When we think of the term “governance”, many different definitions appear depending on how it is being presented. Governance is thought of as “the art of steering societies and organizations” (Plumptre & Graham, 1999). This definition is a good starting point given that the root govern is used as a control or lead in most cases. To continue, for somebody to control or lead they must have someone to be led.

Governance involves the interactions among structures, processes and traditions that determine how power is exercised, how decisions are taken, and how citizens or other stakeholders have their say (Plumptre & Graham, 1999).

Governance considers the CEO all the way down to a regular employee with the use of policies and procedures in order to create an efficient and balanced organization. It is based on power within a role. Who has the authority to make the important decisions or can somebody else provide influence and be held accountable?

Four business drivers affect governance in different ways. Forms of business organization, industry, maturity and organizational structure are all vital toward a healthy business. The three main forms of business organization: sole proprietorship, corporations, and partnerships influence the size and complexity of the organization, which also influences the nature of corporate governance (Murray 2020). Governance can be changed based on the form of organization presented. In a sole proprietorship organization, the business is run and owned by someone for the benefit of themselves. Think of a “mom and pop” shop or boutique in the mall. They set their own rules and procedures based on how they view their organization should be navigated. Less emphasis on governance here for the sake of making money for the business. When it comes to a partnership, two or more individuals share the logistics of the business. The structure of their governance is based on the collective knowledge of all parties involved. Each person has influence on the policy and procedures that will navigate this business. Everyone’s voice must be heard which makes the governance challenging and detailed to fit requirements of all parties. Deciding a proper work schedule for instance or policies to prevent one person taking the brute debt in case the company fails. Corporation is a legal entity separate from the owners (Murray 2020). Governance has a big hand in the infrastructure of a corporation because of the legal measures presented within itself. The money from shareholders are what drives the corporate governance and activities.

The form of business organization influences the structure and hierarchy of the organization (Murray 2020). When we factor in the definition of corporate governance, we start to understand how companies are ran internally. Corporate governance refers to the systems of rule, practices, and processes by which companies are governed. To have an effective corporate governance these must be a trickle-down approach starting with head (CEO) of the company. If a CEO proposes a security governance amongst the governing board members, this provides an increase in awareness for risk management (Patrick, LLC 2015). The culture of the company changes for the better focusing on security of information. A certain position would more than likely need to be made to lead the charge of these policies and procedures. However, some organizations could choose not the provide this position and split the responsibility amongst the governing board. The idea of corporate governance is all about transparency, accountability and security within the company. A corporation needs documents like a certificate of incorporation, by laws and often share holder agreements to make sure the business is properly running and the obligations the owners take on are equally shared. To prevent any conflict amongst the board when it comes to external parties trying to merge in, simply set rules to vote on the business.

Establishing the GRC management can be quite functional depending on the path used to regulate the information. For instance, if a CIO was present in most cases only when innovation, information management, and IT service delivery are the emphasis, GRC helps incorporate security governance into organization technology and IT services (Murray 2020). Reporting to the CRO focuses on risk management. How can a company prevent its financial gains from being leaked or projects internally being shared in case someone leaves the business? Some organizations feel a general counsel can handle this position and don’t outsource a CRO. GRC must work handily with the legal team but ultimately answers to the counsel. All in all, the industry with which an organization operates will affect corporate governance.

Cyber Security Professional | Red Team