Integrated report 2020

Currently viewing: Information and technology committee report / Next: Social and ethics committee report

Information and technology committee REPORT

Ismail Mamoojee
Chairperson,
Information and
Technology Committee

“As a technology services business, we were called upon to ensure business continuity as we navigated the disruption caused by COVID-19. Our ICT capability ensured that our employees were able to function at high productivity levels as they transitioned to remote working with enhanced levels of security against increasing cyber threats. The newly approved Group IT strategy for 2021 will support the restructured business model and ensure an integrated approach to the strategic and tactical ICT objectives of the EOH Group.”

Focus for 2021

  • Enabling execution of the Group business strategy through the provision of strategic and tactical IT support
  • Delivery on approved Group IT strategy
  • Control cost of ownership

Committee composition:

Ismail Mamoojee Non-executive Director and Chairperson of the committee
Dr Lynette Moretlo Molefi Non-executive Director
Mike Bosman Non-executive Director
Stephen van Coller Executive Director
Megan Pydigadu Executive Director

The number of meetings and attendance per committee member are shown in the Corporate governance section.

Regular invited attendees: Group CIO.

The summaries in the EOH board of directors provide an overview of the Directors’ qualifications and experience.

COMMITTEE PURPOSE

The Information and Technology Committee (the committee) is mandated by the board with ensuring that information and technology is managed, appropriately resourced, and sufficiently defined to enable operations and to achieve the Group’s strategic objectives. The committee is responsible for ethical and effective risk and compliance systems for Information, Communication and Technology (ICT) as defined by King IV principle 12. The EOH EXCO is accountable to the committee for the implementation, effectiveness of, and adherence with, the EOH Governance Framework.

EOH has constituted an IT council that reports into the IT committee and is responsible for the delivery of the Group IT internal strategy within which the organisation operates. This includes the digitisation of the organisation, compliance with the regulatory framework, policy setting and oversight of the costs of the IT function. The IT Council meets monthly and provides updates to the committee at committee meetings.

The committee is responsible for:

  • the effectiveness of the EOH Group IT strategy, ensuring that ICT capabilities support the EOH Group business strategy;
  • leading the delivery of ICT capabilities that enable the integration of people, technologies, information and processes across EOH entities;
  • ensuring sufficient ICT management capacity, resources and IT systems, including applications, hardware, software and networks;
  • enterprise-wide management of information and technology risk, in line with the EOH Governance Framework, ensuring a road to ISO 27001 compliance;
  • proactive monitoring and management of systems to identify and respond to incidents, including cyber-attacks and data security;
  • managing the performance of, and the risks pertaining to, third‑party and outsourced ICT service providers;
  • reviewing ICT capital and operating budgets, assuring value delivered from investments made by the EOH Group in information and technology;
  • ensuring the effectiveness of governance relating to systems, programming, network and operations activities;
  • ensuring ICT backup procedures, including periodic testing, and disaster recovery planning, to ensure business continuity and resilience;
  • ensuring the responsible disposal of obsolete technology and the confidentiality of information, with minimal impact on the environment;
  • ensuring that an effective disaster recovery plan is in place; and
  • ensuring the responsible use of information and technology, including compliance with statutory and regulatory obligations.

ACTIVITIES DURING THE YEAR

The committee is aligned to deliver against the EOH Governance Framework, which contains measures relating to the ethical and effective oversight of the EOH Group’s ICT matters. The committee is required to meet three times a year in terms of its terms of reference, however in the year under review, the committee met four times due to increased work load given the disruptions in the year under review and establishing EOH’s first Group IT strategy.

The committee’s key focus areas for the 2020 financial year included:

Focus areas Response
Enhancing IT governance
  • Reviewing and refreshing the committee's terms of reference together with the work plan.
  • Reviewing and approving the IT services model and governance model.
  • Reviewing and providing guidance on the development of the Group IT strategy and approval of the FY2021 IT strategy.
  • Reviewing the implementation of major IT projects implemented over the past year (this responsibility lies with Group Risk and Compliance Committee with input from Group IT).
  • Reviewing technology and business system disaster recovery testing and processes and overseeing the commencement of the development of a disaster recovery plan.
  • Ensuring IT services are delivered cost effectively through standardisation, consolidation and leveraging resources.
Ensuring business continuity while navigating COVID-19
  • Reviewing COVID-19 related costs and ensuring that the Group had sufficient IT resources in place to enable work from home while ensuring networks are secure.
  • It is important to note that the Group reported significant savings in telecommunications and printing related costs during lockdown which has set the bar to empower employees to digitally work from anywhere efficiently and cost effectively.
IT security/cyber threats
  • Reviewing and overseeing cybersecurity across the Group.
Risk management
  • Reviewing risks within the IT landscape and ensuring the level of risk is mitigated to tolerable levels.
  • Although an increase in global cyber-attacks were reported, EOH's security controls and employee awareness training resulted in minimal breaches for the year and impact on the business.

CONCLUSION

Even before the COVID-19 pandemic hit, EOH moved to a more flexible workplace model which promoted a steady increase in people choosing to work remotely. Therefore, when lockdown measures were initiated, EOH was already in a position to empower our workforce to connect and work from anywhere through secure platforms and tools to perform their day to day duties.

The committee is satisfied that it has discharged its responsibilities during the year, as set out in the terms of reference.

Ismail Mamoojee

Chairperson, Information and Technology Committee

1 December 2020

Back to top

EOH Integrated report 2020