Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT governance ISACA SA Awards Ceremony 20 April 2007 Presented by: Mervyn E. King S.C.

Published byAlan Simon Modified over 9 years ago

Similar presentations

Presentation on theme: "IT governance ISACA SA Awards Ceremony 20 April 2007 Presented by: Mervyn E. King S.C."— Presentation transcript:

1 IT governance ISACA SA Awards Ceremony 20 April 2007 Presented by: Mervyn E. King S.C.

2 Mervyn King SC Introduction Information age Members of global village Willingly or unwillingly Real time Transparency – cornerstone Sunlight/disinfectant Electric light/policeman Ultimate light – Telecommunications and IT

3 Mervyn King SC Changed corporate world (1) Integral to society Shareowner profile changed Conformance and performance UN Human Rights declaration Environmentalists Information communication technology Activism Triple bottom line

4 Mervyn King SC Changed corporate world (2) Capital a scarce resource Borderless world Click of a mouse Make or destroy markets Rely on reports from companies Capital flows affected by electronic communication Flows towards good governance

5 Mervyn King SC Changed corporate world (3) Shareowner revolution Global institutional investor Conduit for person in street Where were the directors? Where were the institutional shareowners? Strategic importance of IT systems – not only enabler

6 Mervyn King SC Changed corporate world (4) ICT Important strategic role – pervasive Flatter structures – online Industries converge Governance role?

7 Mervyn King SC Governance a process Governance about process Enterprise – strategic Risk for reward – failure Good governance and failure Acceptable Bad governance – failure – scandal Not acceptable

8 Mervyn King SC Compliance Mindless whether voluntary or compulsory Compliance officer Apply mind Not suitable for business Explain Market ultimate compliance officer

9 Mervyn King SC Enron Had the trappings of good governance Quantitatively compiled Non-executives Good board attendance Committees of board Yet dysfunctional

10 Mervyn King SC Enron – why? Self-interest Greed Dishonest – SPE’s and off balance sheet Apparently to prop up share price Codes will not help Intellectual dishonesty

11 Mervyn King SC A director’s duties - responsibilities Good faith Care Skill Diligence

12 Mervyn King SC Incapacitated person Human being Best interests, care, skill, diligence Decent citizen thing to do Company an artificial citizen Incapacitated Director, heart, mind and soul

13 Mervyn King SC Quantitative governance compliance Voluntary or compulsory Not the answer Quality governance Based on intellectual honesty Incapacity awareness Corporate sins – awareness Intellectually naïve questions IT governance the same

14 Mervyn King SC IP and IT Manual processes to systems processes Processes and risks locked into IT IP locked into IT Staff told “how” to use systems The understanding of the IT? In the IT department and CIO “Black box” scenario

15 Mervyn King SC Two levels of IT governance Technical and IT process level – first Business process level strategic – second CIO and colleagues need to understand the business Aids company to realise strategies IT governance specific to each business

16 Mervyn King SC IT governance Legislate Cobit or ITL Legal framework needed Due care Due diligence These are the essence of information security

17 Mervyn King SC Regulate IT governance? Not for level two Management of processes to realise business strategies No generic rule To regulate all businesses Even adapt methodologies to suit local environment for level one

18 Mervyn King SC Risk in the use of IT (1) Strategic importance of information technology Technology issues Board members need greater understanding Duty of care and skill How else carry out duties?

19 Mervyn King SC Risk in the use of IT (2) Unaware of operational risks Because processes not understood Risk management Solution? Representation or outside advice

20 Mervyn King SC Risk in the use of IT (3) Confidential info outside company Different codes of conduct Different values Different risks Accountability issues

21 Mervyn King SC Risk in the use of IT (4) Increasing dependence on outsiders Outside direct control of company Process outside, e.g. call centre Financial and reputational risks Outside access to confidential information Information security as part of governance

22 Mervyn King SC Information security Napoleon, The Three Musketeers The wax seal Information to enemy Disastrous for battle or the war Internet Encyclopedia

23 Mervyn King SC Unauthorised Use Access Disclosure Disruption or elimination Changes Prudent and reasonable steps or legislation Care and diligence

24 Mervyn King SC The wax seal Confidentiality – job application Integrity – no change without authorisation Availability – system functioning correctly Possession – stolen laptop Authenticity – information genuine Utility – usable and useful Internet Encyclopedia

25 Mervyn King SC The ISO code for information security (1) The security policy Asset management Human resource security Physical and environmental security Communications management Operations management

