Companies have a little over three months before they need to start applying the King III Code of Governance for South Africa. For most CIOs, their new responsibilities are considerable and few would want to be the reason that their companies are not applying the code as expected.
King III clearly positions IT governance as a board responsibility executed by the CIO and executive management. Historically, the focus was often limited to risk management and compliance with internal controls for financial reporting. This is not going to be adequate under this code.
The King III chapter on IT governance strongly focuses on stewardship of IT resources for the benefit of all stakeholders. Guarding against excessive expenditure on IT is one of the themes of the code. Another is accountability for delivering the results expected.
The board and executive management are required to take responsibility for high-value projects and outsourcing deals. Historically these two areas have been problematic. Many organisations do not have the organisational maturity necessary to undertake large-scale developments or enter into high-value outsourcing deals. In many organisations, the CIO has not addressed their personal responsibilities to ensure proper management and good governance is in place.
Service providers have come up for scrutiny under King III as the challenges that these enterprises face are no different from in-house IT organisations. However, it is far less transparent how well these organisations are being managed and what level of compliance they maintain.
Peter Hill, managing director of the IT Governance Network, says service providers are far less mature than companies realise. Most organisations carry considerable risk from having outsourced their IT functions because of the weak internal controls and high dependency that outsource companies have on key individuals for success.
The King Code requires that both the service provider's internal controls and its governance arrangements be scrutinised regularly by client management. Frequently outsourcing contracts and service level agreements fail to address these important issues. Compliance with regulations such as that expected for the protection of personal information will be major challenges for service providers as most are a long way off being in a position to fulfil their obligations and those of their clients.
To assist companies address King III, the IT Governance Network has released a free King III readiness assessment tool accessible from its Web site. Comprising 100 questions, this King III readiness assessment tool helps CIOs quickly determine their organisation's current status. Client confidentiality is maintained throughout as the tool does not store any information from the assessment.
The IT Governance Network is also holding a series of seminars to help CIOs and their management teams better understand how the King Code applies to IT and what they need to do to apply its requirements.
Availability:
* On the Web site, at http://www.itgovernance.co.za.
Share
Editorial contacts