Abstract
M.Com. (Computer Auditing)
Information Technology (IT) has become an integral part of virtually all modern day
organisations. The advent of IT has given rise to numerous benefits which increase
productivity and efficiency in the workplace, however, IT also brings with it significant risks
that can have an impact on an organisation’s ability to function as a going concern.
Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are
required to submit an Integrated Report (IR) on an annual basis in which they indicate
how they used the resources at their disposal to create value for the organisation and its
stakeholders during the year under review. The IR is also a forward-looking document,
as opposed to the traditional, backward-looking reports. The purpose of this study is to
analyse the Integrated Reports of the Top 40 listed organisations on the JSE and
determine the extent to which IT risks are disclosed in their IR and whether the way these
risks are managed is also included in the IR as required by the IR Framework. This is
done by means of an empirical study consisting of a content analysis of the IRs of the
Top 40 listed companies on the JSE. The results of the analysis indicate that more than
half of the companies in the sample included IT risk as part of their material risks and
outlined appropriate and detailed processes that are followed by the company to manage
those IT risks.