IT governance ISACA SA Awards Ceremony 20 April 2007 Presented by: Mervyn E. King S.C.

Slides:



Advertisements
Similar presentations
The Capital Market, The Legal Practitioner And The Investor: A Career As A Capital Market Solicitor By: Anthony I. Idigbe San.
Advertisements

The Effective Board the role key stakeholders legal structure duties decision-making preparing for Board Meetings START FINISH chairing.
What is Corporate Governance?
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Why are corporate governance codes useful? Presented by: Mervyn E. King S.C. GCGF – PEP MENA 14 March CAIRO.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
CHAPTER 1 : SECRETARY. Secretary is a person who conducts correspondence, maintains records and does ministerial and administrative work. This subject.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
CODE OF ETHICS South Australian Public Sector Public Sector Act, 2009.
Challenges of Governance in South Africa and Abroad ISACA and Network Finance 23 July 2008 Presented by: Prof Mervyn E King SC.
THE BENEFITS OF IMPROVED CORPORATE GOVERNANCE PRESENTED BY MERVYN E KING S.C.
1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
1 Ethical leadership – The key to understanding King III CIS Corporate Governance Conference Sandton Convention Centre Johannesburg 10 September 2009 Willem.
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
3rd session: Corporate Governance
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
The 10 Deadly Sins of Information Security Management
Trinidad & Tobago Corporate Governance Code 2013
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham & D. Anandarajah. Slides prepared by Kaye Watson.
CORPORATE GOVERNANCE TRENDS IN THE 21 st CENTURY PRESENTED BY MERVYN E KING S.C.
INTEGRITY. Principle 2: Defining and Evaluating the Role of the Board The board needs to understand and evaluate the role it plays and the way it contributes.
Good Corporate Governance in Practice. Outline What is Corporate Governance? Regulatory Requirements for Banks in Sri Lanka DFCC Practices - Key Elements.
Chapter 7 Corporate Governance.
Corporate Governance.  Acts and Regulations  Common law  Sets the minimum standards  Applies to all companies  Primary legislation ◦ The Companies.
Evolving IT Framework Standards (Compliance and IT)
A Review of Board of Health Liability James A. LeNoury LeNoury Law Counsel to alPHa February 5th, 2015.
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.
GRC - Governance, Risk MANAGEMENT, and Compliance
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
1 © 2012 John Wiley & Sons, Ltd, Accounting for Managers, 4th edition, Chapter 2 Accounting and its Relationship to Shareholder Value and.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Financial Services Privacy - the interaction of the privacy and financial services regulatory systems Chris Connolly Financial Services Consumer Policy.
TWO FIELDS…ONE JOB: THE RELATIONSHIP BETWEEN ACCOUNTING AND IT By: Jodi L. Benson July 2005.
Annual seminar in Berlin – 27 th May Should EU corporate governance measures take into account the size of listed companies ? How ? Should a.
International Leadership and Management - 2nd & 3rd Dec 06 in Bahrain 1 Corporate Governance and Leadership Quantitative verses Qualitative International.
Corporate Governance.  According to King III, the board should: ◦ be responsible for the strategic direction and control of the company; ◦ set the values.
World Intellectual Property Organization DCPPS 1 presented by Mr. Vladimir Yossifov WIPO NATIONAL WORKSHOP ON INNOVATION SUPPORT SERVICES AND THEIR MANAGEMENT.
IRF WORKSHOP PRESENTATION: THE CRISA CODE, RESPONSIBLE INVESTING AND ESG MARCH / APRIL 2012 Brandon Furstenburg Chief Operating Officer Mergence Investment.
DIRECTOR’S LEGAL LIABILITIES Doug Jackson Gungoll, Jackson, Collins & Box, P.C.
PRESENTED AT THE STAKEHOLDERS FORUM ON QUALITY OF SERVICE AND CONSUMER EXPERIENCE LAICO REGENCY HOTEL Creating Space for Consumer Rights in.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
1 INVESTMENT CLIMATE Corporate Governance Development Equity Associates Inc. February-March, 2004.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Legal framework Look at the legal compliance and framework a business is subject to.
Implementation of Insurance Core Principles and FSAP Evaluations The Portuguese FSAP experience Gabriel Bernardino Instituto de Seguros de Portugal.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Operational Resilience DR’s Big Data Dilemma September 16, 2015 Datalink IT Resiliency Practice.
Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
“Corporate Governance in Quoted Equities” The Securities Commission S e c of Zimbabwe.
Kate Neonakis Directors’ Liability in a Not-for-Profit Organization.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
The Integration of Legal Aspects in Information Security: Is Your Organisation Up-to-Date?? Rabelani Dagada Development Economist Paper presented during.
Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
Social enterprises: legal and governance issues Are we ready? Samantha Pritchard Tuesday 21 st June 2016.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Purco SA Conference 28 October 2016 Presented by Mervyn E King SC
IIASA Governance Review
Fundamentals of Ethics
Corporate Governance for Mutuals
Sustainability Corporations, Capital Markets and Global Economy.
Tools & Approaches for Ongoing Privacy Compliance
DUTIES AND RESPONSIBILITIES OF THE BOARD OF DIRECTORS
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
A Review of Board of Health Liability
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

IT governance ISACA SA Awards Ceremony 20 April 2007 Presented by: Mervyn E. King S.C.

