IT Governance, Risk and Compliance (GRC)

//IT Governance, Risk and Compliance (GRC)
IT Governance, Risk and Compliance (GRC)2019-04-24T12:04:26+02:00
  • IT Governance, Risk and Compliance

IT governance, risk and compliance is a very broad topic that has many aspects to it. We provide various services that relate to IT governance, risk and compliance (IT GRC) that will help you to:

  1. Apply IT Governance, Risk and Compliance (IT GRC) in a practical way to real issues.
  2. Practice good IT Governance.
  3. Address IT legal risk.
  4. Ensure IT compliance by complying with IT laws (or information, communications and technology law (ICT law)) and consider adhering to IT rules, codes and standards.
  5. Demonstrate that you have met your responsibilities.

The Benefits of Focusing on IT GRC

  1. Reduce your legal risk profile.
  2. Demonstrate the application of King Report.
  3. Implement current best practice.
  4. Manage the risks of non-compliance.
  5. Avoid legal problems, difficulties, and disputes.
  6. Keep your board continually informed of relevant IT laws, rules codes and standards, including changes to them.

How we can help you

Some organisations want to comply themselves by:

  • attending one of our public workshops (or having a private in-house one) or legal webinars,
  • reading our insights and subscribing to our newsletter,
  • getting a copy of the law and a guide, and then
  • taking the necessary action to comply themselves.

This option is best for those who want to do it themselves alone, at their own pace and keep the cost of compliance as low as possible. There are no recurring fees. You can always start here and then move to one of the other options at a later stage if necessary.

Suitable for:

  • small organisations whose primary business activity is not the processing of personal information, 
  • large organisations with a compliance function with the necessary skills, knowledge and capacity.

Some organisations want to comply with our guidance. You can achieve this by joining our Practical IT governance, risk and compliance (IT GRC) Programme. We empower you to comply, and guide you through practical steps. It is suitable for organisations who have an in-house legal or compliance team and who want to keep the costs of non-compliance down, by doing it themselves with guidance.

Some organisations want us to do what needs to be done to comply for them by asking us to provide specific bespoke solutions such as drafting or reviewing their IT contracts and policies. This option often complements the other two options. This is for organisations who want to go at their own pace or have individual specific needs. This is the most expensive option because we take action specifically for your organisation. Our starting point is often to conduct a gap analysis.

If you’re interested, we can quote you a fixed price (on an as-and-when-needed basis) or agree a retainer.

Our Experience

We have gathered a lot of knowledge and advised a number of small to large organisations. 

  • We have provided clarity and legal certainty by researching and drafting legal opinions on corporate governance issues;
  • We empower our clients by providing easy to understand IT policies and agreements;
  • We have advised clients on some of the latest laws, including data protection laws and anti-bribery and corruption laws that they are subject to;
  • We have reviewed the Anti Bribery and Corruption policies of JSE-listed entities;
  • We have created an Anti Bribery and Corruption Compliance Guide that many organisations have downloaded and found useful to help them with their corporate governance; and
  • We have assessed the legal issues and investigated the impact of the King Code on various banks and financial institutions by conducting workshops.

We have a more comprehensive list of the matters we have worked on that is available on request.

Our Clients

Our clients are situated all over the globe and include marketers, retailers, financial institutions, financial advisors, insurers, health care providers, the media, industry bodies, pension funds, directory providers, and many others.

How you Benefit

  • Raise your awareness by reading a King IV™ summary or plain language overview of the King Report.
  • Empower yourself with knowledge on IT governance, risk and compliance by attending our practical IT GRC workshop.
  • Apply the IT aspects of King IV by knowing the difference between King III and King IV, and knowing what actions you need to take. We have tools (like our Compliance Action Plan), guides and workshops to help you achieve this.
  • Stay up-to-date with the latest developments by reading our IT governance insights or subscribing to our newsletter.
  • Know all the IT laws, rules, codes and standards (including case law) that there are by getting a list of IT laws from Michalsons.
  • Apply IT Governance, Risk and Compliance to your specific organisation by using our Legal Framework.
  • Get expert answers to your questions by asking for our advice where we apply our experience and knowledge to your specific circumstances.
  • Check that you comply by asking Michalsons to conduct an Legal Audit (made up of various components) of IT in  your organisation.
  • Review your compliance on an ongoing basis – assuring the effectiveness of compliance.
  • Reduce the risks of non-compliance (like damage to your brand and losing the trust of your customers) by focusing your efforts.
  • Reduce your overall cost of compliance by doing it yourself (with our guidance) and embedding a culture of good governance in your organisation.
  • Fast track your efforts by accessing deep knowledge, expertise and experience.
  • Ensure everything is privileged from authorities by engaging with Michalsons who are independent professional legal advisers.


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.

Note: The Institute of Directors in Southern Africa NPC (IoDSA) owns the copyright to all four of the King reports or codes on governance (including the latest version namely the King IV Report™) and owns various trademarks in relation to King IV (including King IV™, King IV Report™, King IV Report on Corporate Governance™ and King IV Code™). All of the IoDSA’s rights are reserved. All views are our own and we are not associated or endorsed in any way by the IoDSA.