Bridging the Information Technology (IT) gap in South Africa through a step by step approach to IT governance

Date
2014-04
Authors
Botha, David Petrus
Journal Title
Journal ISSN
Volume Title
Publisher
Stellenbosch : Stellenbosch University
Abstract
ENGLISH ABSTRACT: The focus of this research was to compile a practical, step by step approach that can be followed by those persons charged with the governance of enterprises in South Africa to successfully bridge the information technology gap. The King Code of Corporate Governance for South Africa and the King Report on Corporate Governance for South Africa (together KINGIII) was identified as a starting point for the compilation of the approach. KINGIII is the corporate governance standard in South Africa and in the introduction to KINGIII it is recommended that the principles contained in the Code should be implemented by all entities. KINGIII is the third report on governance issued by the King Committee and introduced governance principles for Information Technology (IT). The Code contains seven IT governance principles and 24 recommended practices. The application of the IT governance principles of KINGIII, as well as the related recommended practices, is a complicated endeavour. This is partly because IT in itself is complex and also partly because the governance of IT is a relatively new area of corporate governance. Through a detailed study of the seven IT governance principles of KINGIII, as well as the related recommended practices and narrative discussions, it was identified that in order to successfully implement IT governance, a company has to establish and implement an IT governance framework which includes relevant structures, processes and mechanisms to enable IT to deliver value to the business. It was also identified that the IT governance framework has to facilitate and enhance the company’s ability to reach its stated objectives by ensuring that the most appropriate decisions are made in respect of the incorporation of IT into the operations of the business. Lastly, it was identified that a company must acquire and use appropriate technology and people to support its business.To address the requirement for the establishment and implementation of relevant structures, processes and mechanisms, a framework of 33 IT governance practices was identified, mapped to the IT governance principles of KINGIII and an analysis performed. Through this analysis the IT governance practices that can be utilised to implement the IT governance principles of KINGIII were identified and discussed. To address the requirement of ensuring that the framework facilitates that the most appropriate decisions are made in respect of the incorporation of IT into the operations of the business, five key decisions that have to be made in respect of IT was identified and discussed. The five decisions were mapped to (1) the KINGIII principles to demonstrate which of the IT governance principles are addressed by each of the decisions and (2) the IT governance structures identified in the framework above to demonstrate which of the IT governance structures can be used to provide input into taking the relevant decision and which can be used to take the decision. Finally, to address the requirement that a company must acquire and use appropriate people and technology to support its business, a framework of organizational competencies required in small and medium-sized enterprises (SME’s) was identified and mapped to (1) the KING III principles to demonstrate which of the IT governance principles could be addressed by each of the relevant competencies and (2) to the five key IT decisions identified above to demonstrate which of the competencies can be utilised to make each of the five key decisions. Based on the findings of the research conducted as set out above, the practical, step by step approach was compiled.
AFRIKAANSE OPSOMMING: Die fokus van hierdie navorsing was die samestelling van ‘n praktiese, stapsgewyse benadering wat gebruik kan word deur daardie persone wat verantwoordelik is vir die korporatiewe beheer van ondernemings in Suid Afrika om suksesvol die inligtings tegnologie (IT) gaping te oorbrug. Die King Code of Corporate Governance for South Africa en die King Report on Corporate Governance for South Africa (gesamentlik KINGIII), was geidentifiseer as ‘n beginpunt vir die samestelling van die benadering. KINGIII is die korporatiewe beheer standaard in Suid Afrika en in die inleiding tot KINGIII word alle ondernemings aanbeveel om die korporatiewe beheer beginsels en gepaardgaande aanbeveelde praktyke te implementeer. KINGIII is die derde verslag oor korporatiewe beheer wat deur die King Komitee uitgereik is en het korporatiewe beheer beginsels met betrekking tot IT bekend gestel. KINGIII bevat sewe koporatiewe beheer beginsels wat met IT verband hou, asook 24 aanbeveelde korporatiewe beheer praktyke. Die toepassing van die IT korporatiewe beheer beginsels van KINGIII, asook die aanbeveelde praktyke, is ‘n ingewikkelde onderneming. Dit is gedeeltelik omdat IT self kompleks is, maar ook omdat die korporatiewe beheer van IT ‘n relatiewe nuwe area van korporatiewe beheer is. Deur middel van ‘n in diepte studie van die sewe korporatiewe beheer beginsels van KINGIII, insluitend die aanbeveelde korporatiewe beheer praktyke en besprekings, is daar geïndetifiseer dat ‘n IT korporatiewe beheer raamwerk saamgestel en geimplementeer moet word as deel van die implementering van korporatiewe beheer oor IT. Hierdie IT korporatiewe beheer raamwerk moet relevante strukture, prosesse en meganismes bevat wat IT daartoe instaat sal stel om waarde toe te voeg tot die onderneming. Dit is ook geïdentifiseer dat die IT korporatiewe beheer raamwerk die onderneming se vermoeë om sy doelstellings te bereik moet verbeter deur te verseker dat die mees gepaste besluite geneem word met betrekking tot die integrasie van IT in die bedrywighede van die onderneming. Laastens is daar geïdentifiseer dat ‘n maatskappy toepaslike tegnologie en mense moet bekom en aanwend om die bedrywighede van die onderneming te ondersteun. Om die vereiste vir die samestelling en implementering van relevante strukture, prosesse en meganismes aan te spreek, is ‘n raamwerk van 33 IT korporatiewe beheer praktyke geïdentifiseer, kruisverwys na die IT korporatiewe beheer beginsels van KINGIII en verder ontleed. Deur hierdie ontleding is die IT koporatiewe beheer praktyke wat aangewend kan word om die IT korporatiewe beheer beginsels te implementeer geïdentifiseer en bespreek. Om die vereiste aan te spreek dat die raamwerk fasiliteer dat die mees gepaste besluite geneem word met betrekking tot die integrasie van IT in die bedrywighede van die onderneming, is vyf sleutel besluite wat in verband met IT geneem moet word geïdentifiseer en bespreek. Die vyf besluite is (1) kruisverwys na die IT korporatiewe beheer beginsels van KINGIII om te demonstreer watter IT korporatiewe beheer beginsels deur elke besluit aangespreek word en (2) na die IT korporatiewe beheer strukture wat in die bogenoemde raamwerk geidentifiseer is om aan te dui watter IT korporatiewe beheer strukture gebruik kan word om insette te verskaf vir die neem van die vyf sleutel besluite en watter strukture gebruik kan word om die besluite te neem. Laastens, om die vereiste aan te spreek dat ‘n maatskappy toepaslike tegnologie en mense moet bekom en aanwend om sy bedrywighede te ondersteun, is ‘n raamwerk van organisatoriese bevoegdhede wat benodig word in klein tot medium-groote ondernemings (SME’s) geïdentifiseer en kruisverwys na (1) die KINGIII korporatiewe beheer beginsels om aan te dui watter IT korporatiewe beheer beginsels deur die relevante bevoegdhede aangespreek word en (2) na die vyf sleutel besluite wat hierbo geïdentifiseer is om aan te dui watter van die bevoegdhede aangewend kan word om elkeen van die vyf sleutel besluite te neem. Die stapsgewyse benadering tot die korporatiewe beheer van IT is gevolglik saamgestel met verwysing na die bevindinge van die navorsing wat uitgevoer is soos hierbo uiteengesit.
Description
Thesis (Mcomm)--Stellenbosch University, 2014.
Keywords
Dissertations -- Accountancy, Theses -- Accountancy, Dissertations -- Computer auditing, Theses -- Computer auditing, UCTD, Information technology -- Management -- South Africa
Citation