Isabella Hofmeyr-Pretorius, legal advisor at Capitec.

Isabella Hofmeyr-Pretorius, legal advisor at Capitec.

Advances in technology are quickly changing business and societies, potentially having major socio-economic consequences, if not governed responsibly and ethically.

This was the word from Isabella Hofmeyr-Pretorius, legal advisor at Capitec, speaking at ITWeb Governance, Risk and Compliance 2019, in Johannesburg yesterday.

Information technology, governance, compliance and data protection laws, and the risks relating thereto, all play vital roles in responsible data management within an organisation, resulting in either a positive or negative impact on society, noted Hofmeyr-Pretorius.

She referenced the King Report on corporate governance, recommended guidelines for the governance structures and operation of companies in SA.

"IT professionals and business leaders need to take more responsibility for governance risk and compliance (GRC) practices within their organisations, and explore some of the principles and recommended practices set out by King IV.

"According to principle 12 of King IV, the main purpose of IT governance is to support the organisation to set and achieve its objectives. This means IT governance must support an organisation's strategic objectives."

GRC relating to technology and information can only be effective if business and risk practitioners work together and if controls are implemented in the operational environment, Hofmeyr-Pretorius pointed out.

"A strong GRC culture across the organisation helps guide and promote evaluation and management of business processes, risks, compliance and strategies, to optimise the overall performance of the organisation."

She further referenced principle 13 of King IV, which stipulates the company's governing body should govern compliance with applicable laws and adopt non-binding rules, codes and standards in a way that supports the firm.

"The organisation's governing body is responsible for the ethical use of information and technology, utilising information to protect the company's intellectual property and ensuring compliance with privacy laws.

"Compliance governance goes above and beyond legal and regulatory compliance and centres around two fundamental concepts of corporate governance: ethical corporate culture and being a responsible corporate citizen."

Innovation is synonymous with risk-taking and organisations that create revolutionary technologies take on the greatest risk, and good governance principles are central to mitigating these risks, she concluded.