The King III for IT chapter on the Governance of Information Technology
provides a very practical starting point and acknowledged foundation for
good IT Governance practices.
The principles and recommendations contained in Chapter 5 provide a good
structure for IT Governance and should be used in conjunction with a
framework such as COBIT 5, standards such as the ISO27000 series for
Information Security, as well as ISO15489 for Information and Records
Management.
Many CIOs and IT GRC Managers are considering how best to address the
recommendations contained in Chapter 5 of the latest King Report on
Corporate Governance. The easiest and most practical place to start
is by carrying out an assessment of your state against the principles and recommendations contained in Chapter 5.
In addition to Chapter 5, it is important to be aware of Chapter 6 as
this provides principles and recommendations for complying with laws,
and applying relevant rules, codes and standards. While this chapter
applies across companies, it is also stated in Chapter 5 that the
company should comply with IT laws and that IT rules, codes and
standards are considered.
It is interesting to note that while K III became effective in 2010,
alignment with the principles has not been particularly widespread in IT
organisations. More interesting is the fact the South African
Government has recently developed and approved an IT Governance
framework which is based on King III for IT, COBIT 5 and ISO38500 (part
of which is now contained in COBIT 5). The framework is expected to be
implemented at National, Provincial and Local government levels, as well
as in State owned comapanies and entities. Perhaps IT management in the
private sector could take a leaf out of government's book.
So, what is good IT governance from a King III perspective?
The basics for good governance revolve around ensuring that an
ethical IT governance culture exists, that appropriate decision making
structures are in place and that the effective management of
decisions that
are taken within these structures takes place. In addition to these
structures, the
recording of outcomes following decisions in terms of their
anticipated
benefits and ROI, are also essential governance practices.
Some of the principles and associated recommendations include the following:
The primary benefits that can be obtained from good IT governance and applying King
III for IT are that IT organisations that have higher levels of governance
maturity normally function more efficiently and deliver higher value to
their business than those with lower levels of maturity. IT management
should see embarking on an IT Governance improvement program as a
positive investment rather than a compliance burden.
As stated above, IACT Africa believes that a practical starting point is
to assess your IT
organisation's current state against the principles contained in
Chapters 5 so that priorities can be set for addressing your plans for
applying
the recommendations.
We offer a King III Assessment service in order to help you assess
your current state and to plan your way forward. This is backed up by
practical experience in this areas. Please click here to visit the King III services page.
In addition to the above, we offer a number of broader IT Governance and
Management assessment, planning, implementation and oversight services
and would welcome the opportunity of discussing these in more detail
with
you. Please click here to go from the King III for IT page to the Service Offerings page.
[Home]
[Top]
[Contact]