Threats Escalate: Corporate Information Technology Governance Under Fire

67 Pages Posted: 5 Nov 2012

See all articles by Lawrence J. Trautman

Lawrence J. Trautman

Prairie View A&M University - College of Business

Date Written: November 5, 2012


In a previous publication The Board’s Responsibility for Information Technology Governance, (with Kara Altenbaumer-Price) we examined: The IT Governance Institute’s Executive Summary and Framework for Control Objectives for Information and Related Technology 4.1 (COBIT®); reviewed the Weill and Ross Corporate and Key Asset Governance Framework; and observed “that in a survey of audit executives and board members, 58 percent believed that their corporate employees had little to no understanding of how to assess risk.” We further described the new SEC rules on risk management; Congressional action on cyber security; legal basis for director’s duties and responsibilities relative to IT governance; major sources of IT risk; schematic for an IT governance framework; suggested fundamental questions every board should ask; examined board structure, composition and required IT governance skills; litigation risks and a recital of recent cases; mitigating risk through insurance; and the importance of business continuity planning. As the result of the proliferation of cyberattacks during 2010 and 2011, the SEC’s Division of Corporation Finance announced new disclosure guidance for cybersecurity issues during October, 2011.

It has become apparent that newly-disclosed attacks on Information Technology infrastructure have reached crisis proportions. Therefore, a focus on IT governance must be a major priority of management and every corporate board. Issues involving Information Technology are uniquely complex and involve engineering skills that quickly become obsolete in this era of rapid technological change. Here, suggestions are offered about the value of a Chief Information Security Officer and recommendations are made for improving cybersecurity. An examination of recent threats will hopefully assist in bringing a greater understanding of their nature and increased focus on IT governance to the agenda in every boardroom.

Keywords: Accounting, Audit Committee, Board Structure, Corporate Governance, Cyberattack, Cyberwar, Data Breach, Directors, Information Technology, Internal Audit, Internal Controls, International law, Litigation, National Security, Organizational Behavior, Risk Management, Sarbanes-Oxley, SEC, Strategy

JEL Classification: C88, G18, G34, G38, H56, K22, K33, K42, L21, L86, L98, M10, N40, O30, O31, O32, O33, O34, O38

Suggested Citation

Trautman, Lawrence J., Threats Escalate: Corporate Information Technology Governance Under Fire (November 5, 2012). Available at SSRN: or

Lawrence J. Trautman (Contact Author)

Prairie View A&M University - College of Business ( email )

Prairie View, TX
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics