The draft King V Code on corporate governance was released for public comment on 24 February 2025 by the Institute of Directors in Southern Africa (IoDSA). It is only about 20 pages long and includes only the code (unlike previous versions that also had a report). The drafters have made an effort to make the content accessible, but the code’s language could be significantly improved. You now have an opportunity to influence and contribute to the final version. You can submit your comments online by 4 April 2025. It is referred to as King V and not King 5.

Applying King Vâ„¢ is voluntary unless you are listed. You should apply or explain how you follow the code.

King V Code is better than King IV

King Vâ„¢ is better than King IV.

  • King V includes the latest developments. For example, it deals with the governance of emerging technologies, like AI.
  • It is more accessible because it is just one document or code.
  • It is better, but not more.
  • It includes input from more people.
  • The disclosure template helps an organisation apply the code or explain why they are not applying it.

Changes in the King V Code?

King Vâ„¢ is based on the underlying principles of the previous King Codes and Reports. King V is more of a refinement (or update) than an upgrade. Each version of King builds on the one before. Below are principles that relate to our focus areas.

Risk governance under King V

“The governing body governs risk … to enable the organisation to expand its opportunities, and set and achieve its strategic objectives.” (Principle 8) The governing body should take several actions.

  1. Set the direction for risk.
  2. Agree the risks the organisation should be willing to take in pursuit of its strategic objectives.
  3. Approve policy that articulates and gives effect to its set direction on risk.
  4. Exercise ongoing oversight of the implementation of risk policy and planning.
  5. Consider receiving assurance.

Compliance governance under King V

“The governing body governs … compliance to enable the organisation to expand its opportunities, and set and achieve its strategic objectives.” (Principle 8) The governing body should take several actions.

  1. Set the direction for regulatory compliance. (We can help with regulatory compliance.)
  2. Decide which non-binding rules, codes and standards the organisation should adopt.
  3. Approve a regulatory compliance policy on its direction on compliance.
  4. Oversee compliance.
  5. Consider receiving assurance. (We can conduct a compliance audit.)

Information governance under the King V Code

“The governing body governs information and its deployment through technologies to enable the organisation to expand its opportunities and set and achieve its strategic objectives.” (Principle 9) The governing body should take several actions. (Overlap with IT Governance Joint Standard for financial institutions.)

  1. Set the direction for leveraging information to achieve organisational objectives. (To achieve this the governing body might need an executive briefing on IT GRC)
  2. Approve strategy and policy that articulates and gives effect to its set direction (including the approval of the standards, frameworks or guidance adopted by the organisation). (We can help draft IT policies.)
  3. Ensure that the execution of information strategy and plans results in the security, control and optimisation of information.
    1. Ensure the ethical management and control of information assets to lower risk.
    2. Ensure compliance with law and regulations. (For example, POPIA and IT Laws)
    3. Improve information quality and accessibility.
    4. Implement security measures to protect and preserve business information. (Join our Cybersecurity compliance programme)
  4. Ensure that information risks are integrated into organisation-wide risk management and monitor that technological developments are responded to appropriately in that:
    1. potential opportunities are captured, and
    2. disruptive effects on the organisation and its business model are managed.
  5. Consider receiving assurance.

IT governance under King V

The governing body should oversee IT to safeguard several things.

  1. Sustain and extend the organisation’s strategies and objectives through the organisation’s IT software development, use of hardware and maintenance activity.
  2. Make arrangements for organisational resilience and disaster recovery. (Overlap with Cybersecurity Joint Standard for financial institutions. Implement source code escrow. We can be your breach coach.)
  3. Assess value delivered through significant investments in IT.
  4. Dispose of obsolete IT responsibly.

Data governance under King V

  1. Oversee data to ensure that it results in data architecture and arrangements that assist with achieving organisational objectives.
    1. Structure data resources to optimise processing throughout its lifecycle.
    2. Secure data to prevent or mitigate sensitive data leaks and other security breaches. (Join our Cybersecurity compliance programme)
    3. Comply with privacy and other legal requirements (for example, POPIA and IT Laws) when using data.
    4. Achieve data quality.

Emerging technology governance under King V

The governing body should safeguard several things regards emerging technology (like as artificial intelligence and machine learning).

  1. Ensure that every AI system deployed (including bought, built, used or sold) by the organisation adheres to appropriate levels of ethical and trustworthy characteristics. (Join our Trustworthy AI programme)
  2. Ensure that all processes, resources and tools used to deploy AI systems are subject to human and related oversight mechanisms.
    1. Oversee technology aligned with risk. (Follow a risk based approach)
    2. Identify areas where human intervention is a requisite as well as be transparent about AI potentially affecting third parties without human intervention.
    3. Oversee AI systems that perform continuous learning and change behaviour to ensure they are deployed and used responsibly.

Have your say

You can submit your comments on the draft of King V to the IoDSA via their website by 4 April 2025. Comments made by other people on King Vâ„¢ will be transparent and you will be able to view them on the website. This is a good thing.

Other actions you can take

  • Gain the tools and insight to help you transition from one version of the King Code to the next by asking for our help or attending one of our events.
  • Improve your organisation’s IT Governance, Risk and Compliance by attending one of our events.
  • Make the right disclosures for the King Code by asking us to assist you. We have created clever ways to assist you to draft accurate customised disclosures for your organisation as painlessly as possible.
  • The transition from King IV to King Vâ„¢ by getting our Comparison tables and King planning tools.
  • Read a plain language overview of the King Code.

Note: The Institute of Directors in Southern Africa NPC (IoDSA) owns the copyright to all of the King reports or codes on governance (including the latest version namely the King V Codeâ„¢) and owns various trademarks in relation to King IV (including King IVâ„¢, King IV Reportâ„¢, King IV Report on Corporate Governanceâ„¢ and King IV Codeâ„¢) and King V. All of the IoDSA’s rights are reserved. All views are our own and we are not associated or endorsed in any way by the IoDSA.