A

October | November | December 2015

BRIDGING THE GENDER PAY GAPDEALING WITH HIGH LEVEL CONFLICT

DRIVING DIVERSITY AT ALL LEVELS

THE JOB CREATION CONUNDRUM

1

CONTENTS

288 40

36

3837

An IoDSA View | Angela Oosthuizen

Editor’s Note | Jeremy Maggs

Dealing with high level conflict | Rodney Weidemann

The job creation conundrum | Rodney Weidemann

Governing the government role | James van den Heever

Driving diversity at all levels | Samantha du Chenne

Bridging the gender pay gap | Georgina Guedes

Insights from the IRMSA Risk Report | Lynette Dicey

IT Governance – It starts at the top | Marlon Moodley

0203040810

151820

222426

30

34

28

32

Leaders on the Move | Jeremy Maggs

Living life according to the FAB QuotientTM | Samantha du Chenne

Why global boards need to rethink their African strategies | Craig Spalding

Woman thou art loosed; the new Mindfulness in the boardroom | Kiyasha Thambi

Staff profile - Getting to know... Angela Oosthuizen

IoDSA FAQs - Board Evaluations | Parmi Natesan, Tanya Nassif & Vikeshni Vandayar

Member profiles: Almorie Maule, Dr Terrence Kommal, Christine Botha & Vaneshree Pillay

IoDSA events

Book reviews

Wine review: Price vs Value | Jeremy Sampson

A wine tasting evening with Veritas

Road Test: Trophy car - Megane RS | Pritesh Ruthun

Travel: 4 hours in Beijing | Jenny Southan

Last Word: Irish pride in the boardroom | Jeremy Maggs

a Times Media Company

Publisher: Richard Lendrum Editor: Jeremy Maggs Managing Editor: Debbie Bassa debbie@thefuture.co.za Layout: Buyisiwe Dlamini Production Manager: Mabel Ramafoko

Directorship is published by Future Publishing (Pty) Ltd a Times Media Company, 4 Biermann Avenue Rosebank, 2196. Telephone: (011) 280 3000 Fax: (086) 509 2666. Opinions expressed in Directorship are not necessarily those of the publishers. Permission to re-publish any article or image or part thereof must be obtained in writing from the publisher. © Future Publishing

39

In 50 countries and half the Fortune 500

boardvantage.com

Purpose-built for boards and leadership

4042

12

44

20Governance

In the April/May/June 2015 edition of Directorship, Linda de Beer discussed implications of the new auditor’s report in which a new area of audit disclosure called Key Audit Matters (KAM) will take effect at the end of 2016. KAM disclosure will initially

only be compulsory for listed entities, and voluntary for others. The auditor’s report, at present, does not share much information beyond the audit opinion, which is often almost benign in its wording, attesting to the going concern of the entity and an opinion on the fair presentation of financial results in accordance with the relevant accounting standards.

KAM, however, will soon require that matters which, in the auditor’s judgement, are of significance to the audit to be disclosed in the audit report. While these may largely be attributable to financial matters, KAM may also cover significant events that occurred during the year in audit. As a result, issues relating to technology and systems that impact on financial reporting, or even to matters affecting normal business

operations, which in turn could have financial implications for the entity, may have to be disclosed.

This brings us neatly to the growing concern over cyber-crime and its potential to affect organisational assets and performance negatively if not handled with due care and diligence. A fascinating, and somewhat riveting, article in the July 2015 edition of Fortune describes the devastation experienced by Sony Pictures (a subsidiary of Japan’s Sony Corporation) during 2014 and early 2015. The article entitled, The Hack of the Century details the manner in which Sony Pictures’ systems were infiltrated and valuable information siphoned from its IT infrastructure.

Among the vast amount of information that was stolen were explicit emails of employees (including those of all executives), upcoming film material and intellectual property, employee payroll data, as well as customer credit-card information. The emails and other sensitive information was then slowly leaked onto the Internet and was intended to wreak havoc and

IT Governance – It starts at the topMarlon Moodley

According to the new auditor’s report, Key Audit Matters, a new area of audit disclosure, may require information technology issues impacting on financial reporting to be disclosed.

21

Call: +27 11 540 9100info@barnowl.co.zawww.barnowl.co.za

FLEXIBILITY WITHOUTCOMPLEXITY

RISK MANAGEMENT

COMPLIANCE

AUDIT

GOVERNANCE, RISK, COMPLIANCE & AUDIT SOFTWARE

EMBEDS BEST PRACTICE

LOCALLY DEVELOPED AND SUPPORTED

C

M

Y

CM

MY

CY

CMY

K

Untitled-1.pdf 1 2014/08/21 10:24:37 AM

devastation on Sony Pictures. Which it did!During the painful recovery period

the company was effectively crippled. Employee salaries were paid by cheque and the company had to revert to using fax machines to communicate across continents and with its parent in Japan. So severe was the extent of the cyber-attack that the FBI was tasked with the investigation, along with leading cyber-security experts. The ensuing soap opera yielded some interesting insights into how organisational culture can be underscored by blame-shifting, complacency, and poor leadership.

Prior to the cyber-attack, Sony Pictures did seek advice on improving information and technology security, but did not implement much of it. Even more concerning was that for an organisation of its size and scale, its IT environment and security protocols were in a poor state. One security advisory firm reported that during a site visit to Sony they were easily able to access unattended computer terminals which were logged in online. Passwords were scribbled on post-it notes and left visible in cubicles.

Cyber-crime isn’t the only area of concern for the modern organisation. The Royal Bank of Scotland (RBS) was given ample media attention by Bloomberg in the latter half of 2012 for an IT glitch that rendered the bank unable to transact with the majority of its customers. The public comment from RBS attributed the problem to software upgrades made by a third party service provider, and the bank committed a hefty £750m budget over three years to resolve the problem. During 2015 RBS was in the news again with the Financial Times (Europe) reporting that the problem had recurred. It would seem that the lessons were not learnt.

While reports of negligence and sub-standard technical discipline could easily be attributed to a poorly managed IT function (which they were), the root cause may actually reside elsewhere. Much higher up, in fact. The world of technology and

its possibilities for organisational benefit are mind-numbing. However, the scope for value destruction emanating from malfunctioning systems and cyber-crime can be equally painful and downright costly. To ensure that information technology is managed well and yields appropriate benefit, it must be approached with the right mindset and culture.

An organisation’s leadership, starting at director level, sets the tone for how the organisation approaches, manages and uses technology. If the attitude is one of respect, caution, and a careful evaluation of complex issues, then due care gets exercised at all levels. If it is one of poor regard for a highly technical function that is better left to ‘techno geeks’ then the ensuing mayhem should not come as a surprise.

IT is present almost everywhere in the modern organisation, and as with finance or any other function, should always be approached with a vigilant and prudent mindset. Failure to do so could result in what Sony Pictures, RBS and others have experienced, and in due course could end up becoming a Key Audit Matter on an annual report. Well-managed and innovative, IT starts with proactive IT Governance at the top.

One-day course in IT Governance for Directors This one-day programme is aimed at equipping directors with knowledge, insight and perspective on IT Governance and the risks it may pose for their business. Discussions will focus on the rapidly evolving nature of technology, the global environment, as well as the new challenges it poses for the modern organisation and its directors. Insights from this intervention will support your journey toward gaining insight into key areas affecting IT governance and its impact on the organisation.

When: 5 NovemberWhere: IoDSA, Sandton

For more information and to book visit www.iodsa.co.za/?page=ITGov C