Integrated Report 2021

 

Currently viewing: Information and Technology Committee report / Social and Ethics Committee report

Governance
report

Information and Technology Committee report

"As a technology services business, catering for a hybrid workforce, we successfully navigated the new normal by empowering our end users to work securely from anywhere. To effect this, EOH established a solid central IT governance and standards foundation which set the scene to further enhance digital solutions that are fit for business."
Mike Bosman Chairperson, Information and Technology Committee

Mike Bosman Chairperson, Information and Technology Committee

Focus for 2022

  • Executing on the approved Group IT strategy
  • Enabling execution of the Group business strategy by providing strategic and tactical IT support
  • Control cost of ownership to ensure efficient provision of IT  services
  • Implementing Zero Trust Architecture and Controls
  • Empowering end-users' empowerment through digital transformation and productivity solutions
  • Establishing information and records management for POPIA compliance

COMMITTEE COMPOSITION

  • Mike Bosman (Chairperson of the committee)
  • Andrew Mthembu
  • Jesmane Boggenpoel
  • Andrew Marshall

The number of meetings and attendance per committee member are shown in Corporate governance.

Regular invited attendees: Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, Chief Information Officer and Chief Commercial Officer.

The summaries in Board of directors provide an overview of the directors' qualifications and experience.

COMMITTEE PURPOSE

The Information and Technology Committee ('the committee') is mandated by the Board to ensure that information and technology is managed, appropriately resourced, and sufficiently defined to enable operations and to achieve the Group's strategic objectives. The committee is responsible for ethical and effective risk and compliance systems for Information, Communication and Technology ('ICT') as defined by King IV principle 12. The EOH exco is accountable to the committee for the implementation, effectiveness of, and adherence with, the EOH Governance Framework.

EOH constituted an IT Council that reports into the IT committee and is responsible for the delivery of the Group IT internal strategy within which the organisation operates. This includes the digitisation of the organisation, compliance with the regulatory framework, policy setting and oversight of the costs of the IT function. The IT  Council meets monthly and provides updates to the committee at  committee meetings.

The committee is responsible for:

  • the effectiveness of the EOH Group IT strategy, ensuring that ICT  capabilities support the EOH Group business strategy;
  • leading the delivery of ICT capabilities that enable the integration of people, technologies, information and processes across EOH  entities;
  • ensuring sufficient ICT management capacity, resources and IT systems, including applications, hardware, software and networks;
  • enterprise-wide management of information and technology risk, in line with the EOH Governance Framework, ensuring a road to ISO 27001 compliance;
  • proactive monitoring and management of systems to identify and respond to incidents, including cyber-attacks and data security;
  • managing the performance of, and the risks pertaining to, third-party and outsourced ICT service providers;
  • reviewing ICT capital and operating budgets, assuring value delivered from investments made by the EOH Group in information and technology;
  • ensuring the effectiveness of governance relating to systems, programming, network and operations activities;
  • ensuring ICT backup procedures, including periodic testing, and disaster recovery planning, to ensure business continuity and resilience;
  • ensuring the responsible disposal of obsolete technology and the confidentiality of information, with minimal impact on the environment;
  • ensuring that an effective disaster recovery plan is in place; and
  • ensuring the responsible use of information and technology, including compliance with statutory and regulatory obligations.

ACTIVITIES DURING THE YEAR

The committee is aligned to deliver against the EOH Governance Framework, which contains measures relating to the ethical and effective oversight of the EOH Group's ICT matters. The committee is required to meet three times a year in terms of its terms of reference. However, in the year under review, the committee met four times due to increased workload given the disruptions during the year and the time taken to establish EOH's first Group IT  strategy.

The committee's key focus areas for the 2021 financial year included:

Focus areas Response
Enhancing IT governance
  • Reviewing and refreshing the committee's terms of reference together with the work plan.
  • Reviewing and approving the IT services model and governance model.
  • Reviewing and providing guidance on the development of the Group IT strategy and approval of the FY2022 IT strategy.
  • Reviewing the implementation of major IT projects implemented over the past year (this responsibility lies with the Group Risk and Compliance Committee with input from Group IT).
  • Reviewing technology and business system disaster recovery testing and processes and overseeing the commencement of the development of a disaster recovery plan.
  • Ensuring IT services are delivered cost-effectively through standardisation, consolidation and leveraging resources.
Ensuring business continuity while navigating continual COVID-19 regulations
  • Empowering our hybrid workforce to work from anywhere through productivity and digital solutions.
  • It is important to note that the Group reported significant savings in telecommunications, optimisation licensing agreements with vendors and
    printing-related costs during the 2021 financial  year.
IT security/cyber threats
  • Established a central cybersecurity operations centre to monitor, manage and report on all security-related incidents resulting in a more security aware and security mature organisation.
Risk management
  • Mitigation of audit findings and identified gaps.
  • Reviewing risks within the IT landscape and ensuring the level of risk is mitigated to tolerable levels.
  • Although an increase in global cyber-attacks was reported, EOH's security controls and employee awareness training resulted in minimal breaches for the year and impact on the business.
  • EOH established a project to on-board all businesses onto the central IT standards and security  controls.

CONCLUSION

The committee is satisfied that it has discharged its responsibilities during the year, as set out in the terms of reference.

Mike Bosman
Chairperson, Information and Technology Committee

26 October 2021

Back to top