Though SA has a number of governance policies and guidelines which recognise IT as a critical business driver, most organisations in the country are still to adopt them.
So said Gary Hardy, owner of local risk management solutions provider, ITWinners, presenting at the ITWeb Governance, Risk and Compliance Summit held at the Forum in Bryanston this week.
He said although King III is one of the best codes of corporate governance in the world, South African organisations have not fully embraced its principles, resulting in them not deriving value from it.
In certain instances, Hardy notes, some organisations adopt the King III principles begrudgingly and take a checklist approach towards it.
The King Report is a code of corporate governance in SA issued by the King Committee on Corporate Governance in 2009. Compliance with the report is a requirement for companies listed on the JSE. However, said Hardy, adoption has been slow.
He believes the lack of alignment between business and IT objectives within many South African organisations has also stifled the adoption of King III principles.
King III recognises IT has become an integral part of doing business today, as it is fundamental to the support, sustainability and growth of organisations.
"King III is the only national corporate governance code which recognises IT as pervasive and strategic to the business," he said.
He pointed out that most organisations are taking a "compliance focus" in regards to King III and this leads to them just a taking a "tick-in-the-box" approach.
In 2009, said Hardy, the Auditor-General of SA (AGSA) identified weaknesses in IT governance in the public sector and recommended a government-wide framework to give due consideration to risk as well as controls to ensure value and service delivery.
The AGSA also recognised the huge cost of wasted IT investments and poor operational support for service delivery, and cited the national problem of disparate systems, bandwidth, poor governance and management practices as well as skills challenges as having a negative impact on IT governance.
From 2012 to 2014, the Department of Public Service Administration (DPSA) also came up with several policies and guidelines for IT governance, said Hardy. In 2012, the department implemented guidelines based on IT governance framework, COBIT, with a focus on top management accountability, he revealed.
In March 2014, the DPSA set a strategic and operational implementation plan based on a recommended set of key COBIT 5 processes. Beyond March 2015, it aims for the continual improvement of IT governance and strategic alignment with business.
According to Hardy, the value of IT governance can only be achieved if organisations realise IT is pervasive and critical in the support of business operations.
"Information systems were used as enablers to business, but have now become pervasive in the sense that they are built into the strategy of the business," he said, quoting King III. "IT will not be effective without better governance and management."
He believes a change in attitude is needed within organisations and top management should embrace IT governance as an enabler of business.
Share