The King III Committee on Corporate Governance has addressed the issue of corporate governance for information technology for the first time devoting an entire chapter to the subject and keeping IT governance separate from risk management and compliance.
IT governance is defined in the glossary to the King III Code of Governance as “the effective and efficient management of IT resources to facilitate the achievement of corporate objectives”. IT governance is the responsibility of the board and an integral part of corporate governance. The focus is on the governance of management processes (and decisions) relating to the information and communication services used by an organisation.
This implies that the implementation of King III must be appropriate and applicable to the IT organisation’s size, role and legal obligations. Commonsense must prevail and suitable structures, processes and governance mechanisms deployed to achieve the organisation’s strategies and objectives.
King III applies to all entities regardless of the manner and form of incorporation or establishment. The ‘apply or explain’ basis allows every organisation to apply all the principles of the code as it best meets the objectives of the entity and to focus on the substance rather than the form of application. Effective date is March 1, 2010.
IT governance is not an isolated discipline but it is an integral part of overall corporate governance. The difference between IT governance and corporate governance is the resources being leveraged to achieve business objectives.