printer friendly version

Compliance and recovery

Hi-Tech Security Solutions: Corporate governance is a confusing topic. We have good guidelines as to how companies should be managed from the King Commission, but how do companies actually implement good governance without breaking the bank?

Darren Johnson: Corporate governance is essentially a set of rules or best practices adopted by an organisation that should, in essence, guide the board of directors and management’s decisions with regard to an organisation’s policies, procedures, strategies, etc.

There is however, both a financial and time cost implication often associated with corporate governance. Organisations must often employ individuals, or even entire teams, to ensure that these rules and practices are being abided by and, if mandated by the regulatory bodies, spend countless man-hours reporting on these matters.

Furthermore, this cost is often seen as wasteful or unnecessary by business and shareholders alike, however this ‘second line of defence’ is designed to ensure the long-term sustainability of the organisation in addition to protecting the organisation and its stakeholders from exposure to reputations damage, financial losses or even financial penalties.

Naturally, as with all facets of the organisation, efficiency is the name of the game and organisations must often balance the cost of governance with profitability. Organisations can optimise this through employing the right people for the job, ensuring policies and procedures are up to date and adhered to, or by creating a good corporate citizen culture throughout the organisation.

Hi-Tech Security Solutions: Tell us what the crucial aspects of corporate governance are that businesses today need to implement from a regulatory as well as from a performance perspective.

Darren Johnson: Organisations need to be profitable as well as be good corporate citizens. The result is that organisations are addressing governance – and ultimately their economic, social and environmental sustainability initiatives – through the implementation of performance and measurement programmes, such as historic and real-time reporting, post mortem assessments of governance issues, enforcement of organisational policies, assessing compliance against those policies, creating governance awareness, forecasting and re-modelling of governance issues and measures based on performance results, etc.

There is also a drive for the consolidation of governance related processes, such as incident and problem management across disciplines such as information security, business continuity and information privacy to manage the risk exposure of the organisation centrally to reduce legal, regulatory, financial and reputational impacts of incidents to ensure the resumption and sustainability of the organisation following an incident.

Hi-Tech Security Solutions: And let’s not forget the elephant in the room, 2014 is the year PoPI starts making directors nervous. What are companies doing about this new set of laws?

Darren Johnson: Organisations are assessing their current capability against the PoPI requirements in order to determine gaps and remedial actions. To remedy these gaps, organisations are implementing privacy programmes which include the implementation of, and not limited to, the following:

* Privacy management systems and structures.

* Data loss detection and prevention programmes and systems.

* Data and system classification standards.

* Document management systems and standards.

* Record retention programmes and standards.

* IT controls to enforce privacy policies and standards.

* Monitoring and filtering controls that manage the flow of information.

* Document and data inventories.

Share this article:

Further reading: