Is the lack of governance at the heart of the e-tolling debacle. If so, blame must rest with the SANRAL Board and the Risk and Audit committee. All appear to have exercised very little governance over the roll-out of the e-toll system. These board members appear not to have followed the advice contained in the King III Code of Conduct for Corporate Governance in South Africa.

It has been reported that 33 sub-contractors are involved in the collection of e-tolls. What governance has the board exercised over these 33 sub-contractors? Will SANRAL receive value for the money spent on these service providers? Are these service providers complying with King III? These are just a few of the many requirements of the King III code that the SANRAL's Board is required to address.

King III and the ECT Act require the protection of personal information (as too will the Protection of Personal Information Act once promulgated). It would be interesting to know whether SANRAL's Audit and Risk committee has evaluated whether their organisation complies with legislation relating to processing of personal information in South Africa.

Interestingly, the 2011 Annual Report discusses desktops, an old telephone system that was replaced and a mySAP for Treasury upgrade. Unfortunately there is no discussion of the seven King III principles for the governance of IT.