The job description of a CIO has been revamped with the release of the King III Code of Governance for South Africa. IT governance is now a separate chapter of the corporate governance code, separate from risk management, compliance and audit.
The implementation of IT governance is now the responsibility of the CIO who is expected to report to the IT Steering Committee and board about the effective and efficient management of IT resources to facilitate the achievement of corporate objectives. King III also requires the CIO to define, maintain and validate the IT value proposition, align IT activities with environmental sustainability objectives, implement an IT control framework and ensure all parties in the chain from supply to disposal of IT services and goods apply good governance principles.
Outsourcing comes in for specific attention. The CIO is expected to obtain independent assurance that service providers have implemented good IT governance practices and an effective internal controls framework. The CIO is also required to regularly demonstrate to the board that the company has adequate business resilience arrangements in the event of a disaster affecting IT.
The list of King III requirements for IT is long. While compliance with King III is not obligatory, it is unlikely that any CIO would want to be the reason a company cannot say it has applied the King III principles of Corporate Governance.
Companies have six months before King III becomes effective on 1 March 2010. During this time the company’s board, CIO and management team will have to make significant changes to address the substance of King III.
Establishing an accountability framework, with clear, unambiguous roles and responsibilities is one of the first steps. According to King III, the board should specify the decision rights and accountability framework to encourage the desirable culture in the use of IT.
IT governance is not an isolated discipline but it is an integral part of overall corporate governance. The difference between IT governance and corporate governance is the resources being leveraged to achieve business objectives.