King Code of Governance Principles (King 3 / King III)

King III, the third report on Corporate Governance in South Africa, was compiled by the King Committee in response to the emergence of the South African Companies Act 71 of 2008.

Speak to an expert

Whatever the nature or size of your problem, we are here to help. Get in touch today using one of the contact methods below.

The committee aimed to produce a framework to keep South African corporate governance at the forefront internationally, with IT Governance taking a prominent role.

Here is the PricewaterhouseCoopers King 3 information, including access to the report itself.

Corporate governance in South Africa follows the approach common to listed companies in the United Kingdom as well as across the Commonwealth and through the EU, which is to have a code of principles and practices on a 'Comply or Explain' basis, whereby listed companies are expected to comply, or to provide an explanation of why they have not complied, with each of the principles.

IT Governance in King III

King III brings IT governance clearly into the corporate governance arena and says:

"Information systems were used as enablers to business, but have now become pervasive in the sense that they are built into the strategy of the business. The pervasiveness of IT in business today mandates the governance of IT as a corporate imperative.

In most companies, IT has become an integral part of the business and is fundamental to support, sustain and grow the business. Not only is IT an operational enabler for a company, it is an important strategic asset to create opportunities and to gain competitive advantage. Companies have made, and continue to make a significant investment in IT.

Virtually all components, aspects and processes of a company include some form of automation. This has resulted in companies relying enormously on IT systems.

Further, the emergence and evolution of the internet, ecommerce, on-line trading and electronic communication have also enabled companies to conduct business electronically and perform transactions instantly. These developments bring about significant risks and should be well governed and controlled.

We, therefore, deal with IT governance in detail in King III for the first time. The IT governance chapter (Chapter 5) is focused on providing the most salient aspects of IT governance for directors. Due to the broad and ever-evolving nature of the discipline of IT governance, the chapter does not try to be the definitive text on this subject but rather to create a greater degree of awareness at director level.

There is no doubt that the complexity of IT systems does create operational risks and when one outsources IT services, for instance, this has the potential to increase risk because confidential information is outside the company.

Consideration has to be given to the integrity and availability of the functioning of the system; possession of the system; authenticity of system information; and assurance that the system is usable and useful. Concerns include unauthorized use, access, disclosure, disruption or changes to the information system.

In exercising their duty of care, directors should ensure that prudent and reasonable steps have been taken in regard to IT governance. To address this by legislation alone is not the answer. International guidelines have been developed through organisations such as ITGI and ISACA® (COBIT® and Val IT), the ISO authorities (e.g. ISO38500) and various other organisations such as OCEG.

These may be used as a framework or audit for the adequacy of the company’s information governance for instance, but it is not possible to have ‘one size fits all’. However, companies should keep abreast of the rapidly expanding regulatory requirements pertaining to information.”

IT Governance Principles in King III

5.1 The board should be responsible for information technology (IT) governance

5.2 IT should be aligned with the performance and sustainability objectives of the company

5.3 The board should delegate to management the responsibility for the implementation of an IT governance framework

5.4 The board should monitor and evaluate significant IT investments and expenditure

5.5 IT should form an integral part of the company’s risk management

5.6 The board should ensure that information assets are managed effectively

5.7 A risk committee and audit committee should assist the board in carrying out its IT responsibilities

IT governance auditing

As IT governance plays such a key role in strategic performance, internal auditors are expected to include auditing IT governance in their work plans.

Products that will support your compliance project

ISO 27001 - the complete suite toolkit

IT Governance Control Framework Implementation Toolkit

  • Simplify your COBIT® 5 implementation project with guidance from industry experts.
  • Save time generating your own documentation with more than 40 pre-written, customisable templates, documents, policies and procedures.
  • Developed by our in-house IT governance experts, so you can be sure you’re on the right track. 
  • Achieve compliance fast and stay on track with notes and guidance on how to complete the templates.

Shop now

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

A practical introduction to complex world of IT Governance frameworks and standards for board executives and IT professionals.

This book will help you to understand how manage those frameworks in line with ISO 38500 with the help of the Calder-Moir model. 

Shop now

This website uses cookies. View our cookie policy
SAVE 10%
ON SELECTED
TRAINING