Posted by: Robert Davis
COBIT, Control Environment, Ethics, Infrastructure, Integrity, ISACA, ISO, ITSM, Organizational Structure, Service Delivery, Systems
Authority is the power or right to give commands, enforce obedience, take action, or make final decisions. How operating activities are assigned as well as how reporting relationships and authorization hierarchies are established reflect authority status. Managerial authority invokes leadership responsibilities for activities within the assigned authority domain. An entity’s policies and/or procedures for assigning authority for activities affect the understanding of established reporting relationships and designated authorization authority.
Responsibility is an obligation to account or answer for something or someone and is generally considered a delegated authority corollary. A sufficient responsibility assignment milieu includes policies and communications directed at ensuring that all employees understand the entity’s objectives, knowledge regarding how their individual actions interrelate and contribute to adopted objectives, and recognition of how and for what they will be held accountable. In addition, policies relating to appropriate business practices, knowledge and experience of key personnel, and resources provided for carrying out duties are key components of assigning responsibility.
Considering the preceding discussions, accountability is the obligation to answer for a responsibility conferred or implied. Accountability is required to ensure authority is administered appropriately within the context of assigned responsibilities. Employee accountability affects responsibility for meeting standards. Standards become ineffective measurement tools when accountability is lacking. Lastly, authority without accountability can promote corrupt practices.
“View Part I of the What Every IT Manager Should Know About Service Delivery and Support series here“