The King III for IT chapter on the Governance of Information Technology provides a very practical starting point and acknowledged foundation for good IT Governance practices. 

The principles and recommendations contained in Chapter 5 provide a good structure for IT Governance and should be used in conjunction with a framework such as COBIT 5, standards such as the ISO27000 series for Information Security, as well as ISO15489 for Information and Records Management.

Many CIOs and IT GRC Managers are considering how best to address the recommendations contained in Chapter 5 of the latest King Report on Corporate Governance.  The easiest and most practical place to start is by carrying out an assessment of your state against the principles and recommendations contained in Chapter 5.

In addition to Chapter 5, it is important to be aware of Chapter 6  as this provides principles and recommendations for complying with laws, and applying relevant rules, codes and standards.  While this chapter applies across companies, it is also stated in Chapter 5 that the company should comply with IT laws and that IT rules, codes and standards are considered. 

It is interesting to note that while K III became effective in 2010, alignment with the principles has not been particularly widespread in IT organisations.  More interesting is the fact the South African Government has recently developed and approved an IT Governance framework which is based on King III for IT, COBIT 5 and ISO38500 (part of which is now contained in COBIT 5).  The framework is expected to be implemented at National, Provincial and Local government levels, as well as in State owned comapanies and entities. Perhaps IT management in the private sector could take a leaf out of government's book.         

So, what is good IT governance from a King III perspective?  

The basics for good governance revolve around ensuring that an ethical IT governance culture exists, that appropriate decision making structures are in place and that the effective management of decisions that are taken within these structures takes place. In addition to these structures, the recording of outcomes following decisions in terms of their anticipated benefits and ROI, are also essential governance practices.    

Some of the principles and associated recommendations include the following:

  • Since IT has become pervasive and an integral part of companies today, boards need to recognise the strategic importance of IT and take responsibility for the governance of IT. 
  • IT must facilitate strategy and must be integrated with company strategy;
  • IT metrics must be included in board reports and become part of integrated reporting;
  • Care and skill must be exercised when implementing IT solutions i.e. implement solutions that are relevant to your organisation and implement them in an effective manner;
  • Organisations must implement Information Management, Information Security Management and Information Privacy systems to ensure compliant record keeping;
  • Risk and Compliance obligations also exist which need to be applied in line with overall company practices.

The primary benefits that can be obtained from good IT governance and applying King III for IT are that IT organisations that have higher levels of governance maturity normally function more efficiently and deliver higher value to their business than those with lower levels of maturity.  IT management should see embarking on an IT Governance improvement program as a positive investment rather than a compliance burden. 

As stated above, IACT Africa believes that a practical starting point is to assess your IT organisation's current state against the principles contained in Chapters 5 so that priorities can be set for addressing your plans for applying the recommendations.  

We offer a King III Assessment service in order to help you assess your current state and to plan your way forward. This is backed up by practical experience in this areas.  Please click here to visit the King III services page.   

In addition to the above, we offer a number of broader IT Governance and Management assessment, planning, implementation and oversight services and would welcome the opportunity of discussing these in more detail with you.  Please click here to go from the King III for IT page to the Service Offerings page. 

[Home]          [Top]          [Contact]