The King III/IV report and IT
Business will recall that the King Commission was set up for improving business ethics in South Africa, especially listed companies on the JSE, in establishing Corporate Governance principles in line with the Companies Act no 71 of 2008. Since the first King report, subsequent reports were developed as guidelines for businesses to improve their financial statements, business ethics and operations.
KING III is the latest King report and dealt specifically with Information Technology (IT) due to the high cost of ICT solutions. One of the major implications of KING III with regards to ICT is the principle that the Board are directly responsible and accountable for ICT Governance. Many organisations in the past have left ICT governance as a project of the ICT section. For successful ICT governance, top management needs to be actively involved. Due to these principles, the position of a delegated Chief Information Officer (CIO) or Chief Technology Officer (CTO) on the executive management level is more and more a necessity.
The KING III principles are (abbreviated):
- The role and functions of the Board
- Corporate citizenship: leadership, integrity and responsibility
- Audit Committees
- Risk Management
- Internal Audit
- Integrated sustainability reporting and disclosure
- Compliance with laws, regulations, rules and standards
- Managing stakeholder relationships
- Fundamental and affected transactions
The ICT related principles included in KING III are:
- The responsibility of ICT lies with the Board (Principle 5.1), achieved through the implementation of an ICT Governance Framework (charter, and related policies) because it support supports effective and efficient management of IT resources. The Board may delegate these responsibilities to implement relevant structures, processes and mechanisms to enable IT to deliver value to the business and mitigate IT risk. An ICT Steering Committee is proposed as the vehicle to accomplish this requirement.
- The delegation or appointment of a CIO/CTO is covered in principle 5.3.20 to act as a bridge between ICT and business.
- The board is required to monitor and evaluate significant IT investments and expenditure through project management principles.
- Governance principles are also applicable to supply chain processes in relation to ICT acquisition and disposal.
- IT should form an integral part of the company‟s risk management processes (principle 5.5).
- Information assets are to be managed effectively, including the accuracy, reliability and security aspects of all information (principle 5.6). This principle covers the loss of information (i.e. backup and disaster recovery strategies).
- KING III also puts a high premium on the protection of private information to protect businesses from potential reputational and financial loss in the event of breaching of private information.
We are members of the Institute of Directors of South Africa and will be able to assist our customers to assess and align with KING III.
- King III report
- IODSA Manual
- Muwandi, T. Comparisson of King II and King II and the implications of King III