Mervyn King SC Introduction Information age Members of global village Willingly or unwillingly Real time Transparency – cornerstone Sunlight/disinfectant Electric light/policeman Ultimate light – Telecommunications and IT

Mervyn King SC Changed corporate world (1) Integral to society Shareowner profile changed Conformance and performance UN Human Rights declaration Environmentalists Information communication technology Activism Triple bottom line

Mervyn King SC Changed corporate world (2) Capital a scarce resource Borderless world Click of a mouse Make or destroy markets Rely on reports from companies Capital flows affected by electronic communication Flows towards good governance

Mervyn King SC Changed corporate world (3) Shareowner revolution Global institutional investor Conduit for person in street Where were the directors? Where were the institutional shareowners? Strategic importance of IT systems – not only enabler

Mervyn King SC Changed corporate world (4) ICT Important strategic role – pervasive Flatter structures – online Industries converge Governance role?

Mervyn King SC Governance a process Governance about process Enterprise – strategic Risk for reward – failure Good governance and failure Acceptable Bad governance – failure – scandal Not acceptable

Mervyn King SC Compliance Mindless whether voluntary or compulsory Compliance officer Apply mind Not suitable for business Explain Market ultimate compliance officer

Mervyn King SC Enron Had the trappings of good governance Quantitatively compiled Non-executives Good board attendance Committees of board Yet dysfunctional

Mervyn King SC Enron – why? Self-interest Greed Dishonest – SPE’s and off balance sheet Apparently to prop up share price Codes will not help Intellectual dishonesty

Mervyn King SC A director’s duties - responsibilities Good faith Care Skill Diligence

Mervyn King SC Incapacitated person Human being Best interests, care, skill, diligence Decent citizen thing to do Company an artificial citizen Incapacitated Director, heart, mind and soul

Mervyn King SC Quantitative governance compliance Voluntary or compulsory Not the answer Quality governance Based on intellectual honesty Incapacity awareness Corporate sins – awareness Intellectually naïve questions IT governance the same

Mervyn King SC IP and IT Manual processes to systems processes Processes and risks locked into IT IP locked into IT Staff told “how” to use systems The understanding of the IT? In the IT department and CIO “Black box” scenario

Mervyn King SC Two levels of IT governance Technical and IT process level – first Business process level strategic – second CIO and colleagues need to understand the business Aids company to realise strategies IT governance specific to each business

Mervyn King SC IT governance Legislate Cobit or ITL Legal framework needed Due care Due diligence These are the essence of information security

Mervyn King SC Regulate IT governance? Not for level two Management of processes to realise business strategies No generic rule To regulate all businesses Even adapt methodologies to suit local environment for level one

Mervyn King SC Risk in the use of IT (1) Strategic importance of information technology Technology issues Board members need greater understanding Duty of care and skill How else carry out duties?

Mervyn King SC Risk in the use of IT (2) Unaware of operational risks Because processes not understood Risk management Solution? Representation or outside advice

Mervyn King SC Risk in the use of IT (3) Confidential info outside company Different codes of conduct Different values Different risks Accountability issues

Mervyn King SC Risk in the use of IT (4) Increasing dependence on outsiders Outside direct control of company Process outside, e.g. call centre Financial and reputational risks Outside access to confidential information Information security as part of governance

Mervyn King SC Information security Napoleon, The Three Musketeers The wax seal Information to enemy Disastrous for battle or the war Internet Encyclopedia

Mervyn King SC Unauthorised Use Access Disclosure Disruption or elimination Changes Prudent and reasonable steps or legislation Care and diligence

Mervyn King SC The wax seal Confidentiality – job application Integrity – no change without authorisation Availability – system functioning correctly Possession – stolen laptop Authenticity – information genuine Utility – usable and useful Internet Encyclopedia

Mervyn King SC The ISO code for information security (1) The security policy Asset management Human resource security Physical and environmental security Communications management Operations management

Mervyn King SC ISO code (2) Access control Information systems acquisition Development and maintenance IS incident management Business continuity Regulatory compliance

Mervyn King SC Cryptography Codes Renders it unusable Other than authorised user Encrypted information Usable again by decryption

Mervyn King SC Methods of protection Legislation? UK Data Protection Act The Family Education Rights and Privacy Act The Health Insurance Accountability Act The Electronic Communications and Transactions Act

Mervyn King SC Sarbanes-Oxley and King Comply or explain Comply or else Legislate against negligence or dishonesty? Intellectual honesty Market cap of company Due care and diligence

Mervyn King SC Information security Steps taken to practice due care Verified Measured against reasonable man Continual processes in due diligence Activities to monitor protection mechanisms Maintaining the mechanisms

Mervyn King SC Electronic communication Board pack AFS online No more printed AFS No more published in newspapers Cautionaries Faster dissemination of information Insider trading – more or less? Security against sensitive market leaks

Mervyn King SC IT board representation IT was an enabler to support the business Now both supports the business and drives strategy Strategic decisions on IT improvements and on information availability CIO on board?

Mervyn King SC Laws and regulations Duty of board to ensure compliance Bulk of companies SMME Cannot afford IT expertise inhouse Have to use service providers Remember can delegate but cannot abdicate

Mervyn King SC Director’s liability Director is a director Collective authority Individual liability Statutory and common law Expertise important

Mervyn King SC Good practitioners Aware of four duties Aware quality above quantity Aware human frailty Aware individual liability Aware not understanding – IT Intellectual honesty foundation How legislate about all this or only one aspect?

Mervyn King SC Conclusion Comply or explain Comply or else In either regime, quality is the factor not quantity The market is the ultimate compliance officer Ultimate responsibility is business success Balance conformance and performance Legislation is not the recipe for good governance, corporate or IT Moses, Congress, Parliament

Mervyn King SC “The Corporate Citizen”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.