The final King Report on Governance for SA, King III, was released on 1 September 2009 and will come into effect today, replacing the existing King II Code and Report on Corporate Governance.
The report provides organisations with guidance on good corporate governance practices, says Deloitte.
Acknowledging the integral role of IT in business, King III specifically addresses issues around IT governance.
According to the Institute of Directors (IOD), the report states that IT governance should focus on four key areas. The first is strategic alignment with the business and collaborative solutions, including the focus on sustainability and the implementation of “green IT” principles.
Value delivery is the second area, concentrating on optimising expenditure and proving the value of IT.
The third area is risk management, addressing the safeguarding of IT assets, disaster recovery and continuity of operations; and the fourth is resource management, optimising knowledge and IT infrastructure.
Integrating IT
The way in which this should affect businesses is that, according to IOD, IT should be on the board's agenda, its performance should be measured and reported to the board, the board should set a management framework for IT governance based on a common approach, and audit committees should oversee IT risks and controls.
King III recommends that IT should be integrated with company strategy, according to Judge Mervyn King, chairman of the King Commission.
During his keynote address at the ITWeb IT Governance, Risk and Compliance Conference, in Johannesburg, last month, King pointed out that companies no longer look at business in silos.
“It is crucial for IT to be built into the business plan, as its main role is to facilitate the achievement of business strategy and add value.”
Highlighting security as one of the main concerns, King stated: “The risks involved in IT governance have become significant, as IT systems have become integral to a company's strategy and business.”
The report suggests that a company's management, or even the board, should be directly involved in IT governance, or if there are CIOs relied on for the management of IT systems, they should be appointed to the board as well.
Share