Legislation is not the recipe for good governance, Judge Merwyn King told the opening of the IT Governance 2005 conference this morning.
King, chairman of the King Committee on Corporate Governance, pointed out that in either "comply or explain" or "comply or else" regimes adopted by organisations, quality governance principles rather than quantity made for good governance practices.
He said that, as the strategic role of ICT within organisations became increasing important, there was also a growing need for board members to have a better understanding of technology and IT issues.
Many executives were unaware of operational risks related to ICT, as these processes were often not understood, King said.
Thus organisations, he noted, had to either rely on expert knowledge of an appointed board member or to turn to outside advice - choices that were borne out of the complexity of governance issues.
However, King argued that these approaches necessitated board knowledge of different industries or, in the case of outside advice, placed confidential information outside a company, exposing it to parties with potentially different codes of conduct and values.
"This creates an increasing dependence on outsiders," he said, adding that, therefore, information security needed to form part of IT governance.
Good IT governance, he said, must also include a greater board involvement in IT decisions, to avoid poorly understood pricing and licensing issues.
"IT was an enabler to support businesses, now it both supports the business and drives strategy," King commented.
In terms of good governance policy, he urged a balance between conformance and performance, and stressed that quality was a factor, not quantity.
Share