IT Governance in King III

May 24th, 2010 by

A growing number of companies in South Africa are turning to the innovative Calder-Moir IT Governance Framework and the linked, highly useful IT Governance Framework Toolkit to provide them with the tools they need to structure their overall approach to King III IT governance compliance and to draw effectively on the best practice contained in ISO38500 and COBIT.

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT provides practical guidance for organizations implementing IT governance frameworks.

This week only, with every order for the IT Governance Framework Toolkit, we’re giving away IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT FREE!

King III brings IT governance clearly into the corporate governance arena and says:

“Information systems were used as enablers to business, but have now become pervasive in the sense that they are built into the strategy of the business. The pervasiveness of IT in business today mandates the governance of IT as a corporate imperative.

In most companies, IT has become an integral part of the business and is fundamental to support, sustain and grow the business. Not only is IT an operational enabler for a company, it is an important strategic asset to create opportunities and to gain competitive advantage. Companies have made, and continue to make a significant investment in IT. Virtually all components, aspects and processes of a company include some form of automation. This has resulted in companies relying enormously on IT systems. Further, the emergence and evolution of the internet, ecommerce, on-line trading and electronic communication have also enabled companies to conduct business electronically and perform transactions instantly. These developments bring about significant risks and should be well governed and controlled.

We, therefore, deal with IT governance in detail in King III for the first time. The IT governance chapter (Chapter 5) is focused on providing the most salient aspects of IT governance for directors. Due to the broad and ever-evolving nature of the discipline of IT governance, the chapter does not try to be the definitive text on this subject but rather to create a greater degree of awareness at director level.

There is no doubt that the complexity of IT systems does create operational risks and when one outsources IT services, for instance, this has the potential to increase risk because confidential information is outside the company. Consideration has to be given to the integrity and availability of the functioning of the system; possession of the system; authenticity of system information; and assurance that the system is usable and useful. Concerns include unauthorized use, access, disclosure, disruption or changes to the information system.

In exercising their duty of care, directors should ensure that prudent and reasonable steps have been taken in regard to IT governance. To address this by legislation alone is not the answer. International guidelines have been developed through organisations such as ITGI and ISACA (COBIT and Val IT), the ISO authorities (eg: ISO 38500) and various other organisations such as OCEG. These may be used as a framework or audit for the adequacy of the company’s information governance for instance, but it is not possible to have ‘one size fits all’. However, companies should keep abreast of the rapidly expanding regulatory requirements pertaining to information.”

 

IT Governance Principles in King III

5.1 The board should be responsible for information technology (IT) governance

5.2 IT should be aligned with the performance and sustainability objectives of the company

5.3 The board should delegate to management the responsibility for the implementation of an IT governance framework

5.4 The board should monitor and evaluate significant IT investments and expenditure

5.5 IT should form an integral part of the company’s risk management

5.6 The board should ensure that information assets are managed effectively

5.7 A risk committee and audit committee should assist the board in carrying out its IT responsibilities

 This week only, BUY the IT Governance Framework Toolkit, and get IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT FREE!


%d bloggers like this: