A company's assets are central to its business success and traditionally assets represented something that was tangible. However, in today's global world, many companies have intangible assets that are worth far more than the tangible ones.
This is according to Unisa professor Mervyn King, author of the King Committee Report on corporate governance and former judge of the Supreme Court of SA. King will present a keynote address at ITWeb's Risk Management Conference, to be held on 11 September at Gallagher Estate.
"The market cap of a company does not equal book value," he says. "Wrapped up in the value is the intellectual property and intangible assets owned by the company."
King believes information systems (IS) usually start out as a business enabler, but change in value as businesses grow. "IS systems become more pervasive as a business grows; it changes from being an enabler to part of an organisation's strategic plan."
<B>ITWeb Enterprise Risk Management Conference 2007</B>
More information about the ITWeb Enterprise Risk Management Conference, which takes place on 11 September at Gallagher Estate, is available online here.
These systems have no tangible value on an accounting balance sheet, but at the same time are integral to the value of a business. "And it needs to be protected," he asserts.
One of the biggest information security risks is to allow access where it is not required. But some organisations have no choice, he says. If the company does not have its own CIO, it usually employs a service provider. "That means strategic information goes outside the company."
Companies that outsource need to be extremely careful in this situation, because it is exposed to more risk and the profile of risk changes dramatically. "Many people ask me why we don't just regulate. However, if you look at the many regulatory frameworks available, there is never a one-size-fits-all solution."
For companies that have in-house IT professionals adding the CIO to the boardroom mix, its risk profile will also change.
"The CIO now has a vested interest in the risk profile of the organisation and will be held accountable for any breaches or bad decisions, just as any other board member is," he says. "But for this you need to be big enough to employ in-house talent."
King will examine these issues in depth at this month's ITWeb's 2007 Enterprise Risk Management Conference.
Share
