There is always a link between good governance and compliance with the law. Compliance with the law is part of good governance. However, the laws stand on their own. The King Report confirms that you should comply with the law.
However, the governance principles contained in King are not law. The King Code relates to governance – only one aspect of governance, risk and compliance (or GRC). But it also talks about and deals with the governance of risk and legal compliance.
The King Code is not a law.
Good Governance is Voluntary
Unlike the United States, the committee opted for what is called an “apply and explain” approach. Applying the governance principles is therefore voluntary – you don’t have to do it. Except if you’re a listed entity. However, if you decide not to apply them, you should be able to explain the reasons to your stakeholders. So, when you hear people say things like “King means you have to do this or that“, they don’t know what they’re talking about.
Many of our laws are not enforced in South Africa – the King Code has adopted a clever approach in making the company’s stakeholders the compliance officer for governance. When there is a mess, no director wants to have to go and explain to the stakeholders why they did not apply good governance principles. However, there might be a good explanation. For example, it makes sense for an organisation that does not use ICT at all, to decide not to implement the IT governance principles contained in King.
Complying with the Law is Mandatory
You must comply with the laws that apply to you. We can help you with IT compliance.