IS Executive Roles and Reporting Relationships

Run the IS Executive Roles MicroSim Fullscreen

About This MicroSim

The four most common IS C-suite roles — CIO, CTO, CDO, CISO — plus the Audit Committee and three supporting professional roles. The toggle compares the two dominant reporting structures for the CISO:

• CISO → CIO (operational) — best day-to-day integration, weaker separation of duties
• CISO → Audit Committee (independent) — stronger separation, weaker operational integration

Click any role for its primary accountability, two day-in-the-life activities, and the most common career path into the role.

Embedding This MicroSim

<iframe src="https://dmccreary.github.io/information-systems/sims/is-executive-roles/main.html"
        height="722px" width="100%" scrolling="no"></iframe>

Lesson Plan

Learning Objectives

By the end of this activity, students will be able to:

1. Name each IS executive role and one accountability for each
2. Compare the two CISO reporting structures
3. Articulate which separation-of-duties risk each structure mitigates or creates
4. Map a real-world job posting to one of the eight roles

Suggested Activities

1. Role Match (5 min) — Click each role; quiz students on accountability vs day-in-the-life
2. Reporting Tradeoff (15 min) — Toggle between the two structures; write a one-paragraph recommendation for a regulated industry
3. Career Path Mapping (10 min) — For each role, identify a job title that's two steps away on the path

References

• ISACA. Reporting Lines for the CISO: A Comparative Study.
• Weill, P. & Ross, J. IT Savvy (2009).

Related Resources

• Chapter 2: The Role of IS in Organizations