26 Mervyn King SC ISO code (2) Access control Information systems acquisition Development and maintenance IS incident management Business continuity Regulatory compliance

27 Mervyn King SC Cryptography Codes Renders it unusable Other than authorised user Encrypted information Usable again by decryption

28 Mervyn King SC Methods of protection Legislation? UK Data Protection Act The Family Education Rights and Privacy Act The Health Insurance Accountability Act The Electronic Communications and Transactions Act

29 Mervyn King SC Sarbanes-Oxley and King Comply or explain Comply or else Legislate against negligence or dishonesty? Intellectual honesty Market cap of company Due care and diligence

30 Mervyn King SC Information security Steps taken to practice due care Verified Measured against reasonable man Continual processes in due diligence Activities to monitor protection mechanisms Maintaining the mechanisms

31 Mervyn King SC Electronic communication Board pack AFS online No more printed AFS No more published in newspapers Cautionaries Faster dissemination of information Insider trading – more or less? Security against sensitive market leaks

32 Mervyn King SC IT board representation IT was an enabler to support the business Now both supports the business and drives strategy Strategic decisions on IT improvements and on information availability CIO on board?

33 Mervyn King SC Laws and regulations Duty of board to ensure compliance Bulk of companies SMME Cannot afford IT expertise inhouse Have to use service providers Remember can delegate but cannot abdicate

34 Mervyn King SC Director’s liability Director is a director Collective authority Individual liability Statutory and common law Expertise important

35 Mervyn King SC Good practitioners Aware of four duties Aware quality above quantity Aware human frailty Aware individual liability Aware not understanding – IT Intellectual honesty foundation How legislate about all this or only one aspect?

36 Mervyn King SC Conclusion Comply or explain Comply or else In either regime, quality is the factor not quantity The market is the ultimate compliance officer Ultimate responsibility is business success Balance conformance and performance Legislation is not the recipe for good governance, corporate or IT Moses, Congress, Parliament

37 Mervyn King SC “The Corporate Citizen”

Download ppt "IT governance ISACA SA Awards Ceremony 20 April 2007 Presented by: Mervyn E. King S.C."

Similar presentations

The Capital Market, The Legal Practitioner And The Investor: A Career As A Capital Market Solicitor By: Anthony I. Idigbe San.

The Capital Market, The Legal Practitioner And The Investor: A Career As A Capital Market Solicitor By: Anthony I. Idigbe San.
The Effective Board the role key stakeholders legal structure duties decision-making preparing for Board Meetings START FINISH chairing.

The Effective Board the role key stakeholders legal structure duties decision-making preparing for Board Meetings START FINISH chairing.
What is Corporate Governance?

What is Corporate Governance?
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Why are corporate governance codes useful? Presented by: Mervyn E. King S.C. GCGF – PEP MENA 14 March 2006 - CAIRO.

Why are corporate governance codes useful? Presented by: Mervyn E. King S.C. GCGF – PEP MENA 14 March CAIRO.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
CHAPTER 1 : SECRETARY. Secretary is a person who conducts correspondence, maintains records and does ministerial and administrative work. This subject.

CHAPTER 1 : SECRETARY. Secretary is a person who conducts correspondence, maintains records and does ministerial and administrative work. This subject.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
CODE OF ETHICS South Australian Public Sector Public Sector Act, 2009.

CODE OF ETHICS South Australian Public Sector Public Sector Act, 2009.
Challenges of Governance in South Africa and Abroad ISACA and Network Finance 23 July 2008 Presented by: Prof Mervyn E King SC.

Challenges of Governance in South Africa and Abroad ISACA and Network Finance 23 July 2008 Presented by: Prof Mervyn E King SC.
THE BENEFITS OF IMPROVED CORPORATE GOVERNANCE PRESENTED BY MERVYN E KING S.C.

THE BENEFITS OF IMPROVED CORPORATE GOVERNANCE PRESENTED BY MERVYN E KING S.C.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
1 Ethical leadership – The key to understanding King III CIS Corporate Governance Conference Sandton Convention Centre Johannesburg 10 September 2009 Willem.

1 Ethical leadership – The key to understanding King III CIS Corporate Governance Conference Sandton Convention Centre Johannesburg 10 September 2009 Willem.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
3rd session: Corporate Governance

3rd session: Corporate Governance
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
The 10 Deadly Sins of Information Security Management

The 10 Deadly Sins of Information Security Management
Trinidad & Tobago Corporate Governance Code 2013

Trinidad & Tobago Corporate Governance Code 2013

Similar presentations

Ads by Google