Governance supports stakeholder expectations related to management’s fiduciary responsibilities. Governance also reflects how an entity achieves its stated mission. Specifically, governance can be considered the program by which entities are directed and controlled. As I have discussed previously; leadership, stewardship, ethics, security, vision, direction, influence, and values are prominent components within entity-level governance.
Various respected knowledge leaders, practicing professionals as well as professional organizations consider an entity’s oversight committee, executive management, internal audit, and external audit as governance cornerstones. Consequently, since information security is usually integrated into most entity processes, IT audit should be considered information security-level governance, IT-level governance as well as entity-level governance cornerstones.
Post Note: As of September 2011, Robert E. Davis, MBA, CISA, CICA is a member of the Master of Science in IT Auditing and Cyber-Security Advisory Council at Temple University.