IT governance risk items are reported to the risk committee, which presents feedback to the board at each board meeting. The group technology executive – assisted by the IT steering committee – is responsible for the general management of the IT function. Together, they serve as a proxy for a chief information officer as contemplated by King III. The organisational capacity of the IT function has expanded significantly, which is in line with the increasing importance of IT to the business.
In terms of its charter, general management of the IT function includes the following broad responsibilities:
- Optimisation of the value contributed by IT to the business in a cost-effective manner.
- Ensuring that adequate and appropriate IT resources are available to support the group’s objectives.
- IT risk management.
IT risks, controls and governance are incorporated in the IT strategic plan developed and approved by the IT steering committee and the board. The findings of comprehensive risk analysis and prioritisation exercises are incorporated in an IT risk register and IT governance work plan and progress against this is monitored by the board.
Given the limited complexity of the group’s IT infrastructure insofar as it relates to the provision of financial reporting information, the board does not consider the risk of integrity of financial information produced from IT systems to be high. The board relies on internal audits and the skills, expertise and integrity of finance employees to assure the accuracy of information provided. The board also reviews and makes judgements on the findings of the external auditor regarding the integrity of IT systems. To date, the board has had no reason to believe that information provided is not complete, timely, relevant or accurate.
The IT disaster recovery plan is in the process of being updated. Business impact assessments have been completed, and the selection and implementation of technology solutions that match business recovery objectives are underway.