STUDENT NAME : STUDENT NO : PROGRAM: BTech (IT) MODULE: ASSIGNMENT: King 3 To: From: Re: king 3 Introduction Compliance is the process of adherence to policies and procedures. (Gartner, 2006) Risk and compliance are essential to the sustainability of a company and it is estimated that by 2011, companies that follow or more accurately put ‘adhere’ to processes and procedures in terms of compliance and standards will get the most business value out of their investments.
The KING 3 report of corporate governance is the third report for governance in South Africa and became necessary because of the new Companies Act no. 71 of 2008 and international governance trends and will come into force on 1 March 2010. The King 3 report talks about an ‘apply or explain’ basis, where the company should apply the recommendations of the report in their own way with the aim of achieving the corporate governance principles of accountability, fairness, responsibility and transparency.
King 3 recognizes the significance of IT with regards to governance and has included IT governance as one of the new elements in the report. In order to gain competitive advantage and drive business potential, King 3 recommends that a company should incorporate IT together with the company strategy. The aim of this report is to discuss the impact of the King 3 report on information systems within an organization. There are 9 chapters in the report namely: 1. Ethical leadership and corporate citizenship 2. Boards and directors 3. Audit committees 4. The governance of risk . The governance of information technology 6. Compliance with laws, rules, codes and standards 7. Internal audit 8. Governing stakeholder relationships 9. Integrated reporting and disclosure Each chapter has a role to play in the management of information systems specifically chapter 5 which deals with information technology and the role information technology in achieving good governance. Impact of King 3 on Management of Information Technology in an Organization The key aspects of the King 3 report include leadership, sustainability and corporate citizenship.
A Chief Information Office (CIO) appointed by the CEO to drive the information technology unit of an organization needs to provide effective leadership with regards to IT governance to force this process. This is at the heart of the responsibilities of the CIO, good governance, having a clear analysis of current state, develop an efficient resourcing plan, have a risk assessment plan and be able to measure the success of the IT department.
Sustainability is about taking a long-term outlook when formulating strategies within an organization, developing fruitful relationships with employees and those in the supply chain and ensuring that ethical, social and environmental responsibilities are taken seriously. Corporate citizenship is about incorporating social responsibility when making key business decisions and is vital to the sustainability of a company. Chapter 5, IT governance has the most impact on the information technology management. Below are the principles of IT governance and how each principle impacts IT management. . The Governance of Information Technology PrincipleImpact on Management of Information Technology 5. 1 The Board should be responsible for information technology (IT) governance•The board is ultimately responsible for IT governance and need to make sure that an IT charter is implemented, policies, procedures and controls are developed and an efficient framework is used and implemented throughout the company. •Companies will need to adopt frameworks such as COBIT, ITIL and ISO17799 to ensure good governance and performance management.
Information security will be vital to an organizations well-being and adopting these frameworks will ensure that proper control mechanisms are developed. •The board might require that a separate risk and audit committee may need to be established to run the management of IT risk and financial reporting. 5. 2 IT should be aligned with the performance and sustainability objectives of the company •IT strategy and business strategy need to be aligned. IT Managers need to take a holistic approach when dealing with IT issues such as resources, risks and security, asset management and so forth.
They need to put measures in place that will ultimately add value to the business, so that performance and sustainability are achieved. •For instance, if a telecoms operator wants to increase average revenue per user (ARPU) and increase subscriber base from 4 million to 8 million within one year, then it is critical that IT systems are managed in a way where the business can meet these objectives. •The CIO of the organization would need to develop an IT strategy centred on the functional business plan and drive this process so that the IT department as a whole is focused towards achieving these objectives. . 3 The board should delegate to management the responsibility for the implementation of an IT governance framework •IT managers should be responsible for implementing a governance framework policy such as COBIT. A tool such as this would assist management and users of IT with a set of best practices, processes and tools to enable proper governance structures in the IT department. Managers would have to define the critical processes within the IT department, ensure that performance levels are reached (KPIs, key performance indicators) and ensure that proper monitoring and review processes are in place. A steering committee can be appointed by the board to influence proper governance. This committee can be comprised of IT management and/or and audit committee. •A CIO (chief information officer) should be appointed by the CEO, whose main role is to drive IT strategy and ensure that business value is achieved through collaboration with business strategy. 5. 4 The board should monitor and evaluate significant IT investments and expenditure •Management will need to make sure that projects are delivered in less time and for less cost and that good project management techniques are applied. Because intellectual property holds high value in today’s increasingly knowledge-based economy, management will need to find ways to prevent competitors from getting value from this and gaining competitive advantage. Key aspects include: oCustomer profile information oCross-selling of products oContract agreements and SLA’s oOrganization policies and procedures oMethodologies •Most IT companies employ the services of outsourced companies such as Accenture, IBM, Oracle, etc.
IT organizations will have to ensure that they find ways reduce costs and prioritize investments and make sure that these service providers deliver value to the business. Key decisions will need to be made with regards security and risk such as cloud computing, managed services, co-sourcing, etc. 5. 5 IT should form an integral part of the company’s risk management •Disaster recovery should form the basis of any IT risk management strategy and IT managers need to ensure that they have the right processes and plans in place to secure their information. Managers would need to think strategically of how to implement DR (disaster recovery) plans and ensure that their decisions are justified in terms of the expenses incurred with regards to their IT budget. •IT Managers have to weigh these risks costs against the measures that are taken to ensure that the company’s key assets are protected. As an example, a person would employ the services of a security company from possible house burglary to protect his valuable possessions. •An IT manager would need to take into consideration IT laws and regulations and ensure that the company comply to these rules and standards.
As an example, a network operator would need to consider that rate imposed for interconnect fees in South Africa by ICASA (Independent Communications Authority of South Africa) 5. 6 The board should ensure that information assets are managed effectively. •IT managers need to think about how to secure their information and also the integrity and confidentiality of information. •Key considerations include: oPhysical security oTechnological security oProcedural security oInformation privacy oInformation management Managers will need to fully understand current laws regarding security and make sure they are compliant such as oThe constitution (1996 s14) oElectronic communications and transaction act (2002) oThe Protection of personal information bill (2005) oThe promotion of access to information act (2000) oThe regulation of interception of information act (2002) 5. 7 A risk committee and audit committee should assist the board in carrying out its IT responsibilities. •A risk management committee should be established to ensure proper processes and controls are in place. An audit committee or auditing department should ensure that they have the right tools to audit information systems. IT managers will have to plan for a budget accordingly in order to source the best / right tools to deliver on auditing of information systems. Applications such as Subex Nikira, Moneta are revenue assurance and fraud applications used in auditing departments. They ensure that the services and applications used in information systems are correctly reported and that the financials are in order. Conclusion
The risks involved in IT governance has become important as businesses and IT systems have moved closer together to deliver the strategic objectives of a company. In order for a company to accomplish its requirements of compliancy with regards to IT governance they need to establish an IT governance framework. These requirements include: •Developing an IT strategy •IT processes and procedures •Standard and policies •IT compliance •Reporting structures •Information security management systems •Good project management principles •Disaster recovery plans •Vendor / Supplier management processes IT benefits realisation processes •Auditing Most established companies should have proper IT governance processes in place and this report should be used to build on these governance principles and establishing a reporting line to the board. The importance of IT governance and the impact it has on the management of information systems can be summed up in the following quote, “It is crucial for IT to be built into the business plan, as its main role is to facilitate the achievement of business strategy and add value. ” – Judge Mervyn King, Chairman of the King Committee References 1. King 3 Report 2. It Web