Abstract
M.Com. (Computer Auditing)
Sufficient integrated reporting on risk governance is dependent on the actual risk
governance strategies employed by South African-listed banking entities. Proper risk
governance strategies are based on a clear understanding of the risk governance
universe which influences such strategies.
The elements of such a risk governance universe should incorporate aspects of risk
management, information security management, Information Technology
governance and management, Business Continuity Management and crisis
management. In addressing these elements, a clear understanding is necessary of
the principles of good corporate governance, as stipulated in the King Report on
Governance for South Africa. This can then be supported with international best
practice guidelines on all the subcomponents of the risk governance universe.
These elements thus form the reference against which risk governance practices can
be deployed to control risk factors. This involves the identification, measurement and
mitigation of unwanted risk exposure, which is, in turn, dependent on the manner in
which risk management plans have been applied throughout the different levels of
employment in South African-listed banks.