Beyond King III: Assigning accountability for IT governance in South African enterprises

Abstract: With the increasing dependence on IT in modern enterprises and the significant risks associated with omnipresent IT systems in business, IT governance is becoming imperative to all organisations. King III is based on the “apply or explain” approach, that forces South African entities for the first time to apply the IT governance principles as contained in the report, or explain the reasons for not applying these principles. This paper provides a macrolevel view of IT governance, derived from King III, and dete… Show more

“…As this depends heavily on IT, it is surprising that very few references to this board responsibility are evident in our selected set of IT governance papers. In this regard, Butler and Butler [54] mention that the responsibility of the audit committee with respect to IT relates to its responsibilities for financial reporting. The stakeholder-oriented aspect of the output control role is referenced briefly in the board-level IT governance literature.…”

“…The stakeholder-oriented aspect of the output control role is referenced briefly in the board-level IT governance literature. Herein, a specific task concerns ensuring adequate reporting on IT-related matters to all stakeholders [54]. Again, stakeholder theory is relevant, as it is the board's duty to monitor management concerning IT-related issues in order to safeguard the interests of all stakeholders [55].…”

“…In the context of IT governance, IT-related goals and strategic proposals should be evaluated and monitored [6,9]. Again, the board should evaluate management procedures, and verify whether management has established effective strategic planning processes [54]. Theoretical foundations for this role include: (1) agency theory, in relation to reducing the conflict of interest arising from the possible misalignment between IT and the business strategy [34,63]; and (2) the resource based view of the firm related to board IT competence as board members' strategic oversight constitutes a valuable resource [40].…”

“…The board's ability to provide IT-related advice and counsel is enhanced by recruiting directors with IT expertise [34]. In the context of output control, the IT experience of audit committee members should be taken into account [54]. Further, directors with IT awareness bring appropriate IT-related networks that facilitate the provision of resources in support of IT-related matters [50].…”

How Boards of Directors Can Contribute to Governing IT

“…As this depends heavily on IT, it is surprising that very few references to this board responsibility are evident in our selected set of IT governance papers. In this regard, Butler and Butler [54] mention that the responsibility of the audit committee with respect to IT relates to its responsibilities for financial reporting. The stakeholder-oriented aspect of the output control role is referenced briefly in the board-level IT governance literature.…”

“…The stakeholder-oriented aspect of the output control role is referenced briefly in the board-level IT governance literature. Herein, a specific task concerns ensuring adequate reporting on IT-related matters to all stakeholders [54]. Again, stakeholder theory is relevant, as it is the board's duty to monitor management concerning IT-related issues in order to safeguard the interests of all stakeholders [55].…”

“…In the context of IT governance, IT-related goals and strategic proposals should be evaluated and monitored [6,9]. Again, the board should evaluate management procedures, and verify whether management has established effective strategic planning processes [54]. Theoretical foundations for this role include: (1) agency theory, in relation to reducing the conflict of interest arising from the possible misalignment between IT and the business strategy [34,63]; and (2) the resource based view of the firm related to board IT competence as board members' strategic oversight constitutes a valuable resource [40].…”

“…The board's ability to provide IT-related advice and counsel is enhanced by recruiting directors with IT expertise [34]. In the context of output control, the IT experience of audit committee members should be taken into account [54]. Further, directors with IT awareness bring appropriate IT-related networks that facilitate the provision of resources in support of IT-related matters [50].…”

How Boards of Directors Can Contribute to Governing IT

“…According to Gheorghe et al (2009) and De Haes and Grembergen (2008), ITG is defined as procedures and policies established to guarantee that an organization's IT portfolio supports their objectives and strategies. To Butler and Butler (2010), and Lin, Chou and Wang (2011), ITG is mandatory for organizations due to the significant risks associated with ubiquitous business IT. ITG is a high priority for many organizations and high-level IT Governance models are being created (De Haes & Grembergen, 2008).…”

Performance Measurement of Information Technology Governance in Brazilian Financial Institutions

Enterprise Governance of IT