Mapping the Information Technology (IT) governance requirements contained in the King III Report to the IT domains and processes of the Control Objectives for Information and Related Technology (COBIT) framework
Thesis (MAcc)--University of Stellenbosch, 2009.
ENGLISH ABSTRACT: Due to the integration of IT into all aspects of modern-day businesses, it is vital that the risks associated with IT are governed as an integral element of enterprise-wide corporate governance. The Third King Report on Corporate Governance (King III) was issued by the South African Chapter of the Institute of Directors in September 2009 and becomes operational on 1 March 2010. This marks the first time that the King Report has specifically addressed IT governance. King III will apply to all corporate entities. Such entities could benefit from applying an IT governance framework to ensure that they adequately address all aspects of IT governance, as required by King III. One of the comprehensive frameworks available is COBIT (Control Objectives for Information and Related Technology) issued by ISACA (previously known as the Information Systems Audit and Control Association). King III mentions the fact that COBIT could be used to assess and implement IT governance within an entity. The aim of this research is to determine whether the use of COBIT ensures compliance with King III’s requirements relating to IT governance. It was found that the main requirements in King III relating to IT governance and the processes of COBIT are well aligned, and, as a result, COBIT could be used effectively to ensure compliance with King III in relation to IT governance. However, an entity would still have to pay attention to certain King III-specific requirements. Furthermore, it was found that the application of the principles in COBIT could further strengthen the IT governance of an entity, as COBIT also addresses the more detailed activities, such as the implementation and operation of the IT system, which is not specifically addressed by King III.