Threats Escalate: Corporate Information Technology Governance Under Fire
67 Pages Posted: 5 Nov 2012
Date Written: November 5, 2012
In a previous publication The Board’s Responsibility for Information Technology Governance, (with Kara Altenbaumer-Price) we examined: The IT Governance Institute’s Executive Summary and Framework for Control Objectives for Information and Related Technology 4.1 (COBIT®); reviewed the Weill and Ross Corporate and Key Asset Governance Framework; and observed “that in a survey of audit executives and board members, 58 percent believed that their corporate employees had little to no understanding of how to assess risk.” We further described the new SEC rules on risk management; Congressional action on cyber security; legal basis for director’s duties and responsibilities relative to IT governance; major sources of IT risk; schematic for an IT governance framework; suggested fundamental questions every board should ask; examined board structure, composition and required IT governance skills; litigation risks and a recital of recent cases; mitigating risk through insurance; and the importance of business continuity planning. As the result of the proliferation of cyberattacks during 2010 and 2011, the SEC’s Division of Corporation Finance announced new disclosure guidance for cybersecurity issues during October, 2011.
It has become apparent that newly-disclosed attacks on Information Technology infrastructure have reached crisis proportions. Therefore, a focus on IT governance must be a major priority of management and every corporate board. Issues involving Information Technology are uniquely complex and involve engineering skills that quickly become obsolete in this era of rapid technological change. Here, suggestions are offered about the value of a Chief Information Security Officer and recommendations are made for improving cybersecurity. An examination of recent threats will hopefully assist in bringing a greater understanding of their nature and increased focus on IT governance to the agenda in every boardroom.
Keywords: Accounting, Audit Committee, Board Structure, Corporate Governance, Cyberattack, Cyberwar, Data Breach, Directors, Information Technology, Internal Audit, Internal Controls, International law, Litigation, National Security, Organizational Behavior, Risk Management, Sarbanes-Oxley, SEC, Strategy
JEL Classification: C88, G18, G34, G38, H56, K22, K33, K42, L21, L86, L98, M10, N40, O30, O31, O32, O33, O34, O38
Suggested Citation: Suggested Citation