n. ~ Governance · The responsibility to ensure individuals and systems properly fulfill and comply with duties and responsibilities established in policies and procedures.
- OED Concise 10th (†440 ): 1. An unintentional failure to notice or do something. – 2. The action of overseeing. [s.v. 'oversee': supervise]
- Cohen 2008 (†652 p.10): Oversight comes from laws, owners, the board of directors or a similar entity, auditors, and the chief executive officer. It produces a set of duties to protect that include legal and regulatory duties, contractual duties, and self-imposed duties. Oversight is also tasked with responsibility for making certain that the duties imposed are carried out and, typically, for making decisions that affect the entire enterprise. (†1488)
- Cohen 2008 (†652 p.36-37): Oversight is the critical governance function provided by top management relating to information protection and it is fundamental to proper operation of a protection program. It is the job of oversight to assure that proper duties to protect are put in place, that the management measures the effectiveness of the protection program in fulfilling those duties, and that management adapts the protection program to meet those duties. Laws: Laws and regulations define the legally mandated duties to protect associated with jurisdictions. All laws of all jurisdictions in which an enterprise operates have to be considered in order to make prudent determinations about duty to protect. Owners: The owners are the ones hurt by bad management decisions and they need to assure that their investment is not lost by electing proper boards of directors. For public companies there are regulatory assurances to support the public owners so that they don't have to get involved in the details of selections in order to reasonably protect their investments, but this lack of direct control by owners is often reflected in the frauds we see in the world. Owners of privately held firms are directly responsible for the disposition of their assets and for proper protection and they directly suffer from poor decisions in this regard. Board: The board of directors is legally and morally responsible to assure that the CEO and other officers are doing their jobs and have the ability to define additional duties to protect in keeping with their responsibilities. They also have oversight responsibility to act on behalf of the shareholders to assure that the shareholder value is protected. Auditors: Auditors are tasked with providing independent and objective feedback to the shareholders, board of directors, CEO, and others on the effectiveness of the protection program in fulfilling the duties to protect within the risk tolerance parameters set by management. CEO: The CEO is responsible for day-to-day control over the enterprise, and as part and parcel of this responsibility, for protecting shareholder value, for identifying the duties to protect, or assuring that those duties are carried out, for measuring the performance of those duties to allow adequate control to improve situations that warrant improvement and for keeping costs as low as possible without undertaking inappropriate levels of risk. In concert, these elements comprise the oversight functions of enterprise information protection and define the duty to protect. (†1489)
- Davis and Lukomnik 2012 (†647 p.48): While our governance and oversight systems have improved, they have not kept pace. Indeed, it may be impossible for our governance system, as currently constituted, to ever keep pace. (†1463)
- Hurley 2015 (†642 p.4): Oversight comes from laws, owners, the board of directors or similar entities, auditors, and the chief executive officer or other director. It produces a set of duties to protect that include legal and regulatory duties, contractual duties, and self-imposed duties. Oversight is also tasked with responsibility for making certain that the duties imposed are carried out. (†1447)