The King IV Code (which has recently been released for comment) once again deals with information and technology governance (or IT Governance) in detail. For the first time, IT Governance was specifically dealt with in King III with a whole chapter on the topic. In the King IV Code, the scope of the IT governance section has expanded and more emphasis has been placed on it. This is in line with the trend of IT becoming pervasive in all aspects of the operations of organisations.

Why is IT Governance Important?

According to principle 4.2 of King IV, the purpose of IT Governance is to:

  1. support the organisation in defining its core purpose, and
  2. set and achieve strategic directives.

And the outcome of your IT Governance efforts should be adequate and effective control.

What will the King IV Code mean for your IT Governance?

Are you going to have to revisit your IT governance frameworks, charters, and policies? Yes, but it shouldn’t be an extensive exercise. King IV will also be on an apply or explain basis so it will not be compulsory unless you’re listed.

Technology and Information Governance?

This is not a typo – King IV refers to technology and information governance. This is strange because we are all familiar with the term information and technology governance (or IT Governance). We do not understand why the drafters have decided to change the terminology they use. We also do not understand why communications governance is not included. We think information, communications and technology governance (or ICT Governance) is probably the best term to use, although Internationally IT Governance is the established term.

The fourth Industrial Revolution

The King IV Report (page 18) refers to the advances in technology and digitisation as the fourth Industrial Revolution and stresses what a big impact it has on all organisations. We think it should be referred to as the Information Revolution, but it doesn’t really matter.

Who is Responsible?

The governing body must oversee and delegate

It is the governing body of the organisation that must oversee that the responsibilities for IT are:

  1. managed
  2. appropriately resourced,
  3. sufficiently defined.

The IT Governance Practices the King IV Code Recommends

The King IV Code (part 4.2 on page 53) recommends that the governing body should:

  1. provide strategic direction for the management of IT,
  2. approve policy on the use of IT,
  3. adopt appropriate standards (like the ISO standards) and frameworks (like COBIT and the Michalsons IT Legal Framework)
  4. delegate to management responsibility for implementing  and embedding policy,
  5. oversee that management manages IT adequately and efficiently, including overseeing that:
    1. information management creates and enhances the intellectual capital of the organisation, and
    2. IT laws are complied with,
  6. oversee the management of cyber-security risk,
  7. review the organisation’s IT function, and
  8. disclose the governance and management of IT by the organisation.

Cyber-Security Risk?

The reference to cyber-security risk is strange. Is this just an acronym for information security risk? There is a big overlap with section 19 of the Protection of Personal Information Act here and maybe less so with the Cybercrimes and Cybersecurity Bill.

Action you could take


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.