Sunday, 6 November 2011

Individual Accountability

Individual accountability is the measurement of whether or not each group member has achieved the groups’ goal. Assessing the quality and quantity of each member’s contributions and giving the results to all group members[1].

Individual accountability is the factor that shows that the organization is acting cooperatively and also demonstrates due diligence and effective governance. “The purpose of cooperative groups is to make each member a stronger individual in his or her own right[2].

There are numerous methods that may be used to structure and increase individual accountability. Some of these include:

  • Periodically testing staff to see if they understand the policies of the organization,
  • Ensuring that controls are enforced fairly throughout the organization.

Individual accountability reduces fraud. By instilling a level of personal accountability and ethical responsibility within the organization’s staff, lower rates of incidents can be expected.

Group vs. Individual Accountability

Groups perform as groups when they are treated as groups. If we treat individuals only as individuals, they will not perform as a group.

Controls over accountability need to apply both of the individual and group level. It is common to blame an individual for the failings of a control without looking at the root cause.

Privileged Users

Controls need to be implemented to ensure that a level of accountability and monitoring are assigned to privileged users (such as the root account on UNIX and Administrator accounts in Windows).

Privileged users consist of more than just the administrative user. When setting controls over privileged users consider operator accounts (such as backup operators and those personnel who issue user accounts) and implement both preventative and detective controls at a minimum.

One of the most frequently overlooked areas when considering privileged users is that of network and peripheral equipment. It is common for routers and other network devices to be poorly configured and use insecure access and accounting controls.

[1] Johnson, D., Johnson, R.& Holubec, E. (1998). Cooperation in the classroom. Boston, US: Allyn and Bacon.

[2] Johnson, Johnson, & Holubec, 1998, p. 4:17

No comments: