1. A
October | November | December 2015
BRIDGING THE GENDER PAY GAP
DEALING WITH HIGH LEVEL CONFLICT
DRIVING DIVERSITY AT ALL LEVELS
THE JOB CREATION CONUNDRUM
3. 20Governance
I
n the April/May/June 2015 edition of Directorship, Linda de Beer
discussed implications of the new auditor’s report in which a
new area of audit disclosure called Key Audit Matters (KAM)
will take effect at the end of 2016. KAM disclosure will initially
only be compulsory for listed entities, and voluntary for others.
The auditor’s report, at present, does not share much information
beyond the audit opinion, which is often almost benign in its
wording, attesting to the going concern of the entity and an
opinion on the fair presentation of financial results in accordance
with the relevant accounting standards.
KAM, however, will soon require that matters which, in
the auditor’s judgement, are of significance to the audit to
be disclosed in the audit report. While these may largely be
attributable to financial matters, KAM may also cover significant
events that occurred during the year in audit. As a result, issues
relating to technology and systems that impact on financial
reporting, or even to matters affecting normal business
operations, which in turn could have financial implications for the
entity, may have to be disclosed.
This brings us neatly to the growing concern over cyber-crime
and its potential to affect organisational assets and performance
negatively if not handled with due care and diligence. A
fascinating, and somewhat riveting, article in the July 2015
edition of Fortune describes the devastation experienced by Sony
Pictures (a subsidiary of Japan’s Sony Corporation) during 2014
and early 2015. The article entitled, The Hack of the Century details
the manner in which Sony Pictures’ systems were infiltrated and
valuable information siphoned from its IT infrastructure.
Among the vast amount of information that was stolen were
explicit emails of employees (including those of all executives),
upcoming film material and intellectual property, employee
payroll data, as well as customer credit-card information.
The emails and other sensitive information was then slowly
leaked onto the Internet and was intended to wreak havoc and
IT Governance – It starts at
the topMarlon Moodley
According to the new auditor’s report, Key Audit Matters,
a new area of audit disclosure, may require information
technology issues impacting on financial reporting to
be disclosed.
4. 21
Call: +27 11 540 9100
info@barnowl.co.za
www.barnowl.co.za
FLEXIBILITY WITHOUT
COMPLEXITY
RISK MANAGEMENT
COMPLIANCE
AUDIT
GOVERNANCE, RISK, COMPLIANCE
& AUDIT SOFTWARE
EMBEDS BEST PRACTICE
LOCALLY DEVELOPED AND
SUPPORTED
C
M
Y
CM
MY
CY
CMY
K
devastation on Sony Pictures. Which it did!
During the painful recovery period
the company was effectively crippled.
Employee salaries were paid by cheque
and the company had to revert to using
fax machines to communicate across
continents and with its parent in Japan.
So severe was the extent of the cyber-
attack that the FBI was tasked with the
investigation, along with leading cyber-
security experts. The ensuing soap opera
yielded some interesting insights into how
organisational culture can be underscored
by blame-shifting, complacency, and poor
leadership.
Prior to the cyber-attack, Sony
Pictures did seek advice on improving
information and technology security, but
did not implement much of it. Even more
concerning was that for an organisation
of its size and scale, its IT environment and
security protocols were in a poor state. One
security advisory firm reported that during
a site visit to Sony they were easily able to
access unattended computer terminals
which were logged in online. Passwords
were scribbled on post-it notes and left
visible in cubicles.
Cyber-crime isn’t the only area of
concern for the modern organisation. The
Royal Bank of Scotland (RBS) was given
ample media attention by Bloomberg in
the latter half of 2012 for an IT glitch that
rendered the bank unable to transact with
the majority of its customers. The public
comment from RBS attributed the problem
to software upgrades made by a third party
service provider, and the bank committed
a hefty £750m budget over three years to
resolve the problem. During 2015 RBS was
in the news again with the Financial Times
(Europe) reporting that the problem had
recurred. It would seem that the lessons
were not learnt.
While reports of negligence and sub-
standard technical discipline could easily be
attributed to a poorly managed IT function
(which they were), the root cause may
actually reside elsewhere. Much higher
up, in fact. The world of technology and
its possibilities for organisational benefit
are mind-numbing. However, the scope
for value destruction emanating from
malfunctioning systems and cyber-crime
can be equally painful and downright
costly. To ensure that information
technology is managed well and yields
appropriate benefit, it must be approached
with the right mindset and culture.
An organisation’s leadership, starting
at director level, sets the tone for how the
organisation approaches, manages and
uses technology. If the attitude is one of
respect, caution, and a careful evaluation of
complex issues, then due care gets exercised
at all levels. If it is one of poor regard for a
highly technical function that is better left
to‘techno geeks’ then the ensuing mayhem
should not come as a surprise.
IT is present almost everywhere in the
modern organisation, and as with finance
or any other function, should always be
approached with a vigilant and prudent
mindset. Failure to do so could result in
what Sony Pictures, RBS and others have
experienced, and in due course could
end up becoming a Key Audit Matter on
an annual report. Well-managed and
innovative, IT starts with proactive IT
Governance at the top.
One-day course in IT Governance for Directors
This one-day programme is aimed at
equipping directors with knowledge,
insight and perspective on IT
Governance and the risks it may pose
for their business. Discussions will
focus on the rapidly evolving nature of
technology, the global environment,
as well as the new challenges it poses
for the modern organisation and its
directors. Insights from this intervention
will support your journey toward
gaining insight into key areas affecting
IT governance and its impact on the
organisation.
When: 5 November
Where: IoDSA, Sandton
For more information and to book visit
www.iodsa.co.za/?page=ITGov C