The information technology (IT) environment is governed in line with King III, and the board has delegated authority to ensure implementation of the IT governance framework to the audit committee. A programme to align these governance processes to King IV is scheduled for the next reporting period.
PPC’s IT governance framework is supported by COBIT 5 (control objectives for information and related technologies) processes – a globally accepted standard for a full business view of enterprise IT governance that reflects the central role of information and technology in creating value for organisations.
The audit committee receives regular updates (at least quarterly) from the management team on material IT projects. Group internal audit and the external auditors provide assurance on IT general controls and internal financial controls affected by IT projects. Findings and updates on remedial actions are reported to the executive and audit committees. The design, implementation and execution of the IT governance framework have been assigned to the group chief information officer, who reports to the chief executive. The group exco, with support from the IT steering committee, has oversight of IT governance and prioritises IT initiatives. The IT steering committee, in turn, is responsible for aligning related initiatives with PPC’s strategic objectives.
IT is an integral part of PPC’s risk management framework. IT risks are monitored and updated regularly and reported to the relevant oversight committees. As the custodian of PPC’s information assets, the IT team is responsible for ensuring compliance in terms of the confidentiality, availability and integrity of these assets. As the group expands to other geographies, IT ensures compliance with incountry electronic communication laws and other regulations.
IT focus areas in 2017
For the reporting period, group IT focused on:
- Operational readiness for the new plant in the DRC to ensure that all business-support systems (including enterprise resource planning or ERP) are ready for plant commissioning
- Supporting the team in Ethiopia in implementing business systems for plant commissioning
- Standardising and entrenching business processes across the group
- Optimising demand management processes for business systems to align with the business strategy and ensure resource optimisation
- Enhancing IT governance processes
- Data governance in preparation for the protection of personal information (POPI) compliance programme
- Enhancing data analytics platforms to ensure timely availability of information for business decision-making
- Defining security incident and event management (SIEM) processes for the group and further enhancing security response processes to manage rising cyber threats
- Group IT focused on enhancing the IT governance framework and activities, particularly the performance of different COBIT 5 processes. Each process was assessed on its importance and current performance, and those not performing satisfactorily will receive attention in the next reporting period
With the proliferation of cyber attacks and threats in the industry, group IT benchmarked the maturity of PPC’s security against peers in the mining and manufacturing industries. Although results were satisfactory, specific areas of improvement were identified. A security improvement programme has been initiated and resources provided to improve the maturity level to set targets.
The data retention policy was approved by the exco and a programme is under way to embed specific focus areas highlighted in the policy. This will assist in further resource optimisation while managing the risk of data leakage and non-compliance to regulations.
Focus areas for 2018
- Digital transformation, particularly information transformation. This will be achieved by focusing on the group’s data and digital readiness; installing the right infrastructure that is robust enough to support the group; and properly aligning IT resources to support the business with the digital transformation process
- Tighter integration and standardisation of business processes across subsidiaries
- Enhance finance processes, particularly forecasting, planning and treasury
- Enhance IT general controls across the group
- Integrating IT and operational technology to capitalise on convergence between the two environments and optimising resource use between IT and engineering