Information Privacy and Cybersecurity in a King IV World

Transcription

1 Information Privacy and Cybersecurity in a King IV World

2 King IV The King IV Report on Corporate Governance for South Africa 2016, The Institute of Directors in Southern Africa. Released 1 November 2016 Effective 1 April 2017 ALL organisations ALL sizes Sector Supplements: Municipalities State Owned Entities Pension Funds SME s Non-Profit Organisations MUST DO Proportionality

3 Good Practices for Good Governance King III approach Apply OR Explain Governance disciplines King IV approach Apply AND Explain Governance outcomes Ethical culture Good Performance Effective Control Legitimacy King III principles practices DOING King IV principles practices outcomes ACHIEVING

4 Integrated Thinking The International <IR> Framework Inputs Integrated Governance Outcomes

5 GovN Integrating Thinking Using Indicators FINANCIAL INTELLECTUAL SOCIAL Increased Data Scope Investment, Profit, and Continued human viability Increased Data Management HUMAN Intellectual Property in practice MANUFACTURED NATURAL

6 Establishing Good Leadership LEADERSHIP FRAMEWORK STRATEGY Provide strategic direction POLICIES Approve policy & standards Report and hold Accountable REPORTS Delegate, Measure, Assess CHARTERS

7 Establishing Good Governance GovN CORPORATE GOVERNANCE FRAMEWORK FRAMEWORK STRATEGY POLICIES CHARTERS REGISTERS REPORTS REVIEW In action since in 2010

8 Principle Governing Information The governing body should govern technology and information in a way that supports the organisation in setting and achieving its strategic objectives. King IV Code, Principle 12 Practices FRAMEWORK Information Governance Framework POLICIES Information Governance Policy Set the direction for how technology and information should be approached and addressed in the organisation. Practice 10 approve policy that articulates and gives effect to its set direction Practice 11 STRATEGY Information considerations in Strategy and strategic objectives

9 Governing Information Practices CHARTERS delegate to management the responsibility to implement and execute effective technology and information management Practice 12 Practice 13 Integration of people, process, technology and information Value creation Risk management and business resilience Ethical use and compliant actions including destruction Proactive monitoring and reactive management including cyber attacks and adverse social media events Practice 14 Leverage information for improvement of Intellectual Capital Information Architecture Confidentiality, Integrity and Availability Information privacy and security Practice 16 Independent assurance including outsourced services

10 Governing Information Practices REPORTING The following should be disclosed in relation to technology and information: Practice 17 An overview of the arrangements Information Governance Framework Key areas of focus, including major incidents Actions to monitor the environment and the outcomes thereof Areas of future focus REVIEW The governing body should ensure that internal audit provides an overall statement annually as to the effectiveness of the organisation's governance, risk management and control processes. Principle 15, Practice 59 Strategy Information Governance Framework Information Governance Policy and potentially others Charters Reports, monitoring measures, indicators and registers

11 Outcomes Establish Governance Principles Know where you are - maturity assessments Know the right things - continual development programmes - discussion groups Embed Governance Practices Framework, Strategy, Policies, Charters, Reports and Registers Continual Improvement Reviews Applying King IV Enable Governance Outcomes Ethical culture Good performance Effective control Legitimacy

12 THANK YOU Nick Brandt Applying King Candor Governance davinciforensics CandorGovernance.co.za Davinicforensics.co.za