Leadership 101 – The Role and Responsibility of Directors – Part 5
By Nikki Viljoen – N Viljoen Consulting (Pty) Ltd
Please note that this pertains to South African Legislation, the King Requirements and Best Practice.
This time we look specifically at the issues around the Governance of Information Technology.
If we are to look at the PoPI Act (Protection of Personal Information) here in South Africa, we will notice just how important it is to ensure that our IT governance and issues around compliance are measured, monitored and met.
Let’s have a look at some of the questions that Directors should be asking.
1. Who is accountable for the IT decisions that are taken and do you understand how they are taken? What generally happens is that the infamous “somebody” needs a very important “something” and without any discussion to see where and how the “something” would fit into what you’ve already got, the decision is made and the “Something” is purchased. It soon becomes evident, however, that the “something: that you’ve purchased, usually at great cost, is not compatible with anything that you already have.
2. In view of the above example it is clearly a very good idea to have an IT governance framework in place. This should define and support all of the decision models and ensure that there is proper and clear accountability as well as document all of the processes around the issue of governance.
3. Is there a budget for IT investment and do you understand how and where that investment is to be utilized?
4. Are you in compliance with the PoPI Act in terms of your client information? Don’t forget that your own IP (Intellectual Property) also needs to be protected too.
5. Aside from PoPI, are all the other rules, standards, codes & compliance regulations adhered to as well.
6. Is your IT value measured and if so how?
7. Are the current IT risks and concerns regularly communicated to the Board?
8. Is there regular feedback on progress on all major IT projects or current challenges?
Again, as you can see there are a huge number of issues that need to be managed, measured and resolved and it is of the utmost importance that the compliance and the best practice methodology around your IT requirements are taken seriously and implemented.
Next time we will have a look at some of the Compliance requirements around Laws, rules, codes and standards