The King III report on corporate governance places unprecedented emphasis on good governance. It also puts the spotlight on the risks associated with information technology (IT); and the board’s responsibility to identify, mitigate and manage these risks.
According to King, IT should be integrated with the company’s strategy and built into its business plan.
With IT recognised as a key facilitator of achieving the company’s strategy, management must execute the IT frameworks and make sure that the IT department is on track to achieve the company’s strategy.
King III suggests that businesses develop an information security management system (ISMS). This should ensure the confidentiality of information, and the availability of information, as well as information systems, in a timely manner.
With IT playing an increasingly important role in companies’ strategies, it is important to acknowledge that the risks associated with IT have increased significantly.
King recommends that companies form a risk committee to ensure that IT risks are adequately addressed and, if necessary, call on expert advice. The committee should understand the company’s overall exposure to IT risk from a strategic and business perspective, and introduce the appropriate controls.
King calls for senior management, including directors, to be directly involved in IT governance. And this has given rise to the increasingly prominent role of the chief information officer (CIO). Since many directors have limited understanding of IT systems, it is recommended that the CIO sits on the board.
Effectively this means that the board has access to a thorough technical understanding of the IT risks, while the CIO is exposed to the company’s strategy at the highest level and can play an active role in integrating IT into the overall strategy.
© Tony McManus, McManus Consulting.