In recent years, board-level supervision in information technology matters has become a key IT governance topic. It is often assumed that national corporate governance codes can guide board members to design and potentially improve their IT governance practices. At the Antwerp Management School (AMS), we conducted a study to understand what IT governance-related guidelines are included in national corporate governance codes.
We selected 15 national corporate governance codes to study. These codes were selected based on income level and geographic dispersion across different continents. Surprisingly, we found that most national corporate governance codes do not include key IT governance topics. There is hardly any IT governance information incorporated in the codes at all. The only exception we found was the South African corporate governance code, King III, which contains an entire chapter on IT governance-related guidelines. We also note that the committee responsible for drafting the South African corporate governance code recently finalized King IV, in which IT-related matters assume an even more prominent role. Based on our findings, we conclude that:
- Corporate governance committees responsible for drafting corporate governance codes worldwide that are willing to recognize the value of IT governance can certainly benefit from looking at the South African corporate governance codes.
- Additionally, we suggest that board members who are already complying with their existing national corporate governance codes refer to the King III guidelines to explore more concrete guidelines on IT governance.
This study was performed by researchers at AMS around an industry-sponsored research project on board-level IT governance. The research project focused on the need for boards to extend their governance accountability from a mono-focus on finance and legal as proxy to corporate governance. This extended accountability should include technology and provide digital leadership and organizational capabilities to ensure that the enterprise’s IT department sustains and extends the enterprise’s strategies and objectives. We discovered that board members are increasingly seeking guidance on how they can expand their IT governance accountability within the board and also in an appropriate modus vivendi with executive management. More information, including intermediary results, can be found on the AMS website.
Read Steven De Haes, Anant Joshi, Tim Huygh and Salvi Jansen’s recent Journal article:
“Exploring How Corporate Governance Codes Address IT Governance,” ISACA Journal, vol. 4, 2017.