Content area
Full Text
One of the new issues addressed in King III is IT Governance. Thea Voogt tackles the appointment of a CIO and raises the issue of what CFOs should do about it and IT Governance. She also presents research findings on IT matters from a SAICA research project targeting the CFOs of the 40 largest listed companies on the JSE Ltd.
One of the significant new issues in King III is IT governance. Its introduction is meant to "create a greater degree of awareness" of IT governance at director level and to support it in general. The IOD presents good reasons why it should receive more attention (IOD, 2009a:16): information systems are pervasive in business and incorporated in business strategy, IT is integral to business and an operational enabler, IT is a strategic asset that creates opportunities in order for a business to gain a competitive advantage. Much reliance is placed on IT systems, significant investments are made in IT, most companies place great reliance on IT and, nowadays, e-commerce, electronic communication, the internet and on-line trading have integrated IT in virtually all aspects of business.
Equally, King III points to the risks associated with IT (IOD, 2009a:16): an increase in operational risk, loss of confidentiality of information, integrity and availability of the functioning of systems, possession, usability and usefulness of the system, authenticity of system information, unauthorised use, access, disclosure or changes to IT systems.
In exercising their duty of care, directors "should ensure prudent and reasonable steps have been taken in regard to IT governance" (IOD, 2009a:16). King III suggests seven principles related to IT governance (IOD, 2009a:chapter 5), which are centred on the pivotal role of the board of directors.
But, at an operational level, IT governance frameworks, policies and procedures must be assigned to a person or group of persons. The King III Code recommends that management is responsible for the implementation of the structures, processes and mechanisms for the IT governance framework, and should regularly demonstrate to the board that the organisation has adequate disaster recovery measures in place. And, importantly, that the chief executive officer (CEO) should appoint a suitably qualified and experienced chief information officer (CIO), who will be responsible for the management of IT, and who must...