Corporate Integrity: Waving the Red Flags

Security can play a major role in ensuring the integrity of the corporation. But it won't happen without persistence.

. What's this?

By

July 01, 2003CSO — There is no Baldrige Award for Corporate Integrity, but if there were, the CSOs of this world would be among those with a bullhorn on the nominating panel. Or at least they ought to be.

I can't think of a role more attuned to the mission of overseeing risk than ours. In my view, no member of the corporate governance team is more qualified to deal with the key elements of oversight than the CSO. The security department can administer the programs required to assure the organization's integrity, and the CSO is in a good position to be an advocatean owner of sortsof a variety of business-conduct policies. In addition, he can fill the role of adviser to top management on issues affecting the reputation of the enterprise.

Some would argue (and current governance movements underscore the notion) that it is the auditors, both internal and external, who are the logical overseers for integrity assurance. Not so. Audit is cyclical, and it is not meant to be an investigative function in the same way that security is. As a matter of fact, the corporate ethics or compliance department of an organization may have input into security policy, but neither group wouldor shouldhave the scope and reach of security.

How about the members of the human resources team? They certainly can participate as an employee advocate, but as a department, they lack the objectivity that security brings to the table.

Noat least as I see itit is the security department that has the unique perch to see the cautionary signals that are a part of daily corporate life, and we're paid to understand that aspect of operational risk better than anyone else on the executive team. When corporate security provides its share of oversight and control maintenance in an organization, it can see a variety of red flags that others don't.

Yet in all of the current commentary and debate on corporate scandal and wrongdoing, I've not seen one word acknowledging the CSO'sor even the corporate security department'srole in risk management. If you don't believe me, just do some research on corporate governance and see how many times you find a reference to the security function or the CSO as a member of the team. You won't, I promise.Connecting the Dots"I was so busy, I never saw it coming!" This from the line manager who's just fired an employee for misconduct. With downsizing, rightsizing and just plain working our butts off to do more with less, the velocity of business dealings often masks control weaknesses.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER