to keep an eye on the different initiatives the organization is undergoing and decide what kinds of resources might be allocated to achieving those goals. Then we have the CEO. As we see here, the CEO is primarily concerned with generating revenue. That's their ultimate responsibility for the organization. They have some expectation for setting appropriate levels of risk and making some risk-based decisions for the different considerations for the organization, as far as steering it through some of its challenges and handling things like acquisitions and mergers, and so on. Chief Operating Officer, or COO, they're also concerned with revenue, but in the sense that they are always looking for ways to improve upon the current revenue generation methods. Trying to find ways to generate more money for the business by looking at as many metric and other performance indicators as they can get their hands on to understand where the efficiencies are, where the inefficiencies are, in order to improve those things over time. Then we have our Chief Financial Officer, the CFO. So, there is some interaction, of course, with the CFO and other executives at the C-level suite. Since the CFO is concerned with capital allocation, they've got some responsibility for oversight and understanding how the organization is spending its money, whether that's being done efficiently or inefficiently and also trying to uncover ways to improve that process over time. Then we have the CIO, your Chief Information Officer. Subordinate to the CFO. The CIO is gathering information about the organization's operations, how it spends money, and funneling that up to the CFO so that the CFO has enough information to make his decisions. So there is some inter-relationship there. Then we get down to the president or general manager. Presidents of corporations or organizations have a lot of responsibilities, but they're not as high-up in the organization as the C-level suite. They still make important decisions, but they don't have as much authority to make certain choices, as far as allocation of funds, or other types of resources. Then we have an important point here that the president or the general manager is usually liable. If a fraud is committed, or a crime is committed, and the manager or president of the corporation is not aware of that, they might have some issues, or if they knowingly commit fraud, or knowingly allow certain things to happen, then they're going to be liable for that as well. Then we have the vice-president, the VP. This is the second level of officer underneath the c-level suite. Again, the VP, just like the president, is liable to investigators or prosecutors, if the organization is undergoing some type of investigation. Then we have directors, or sometimes called line management positions. Directors are responsible for some sub-division of the company, or the organization. A business unit, like marketing or sales or research and development, typically that's headed up by a director. Then, lastly, we have the lower level managers and the actual workers. Managers at this level are obviously directing staff in their day-to-day duties and then their long-term and medium-term goals as far as development, handling projects, seeing that certain initiatives are continued until their completion, and so on. At this level, though, managers and staff members may not be necessarily liable to prosecutors unless they are involved in some illegal activity, and then, of course, they can't absolve themselves. Alright, so moving on to a consulting firm as compared to a typical corporation, we've got slightly different considerations here. First we have the managing partner. So, again, it's a C-level executive equivalent type of role. Perhaps equivalent to something like a president of an organization. The managing partner as a result, has responsibility for the different divisions within that consulting firm. You might have a consultancy that does financial contracting or IT or research and development, software development. So the managing partner would deal with those different divisions, the same way a president of an organization would do if it wasn't a consulting firm. Then we have partners. So these are similar to a director in the regular corporation, since they are responsible for different divisions within the organization to manage that as a business unit. So, again, you might have a partner that manages just the financial side of the house. Another partner manages the consultants that do IT work, and so on. Then we have engagement managers - another director level type of position. But they are more concerned with the relationship between clients and the consulting firm - Trying to keep everybody happy. Making sure they understand the clients' needs, and, of course, making sure that the organization is providing those solutions that the client requires. Then we have senior consultants. Obviously this is someone who has risen up through the ranks and is in some level of authority to manage lower-level consultants or act as a mentor to them. Senior level consultants are expected to be very autonomous and should not require a lot of hand-holding. Then we have consultants doing the actual work for the clients on behalf of the consulting firm. Usually the consultants are acting in the same capacity as an employee would be within the corporation or the organization that they're performing their duties. As you probably are aware, there are sometimes cultural and political differences between employees and consultants or contractors. Sometimes they're not treated exactly the same way, but most organizations, in my experience, usually treat the contractors and the employees on a pretty fairly level playing field. Then we have systems analysts. As it says here, where this is considered an entry-level position, this is someone who is perhaps relatively new to the consulting world and is still trying to build up their skills and their abilities in order to rise up to higher levels within the organization. [/toggle_content]
Certified Information System Auditor (CISA)
In order to face the dynamic requirements of meeting enterprise vulnerability management challenges, CISA course covers the auditing process to ensure that you have the ability to analyze the state of your organization and make changes where needed.