The group technology executive is responsible for the general management of the IT function and is assisted by the IT steering committee. Together, they serve as a proxy for a chief information officer as contemplated by King III.
In terms of the IT steering committee’s charter, general management of the IT function includes the following broad responsibilities pertaining to:
- Optimising the value contributed by IT to the business in a cost-effective manner.
- Ensuring that adequate and appropriate IT resources are available to support the group’s objectives.
- IT risk management.
IT governance risk items are reported to the risk committee, which is chaired by the CEO and presents to the board at each board meeting. IT is recognised as a key enabler for the group and its activities and the organisational capacity of the IT function has expanded significantly.
The IT strategic plan, which was developed and approved by the IT steering committee and the board, includes considerations around IT risks, controls and governance. Comprehensive risk analysis and prioritisation exercises inform the contents of the IT risk register and the IT governance work plan, and progress against this is monitored by the board.
The group’s IT infrastructure as it relates to the provision of financial reporting information is relatively simple and the board does not consider the risk of integrity of financial information produced from IT systems to be high. The reliability of financial information is supported by internal audit activities and the skills, expertise and integrity of finance employees. The board also reviews and makes judgements on the findings of the external auditor regarding the integrity of IT systems. To date, the board has had no reason to believe that information provided is not complete, timely, relevant or accurate.
The IT disaster recovery plan is in place but has not yet been thoroughly tested.