After the African bank failure a few years back I suggested that sound data management capabilities were a function of good corporate governance (as in fact outlined by then King III and King IV) but also of compliance (in banking) with BCBS 239, SOX and similar international regulatory frameworks.
The gist of my argument: South African banks – irrespective of the facts – must take measures to ensure allegations of poor governance can be quickly refuted, and that the measures taken to ensure that the financials and risk position are accurate form part of the board reports.
In recent weeks, we were wracked by the Steinhoff scandal – arguably a failure of governance around accounting data as discussed here
Last week we saw Viceroy target Capitec Bank – leading to a 20% drop in the share price.
We have yet to see where this will lead as the bank and various interested parties have called the reports inaccurate. This is precisely the kind of scenario predicted above – and there is no doubt that the board’s ability (or inability) to prove that their figures and risk position are trustworthy is key to their defence.
Sound data governance is sound governance!
Data governance is unfortunately not well understood by many – who often see it is some variation on IT Audit or IT governance
At its core, data governance defines accountability for how data is used within an organisation. Data governance would define how a bank, for example, measures it’s risk position and ensure that the agreed processes and rules were rigorously applied. This proof is what inspires trust.
Trust is what the board of Capitec, and similarly targeted businesses, will need to have on their side in the coming weeks.