Johannesburg, 30 Jan 2012
It's been almost two years since the King III report came into effect, and its recommendations have become a benchmark for corporate governance practice in South Africa.
While King II helped to entrench the processes and reporting requirements of good governance, companies are now also learning that, to enable a smooth reporting process, they have to get their house in order when it comes to information management. King III draws our attention to this imperative in Chapter 5, Clause 6, which deals with management of information assets: “The board should ensure that information assets are managed effectively.”
We asked Bennie Kotze, enterprise content management specialist at NokusaEI, what this means.
“Essentially, King III says that an organisation's information is in itself a company asset. Thus, the company's directors are accountable for strategically managing and protecting this information asset to extract optimum value, as they should be doing with any other company asset,” says Kotze. He explains that this view is the basis of Chapter 5's focus on information technology (IT). Since IT is the enabler of almost all communication of information in business today, King III emphasises the link between IT and corporate governance.
The onus is thus on the company directors to ensure that governance information is supported by efficient and effective records management. “Records are evidence of what you do, the transactions you make and the decisions you take. Your company records provide a memory for your company and enable a broad reach of transparency,” says Kotze.
It all comes down to the basics of having a sound document and records management system in place; this is the bedrock of information management and is fundamental to good business practice.
Kotze explains that inefficiencies in document, content and records management can expose you to potentially costly risks, which is why company directors need to take information management so seriously. He cites the example of Morgan Stanley vs Perelman, where the New York-based bank could not reliably produce the e-mails that were required for court evidence. In 2005, Morgan Stanley was found to be guilty of obstructing justice and was fined US$1.45 billion to be paid to Perelman. At the time, WTN News commented that the judgement was “a clarion call for revisiting your organisation's e-mail message retention policies”.
Efficient information management is also a protection against the uncertainty of an unstable world, adds Kotze. For instance, companies worldwide have had to find a way to navigate the rapids of the current economic downturn, most have had to tighten up, consolidate and innovate to stay afloat. All this requires pivotal attention to detail, thus there has to be full sensitivity to what is occurring on the ground. “Detailed information management is fundamental to this process - it can embrace the complexity of minutia and provide a stable and resilient flow of information that will bolster the sustainability of your business,” he says.
Kotze also cautions that the way in which we are producing information is changing. In the old days, structured record systems started with the largest organisations and filtered down to the individual. Today, with the advance of social media, the reverse is happening: information starts with the individual and spreads virtually like wildfire. “It's become easier to know what your girlfriend of 30 years ago had for supper last night than to find a crucial policy document,” he quips. It has become absolutely critical that organisations protect the integrity of their information processes, comply with regulations and ensure the availability and accessibility of information.
This brings us back to King III's recommendations, says Kotze. “Every business should have an information committee of senior executives who audit the information processes and monitor the full life cycle of information - from creation, to receiving, to retention, to maintaining, to disposal.”
Thus, in terms of protecting the information asset, King III instructs that it is the responsibility of the company board to put in place a formal information security management system to ensure the confidentiality, integrity and availability of information, to ensure that company information is adequately protected, and to identify and protect personal and sensitive information according to the relevant laws and regulations.
In conclusion, Kotze points out that the service provider who supplies an information management system to a company should be fully cognisant of the governance implications of this technology. He advises that boards should select a consultant who can: assess their company's governance functions and compliance requirements; complete a sound needs analysis; and advise on the management capabilities and principles that need to be applied; install and implement the appropriate systems; as well as provide the training and support needed for optimum implementation.
Company directors should be asking themselves whether their repository of information is being managed optimally, and should ensure that their technology suppliers fully understand the corporate governance imperative to manage the information asset.
Share