The board ultimately assumes the responsibility for the governance of information and technology (“IT”) by setting the direction for how technology and information should be approached and addressed in the organisation.
The general management of the IT function has been delegated to the group IT executive, who is assisted by the IT steering committee. The IT steering committee meets quarterly and comprises senior executives of the group. The IT steering committee monitors the effectiveness of technology and information management and addresses any shortcomings that have been identified.
In terms of the IT steering committee’s charter, general management of the IT function includes the following broad responsibilities pertaining to:
– Optimising the value contributed by IT to the business in a cost-effective manner.
– Ensuring that adequate and appropriate IT resources are available to support the group’s objectives.
– IT risk management.
The IT strategic plan, which was developed and approved by the IT steering committee and the board, includes considerations around IT risks, controls and governance. Comprehensive risk analysis and prioritisation exercises inform the contents of the IT risk register and the IT governance work plan, and progress against this is monitored by the board.
The group’s IT infrastructure (as it relates to the provision of financial reporting information) is relatively simple and the board does not consider the risk of integrity of financial information produced from IT systems to be high. The reliability of financial information is supported by internal audit activities and the skills, expertise and integrity of finance employees. The board also reviews and makes judgements on the findings of the external auditor regarding the integrity of IT systems. To date, the board has had no reason to believe that information provided is not complete, timely, relevant or accurate.
IT governance risk items are reported to the risk committee, which is chaired by the chief executive officer, and presented to the board at each board meeting.
IT is recognised as a key enabler for the group and its activities and the organisational capacity of the IT function has expanded significantly.