Date of Award
Bachelor of Science Honours
Faculty of Computing, Health and Science
Security as a profession and discipline has emerged principally in the later half of the twentieth century and has developed to become a more defined, usual, respectable and visual part of management. This study aimed to determine the degree of recognition and application of security risk management to corporate governance practices in Australia. Formal research design used descriptive research methodology, consisting of a literature review, primary document analysis and a questionnaire survey to collect data. This research was contrasted to a Corporate Governance Security Model formulated to determine if the model is applicable to the recognition, or application, of a security function to the Australian Stock Exchange ('ASX') Corporate Governance principles. A major finding of this study is that security functions and responsibilities are poorly recognised and documented by Australia's largest public company boards. A majority of directors will have no experience or qualifications in security risk management and this is likely to be reflected down through the organisation resulting in low to medium security awareness and culture. Corporate governance statements from companies listed on the ASX/S&P 200 strongly suggests that security related risks are not widely considered as part of the corporate governance framework. With limited application of security in the corporate governance framework, there is less focus on security related behaviour within the codes of conduct held by a majority of public companies. This can have an adverse impact on corporate ethics, internal controls and crisis response capabilities. The study developed a model which implements security risk management functions to the corporate governance framework in order to formally recognise and promote effective management of security risk and compliance. Applying security as a business process to support long term revenue was found to benefit corporate reputation and compliments other risk and business management practices. Security of information and confidentiality is enhanced to encourage reports of misconduct within the company, generating a security and reporting culture. Security functions are currently limited to form part of internal controls within the operating environment and generally viewed as a cost centre which does not contribute to revenue. Security functions are not holistically applied across the organisation or within the corporate governance framework. There are a number of recommendations resulting from the study and are primarily concerned with the continued need for research into the application and recognition of security within the hierarchy of executive and business management.
Cubbage, C. J. (2005). The recognition and application of security risk management in corporate governance. Retrieved from http://ro.ecu.edu.au/theses_hons/1050