Abstract
South African banks are spending billions as they launch new applications, upgrade legacy systems and adopt cloud computing. It is important that these financial service providers identify and address the information technology (IT) and cloud-related risks as IT and cloud governance forms part of their corporate governance. It appears that many financial service providers do not comply with the governance disclosure requirements of the King Code of Governance for South Africa 2009 (King III) report in terms of IT disclosures, resulting in a lack of transparency for stakeholders in terms of IT and cloud governance. This study investigates IT and cloud governance through a comprehensive literature review and presents the King III IT governance and disclosure requirements. It also formulates self-developed cloud governance disclosure requirements based on the literature review conducted in the study.
An empirical study was conducted to determine the extent of IT disclosure compliance of the top four financial service providers against the requirements of the King III report and to assess the extent to which these organisations disclose their cloud governance. The results were gathered by reviewing the top four financial service providers’ integrated annual reports published online. These four entities were selected as they are the leading financial service providers in South Africa based on market share and the number of online customers. Furthermore, they are required to comply with the King III requirements as they are listed on the Johannesburg Stock Exchange (JSE).
The results of the study reveal that all of the top four financial service providers fully comply with the governance disclosure requirements of the King III report in terms of IT disclosure, however, there is room for improvement in terms of cloud governance disclosure in the financial service providers’ integrated annual reports.
M.Com. (Computer Auditing)