The development of an integrated framework in order to address King III’s IT governance principles at a strategic level

In today’s technologically advanced business environments, Information Technology (IT) has become the center of most businesses’ strategic activities. It is for this reason that the King III report has dedicated a chapter to addressing IT governance principles, holding the board of directors (senior management) responsible for addressing such principles. The King III report does provide broad level guidance, however lack sufficient detail on its interpretation. Although various guidelines in the form of IT control frameworks -models and -standards exist, it remains theoretical in nature and companies tend to implement these guidelines in an ad hoc manner. This ad hoc implementation of controls leads to unnecessary controls being implemented, resulting in an ineffective IT governance system that does not address each key strategic risk area. The objective of this research is to develop an integrated best practices framework, which will provide guidance to senior management in how to effectively and efficiently address King III’s IT governance principles by taking a business’ unique strategic objectives into account. A detailed literature review was performed of different control frameworks,-models and standards. These were analysed to identify a list of similar and overlapping control areas. These control areas were thereafter mapped to a list of strategic objectives applicable to most businesses. In doing so, effective and efficient IT governance principles which are understood by senior management, are able to be implemented.