The fourth edition of the KING report builds on the best practices and principles in corporate governance in South Africa. The draft report was published in Mar 2016 and post the comments phase, the report was finally launched at the Sandton Covention Center in Johannesburg on 1 Nov 2016. The last edition of the report – King III was launched in 2009 post the financial crisis, and since then the global environment has changed significantly due to climate change, geo-political issues, population growth, and above all, rapid technological developments. Therefore, good corporate governance has become vital for sustainable value creation not only in South Africa, but also in the global context.
This is also the primary objective for King IV where promotion of good corporate governance in business is going to benefit an organization in terms of developing an ethical culture, enhance performance and value creation, help the governing bodies or regulators to exercise effective control, and help build confidence in an organization which will in turn strengthen its reputation. King IV will also look to broaden the scope of application of good corporate governance by making it accessible and suitable for organizations of various sizes, resources and complexity. The code defines the responsibilities of a governing body which include providing strategic direction, approving policy for putting this strategy to action, and have oversight of implementation for these policies.
Some of the underpinning philosophies of King IV have been refined from the previous version and are likely to have a significant impact on the risk, compliance and information technology governance programs in the organizations.
Risk and Opportunity Governance
The new report challenges the traditional view of risk as merely being the effect of uncertainties in achieving organizational objectives. It talks about measuring risk in terms of likelihood of an event occurring, and its impact on business, both positive and negative. This becomes all the more relevant in a highly uncertain and volatile environment which each event may be beneficial or detrimental to the organization.The risk environment is also evolving continuously and becoming more systemic due to increased connectivity and technological developments, and the risk management frameworks need to keep pace with the ongoing change.
Technology and Information Governance
Technology has become pervasive in the functioning of any organization as most of their operations are supported by information technology systems. King IV talks about technology and information governance as an enabler for an organization to achieve its core objectives and goals. In addition to formulating and implementing policies on technology and information management, the governing body should also have oversight on cyber risk management and make sure that it is integrated into the overall enterprise risk management framework in the organization.
Elevated Focus on Compliance
The regulatory environment has become highly dynamic, and the compliance organization needs to understand the ever changing obligations, and the entailing laws, rules, codes and standards. The underlying message is that compliance should not just be taken as an obligatory exercise, but should lead to sustainable value creation for an enterprise. There needs to be more proactive engagement between the regulators and the regulated.
Assurance and Internal Audit
King III introduced the combined assurance model, and King IV further builds on it by expanding the traditional ‘three lines of defense’ to ‘five lines of assurance’ which includes all assurance players. It stresses the need to build a robust control environment and strong reporting for effective decision making. The audit committee should be responsible for overseeing the implementation of this model. Internal audit is essential as the third line of assurance and its role has further progressed to provide insights into the business operations and performance, especially through the use of trend analysis, pattern recognition, analysis and scenarios.