South African firms are implementing IT governance measures either ahead of, or in line with, their global counterparts, says an international IT governance specialist.
Stephen Caroll, a director of Ernst & Young, says large South African companies across all sectors are aware of pending changes and how this will affect their business. Caroll adds that local firms are “very hungry to do the right thing”.
Caroll, who is part of the IT strategy and leadership team at Ernst & Young, is in SA on a two-week visit to meet with clients and hold roundtable discussions on IT governance. He says IT governance is critical, especially where documents need to be secured.
“Directors are responsible for the records and transactions of a company; they need controls in place that will highlight any gaps.”
Caroll has devised and implemented solutions for global firms, in the pharmaceutical and financial services industries, focusing on IT effectiveness, IT strategy, IT value and risk management.
Local companies are realistic in understanding how IT governance affects their business, he says. “IT governance is an outcome; it is the result of good strategy and leadership.”
Companies should take impending legislation and regulations and adapt these to their own culture, he notes. This way, it becomes part of the process of doing business, explains Caroll. “You need to understand your business and its environment in terms of the legislation.”
Pending changes
The King III code, which is in the pipeline, is a governance change that may require some companies to rethink their strategy. However, says Caroll, if firms already have good IT governance systems in place, the new code should not require much in the way of process changes.
King III is the shorter name for the latest update of good governance codes developed by a group headed by judge Meryvn King. The draft was released in March.
The “Draft King Report on Corporate Governance in SA” (King III) states: “There is no doubt that there are operational risks when one has a service provider, because confidential information leaves the company.
“In IT governance, one seeks confidentiality; integrity and availability of the functioning system; possession of the system, authenticity of system information; and assurance that the system is usable and useful,” it adds.
Related story:
King III addresses IT governance
Share