IT a risk factor, says King

Nicola Mawson
By Nicola Mawson, Contributor.
Johannesburg, 04 Aug 2010

Technology has an important role to play as the world runs out of natural resources, but this opens up companies to risk, as IT will increasingly be outsourced.

Judge Mervyn King, chair of the committee that created the King reports, says the world is in crisis, as natural resources are being used up faster than they can be replenished. King was speaking at the ITWeb SMEXA Conference yesterday, on IT service management.

The King committee was formed in 1992 and launched its first corporate governance report two years later. In 2002, a second report was issued to take into account the growing need for companies to incorporate sustainability in their financial reporting.

King III came into effect in March this year and, for the first time, includes a chapter on the need for IT security and governance. In King II there was “not a word about IT governance and IT security”, says King.

However, in today's world, IT risk, security and governance play an important role, he says. King explains that technology can aid companies in finding solutions to a growing lack of resources.

Finding ways to overcome dwindling resources and make better use of things such as water and fossil fuels is not only important for the long-term sustainability of a company, but also garners the trust of investors, says King.

He explains that companies can no longer only report financial statements that give a view of their health at a moment in time, but also need to include aspects such as the environment and social effects - the so-called triple bottom-line.

He says all these aspects are interrelated. Yet, “one of the most critical interdependences is IT, because it's technology that is going to save the planet”.

Risk factor

However, the growing importance of IT opens up companies to risk, because there is a growing need to outsource IT services, he adds. IT must be aligned with a company's growth strategy and - as a result - the business plan must be shared with the service provider, explains King.

King says sharing information leads to the risk that it can be stolen, or that insider trades can take place. As a result, IT security is critical.

“If people get access to personal information, your company could be committing an offence,” he states.

However, Jayen Vyravene, CEO of Quency Advisory & Training Services, points out that IT governance is an important part of a company's overall governance plan, yet there is no easy one-size-fits-all solution.

“IT risk is business risk,” says Vyravene, and needs to be viewed alongside other risks in a holistic manner. “A lot of risk management is copy and paste,” but copy and paste solutions do not work, because businesses need to understand the environment in which they operate, he says.

Vyravene says companies need to understand their environment, and then use the current frameworks as a starting point to make their own customised risk management plan.

Related story:
King III in effect from today