Abstract
With the increasing dependence on IT in modern enterprises and the significant risks associated with omnipresent IT systems in business, IT governance is becoming imperative to all organisations. King III is based on the “apply or explain” approach, that forces South African entities for the first time to apply the IT governance principles as contained in the report, or explain the reasons for not applying these principles. This paper provides a macrolevel view of IT governance, derived from King III, and determined that it correlates strongly with the growing body of knowledge on IT governance. The paper investigates the responsibilities for IT governance within organisations and provides clear guidelines on the responsibilities of management roles, from the board to the operational level, involved in IT governance to ensure accountability.
Highlights
The role of information technology (IT) in business has changed from an enabler of business to sufficiently pervasive to be “at the core of most organizations’ ability to execute strategy” (Symons, 2005)
Value delivery Risk management IT Resource management Risk management. In their seminal article Information Technology and the Board of Directors, Nolan and McFarlan (2005) reported that “boards have grown increasingly nervous about corporate dependence on information technology”
Nolan and McFarlan argued that “given the dizzying pace of change in the world of IT, boards can't afford to ignore the state of their IT systems and capabilities
Summary
The role of information technology (IT) in business has changed from an enabler of business to sufficiently pervasive to be “at the core of most organizations’ ability to execute strategy” (Symons, 2005). Board members often find it difficult “to keep up with the rapid changes taking place in IT and, to know what questions to ask to ensure that IT issues are being properly addressed” (CICA, 2004) These facts and recent developments have made is critical for directors and managers of South African entities to familiarize themselves with their new roles and responsibilities in respect of ITG. This study provides guidance to the management of South African entities that are required to apply King III’s regulations regarding ITG, but wish to fully comprehend what ITG entails to ensure that they understand the control issues and know the right questions to ask It provides clarity on the extent to which King III compliance will ensure proper utilisation of existing ITG best practices to ensure that the entity reaps maximum value from ITG, whilst adhering to the King III principles. The ITG focus areas derived within this article (Figure 2) is not presented as an optimum high-level view of ITG, but as an appropriate categorisation of ITG responsibilities that is suitable for the purpose used within this paper
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have