Friday, 17 April 2015

Monkey See.... Monkey Do??

Blog 1



Setting the right tone at the top is vital to allows the ethical climate to be filtered down to the employees below. Wrong tone could mean a wrong turn. This concept is also important in terms of IT Governance. Can the attitudes of the management really help prevent risky behaviours?

The Standards Australia Technical Committee developed standards with a governance framework that encourage management leadership in IT projects.  The standards were prepared in light of recent IT failures that were attributed to the absence of good IT governance from management such as the $1.2 billion Queensland Health Payroll debacle. Protiviti found that organisation with oversight and direct questions from the board responded much better to IT security issues. Protiviti's 2014 IT Security and Privacy Survey found that a highly engaged board with IT security creates a security-conscious environment.   

Even on a smaller scale, it becomes clear how people mimic the work of their superiors. I once interned at a private agency. The management had placed the usernames and passwords needed to log onto the system on every desktop in full view of interns, casual staff and clients. This gave access to client information, the payroll system and the company intranet. The lower level staff were not worried and allowed the interns unsupervised access to the system.



I believe that management emphasis on the importance of IT governance is the key to successfully constructing a no-tolerance attitude to risky IT behaviours. Like the pyramid above, the values of management will filter down to the employees below and encourage a IT risk-averse environment because the employee will do what the employee sees.   

No comments:

Post a Comment