One of the best ways
to minimise risks has always been to separate duties, be it in a business
environment where the sales person takes the orders but someone else signs off
on the invoice or in a personal environment where the person taking an exam is
not the person who is also marking the exam. These are just some examples
however they illustrate a point, that being that management should be separate from
the making of the governance policy. This is because when using the COBIT 5
framework it outlines managers’ roles as to plan, run and measure activities to
achieve the business objectives set out by board ("The difference between governance and
Management", 2014).
If management are
allowed to create the governance policy then risk becomes a factor whether this
through fraud or other risks such as accountability and responsibility ("The
difference between governance and Management", 2014). An example that
comes to mind is the allowing of my brother to borrow or use my car; with this
I am accountable if he crashes. However if I told him he could use our mother’s
car without her knowing the risk is that I hold no accountability if it’s
damaged as it is not my car and it becomes my word against his over who is
responsible. Therefore allowing managers to determine governance policy
presents risk.
Reference
The difference between
governance and Management. (2014). Our Blog. Retrieved from
http://www.escoute.com/2014/03/14/the-difference-between-governance-and-management/
No comments:
Post a Comment