IT RISK MANAGEMENT DISCLOSURE IN THE INTEGRATED REPORTS OF THE TOP 40 LISTED COMPANIES ON THE JSE LIMITED

Ben Marx, Covanni Hohls Du Preez

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this paper is to determine to what extent IT Risk and IT Risk Management are disclosed in the IR’s of the Top 40 Listed Companies on the JSE. It further aims to determine whether IT Risks are included as material risk in the entity’s risk statements of the Integrated Report, and whether proper explanations are provided on how the materiality of the risks are determined and dealt with. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicates that more than half of the companies included IT risk as part of their material risks and outlined appropriate and detailed processes that were followed by the company to manage those IT risks. The findings of the study accordingly support the need for communicating significant risks and the management thereof to stakeholders as part of the integrated nature of governance of entities. However, it is disconcerting that some companies are not doing this, and accordingly are not realising the need for communicating significant matters to their stakeholders and the value that informative and credible reporting will bring to an entity’s Integrated Report.

Original languageEnglish
Pages (from-to)27-34
Number of pages8
JournalRisk Governance and Control: Financial Markets and Institutions
Volume7
Issue number3
DOIs
Publication statusPublished - 2017

Keywords

  • Integrated Reporting
  • International Integrated Report Committee (IIRC) Framework
  • IT Risk Management
  • Risk Management

ASJC Scopus subject areas

  • Finance
  • Economics and Econometrics
  • Strategy and Management

Fingerprint

Dive into the research topics of 'IT RISK MANAGEMENT DISCLOSURE IN THE INTEGRATED REPORTS OF THE TOP 40 LISTED COMPANIES ON THE JSE LIMITED'. Together they form a unique fingerprint.

Cite this