IT governance

The age of digital transformation is here and one of the most critical areas to focus on, and the topic of today’s blog, is the governance of information technology (IT).


According to Principle 12 of The King IV Code on Corporate Governance:

“The governing body should govern technology and information in a way that supports the organization setting and achieving its strategic objectives.”


Essentially, IT governance refers to the set of processes and structures put in place to ensure the most efficient and effective use of information technology to achieve strategies, goals and objectives. It plays a vital role in numerous organisational aspects, including security and privacy, integrity, accountability, risk management, accurate reporting, and business continuity.


The governing body is tasked with the responsibility of overseeing IT governance, ensuring that it results in, but is not limited to, the following:


  • Integration of people, information, technology and processes within the organisation.
  • Integration of information technology risks into organisational risk management.
  • Providing assistance regarding business resilience.
  • Active and thorough monitoring of intelligence and data in order to swiftly respond to incidents such as unfavourable media events and cyberattacks.
  • Management of the performance of third party and outsource service providers and the risks pertaining to them.
  • Assessments of notable investments in information technology and the value derived from them, including the evaluation of projects of significant operational expenditure.
  • Disposal of obsolete information technology in a safe, secure and responsible manner.
  • Responsible and ethical use of information technology.
  • Compliance with relevant laws.


Additional responsibilities of the governing body include the leveraging of information to sustain and increase the organisation’s capital. Processes need to be set in place to support integrity, confidentiality, accountability and the availability of information – including the protection of privacy and personal information and the continuous monitoring of information and security. The governing body also needs to have structures in place to achieve operational and strategic objectives, including managing risks pertaining to the sourcing of technology. Monitoring and appropriate responses to technological developments must be established, including recognising and acting on potential opportunities and managing disruptive effects on the organisation.


In order to monitor effective control and management pertaining to IT, the governing body should disclose the following information:


  • The key areas of focus to report on, including all objectives, policy changes, noteworthy acquisitions and actions taken in terms of major incidents.
  • An overview of the arrangements established in order to govern and manage information technology.
  • Actions taken to monitor the effectiveness of information technology management, including how outcomes are addressed.
  • Planned areas of focus in information technology.


Organisations and businesses need a structure or framework to ensure that the IT function can sustain the organisation’s strategies and objectives.

The goal of frameworks is to prescribe IT processes and the means of managing these processes. This is achieved by the inputs and outputs along with key process activities, performance measures, and process objectives to ensure that the IT systems are delivering business value.


IT governance has become a key imperative for organisations. As such, each organisation is unique and may need to take different approaches to ensure an effective and efficient infrastructure that will aid your specific needs.


At Okina Company Secretarial Services, we can help you establish the correct structures and processes to achieve your unique organisational goals, reduce risks and stimulate growth. Contact us at

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *