IT Governance, Risk, and Compliance

Sep 23 2011   7:47PM GMT

Auditing Information Security Governance – Part I

Robert Davis Robert Davis Profile: Robert Davis

Governance supports stakeholder expectations related to management’s fiduciary responsibilities. Governance also reflects how an entity achieves its stated mission. Specifically, governance can be considered the program by which entities are directed and controlled. As I have discussed previously; leadership, stewardship, ethics, security, vision, direction, influence, and values are prominent components within entity-level governance.

Various respected knowledge leaders, practicing professionals as well as professional organizations consider an entity’s oversight committee, executive management, internal audit, and external audit as governance cornerstones. Consequently, since information security is usually integrated into most entity processes, IT audit should be considered information security-level governance, IT-level governance as well as entity-level governance cornerstones.

Post Note: As of September 2011, Robert E. Davis, MBA, CISA, CICA is a member of the Master of Science in IT Auditing and Cyber-Security Advisory Council at Temple University.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: