|Mr AM Leeming
Click here to view résumé
|Mr F Rizzo
||Mr JA Lee
||Mr Z Miller
||Mr SD Wing
|Chief Financial Officer||Independent IT governance expert||Director: Hospitality||Chief Information Officer||Chief Operations Officer|
|Meeting attendance: 5/5||Meeting attendance: 4/5||Meeting attendance: 4/5||Meeting attendance 1/1*||Meeting attendance: 3/5|
* Appointed to sub-committee on 1 June 2014.
The members of the IT governance sub-committee (“the sub-committee”) represent key areas of the business to ensure appropriate business representation. Mr CS Benjamin, Director: Group Internal Audit and Ms V Nayagar, Group Manager: IT governance, risk, compliance and information security, are standing invitees of the sub-committee.
The sub-committee is responsible for monitoring, developing and communicating the processes for managing IT governance, information flows and governance across the Group.
The year under review has brought some significant matters under consideration, which included amongst others the restructuring of the Group’s central IT division; the approval to implement an Enterprise Resource Planning system (“IFS”); the oversight and conclusion of the successful implementation of the Group’s Enterprise Gaming System (EGS) and overseeing the key IT project assessments and risks for the Group. Further time was dedicated to ensuring that the sub-committee was focused on the governance of IT as opposed to operational IT matters which are dealt with by the Group’s IT steerco. We believe that these distinctions are now firmly entrenched. The sub-committee at one stage contemplated the appointment of an independent international gaming Chief Information Officer to serve on the sub-committee. This is no longer considered necessary as the sub-committee’s mandate has now evolved and is well understood.
The sub-committee’s terms of reference clearly set out its mandate and the sub-committee has met five times this year to effectively fulfil its mandate.
The Group Manager: IT governance, risk, compliance and information security was appointed during the year under review as the Group is cognisant that IT risks are inherent in the nature of the business we operate. In particular, there is heightened regulation around information security with both cybercrime and identity theft increasing globally, with these IT risks assessed by the sub-committee in the year under review. The sub-committee is pleased to report that following the successful implementation of EGS, previously one of the most significant risks faced by the Group, this risk has now been remediated. The potential failure to fully realise the benefits flowing from EGS has replaced the previous implementation risk.
This sub-committee will continue to oversee the IT risk register and ensure that these are surfaced to the risk committee where necessary, which in turn provides a report to the board.
The governance of and benefits in realising key IT Group projects are a further area of focus for the sub-committee. In the year under review the sub-committee assessed the implementation of IFS; the roll-out of a new Wifi solution; implementation of the Group’s business continuity programme, and an Enterprise Data Management solution, among other projects. The sub-committee has requested that controls and measures that will allow for technology benefits measurement, which will typically be realised post deployment, have been assessed and presented to the sub-committee for review.
The Protection of Personal Information (PoPI) project is ongoing and has been assigned to the IT division under the charge of the Group Manager: IT governance, risk, compliance and information security. This project has received special consideration by the sub-committee given the permutations for the business and the stringent requirements of the legislation. Personal information flow mappings have been completed for all areas of the Group head office and are being finalised at unit level. While there have been significant areas of achievement, PoPI by nature requires the business to adapt its processes and embed a culture in the organisation that is mindful of the information it collects and the uses thereof.
The sub-committee reviews the key IT incidents across the Group, which typically result from system outages. The sub-committee is of the opinion that the preventative measures and responses in place are adequate for mitigating against business impact.
The sub-committee is satisfied that IT governance is well entrenched throughout the Group and the addition of new and significant IT projects will continue to be monitored by the sub-committee. There have been no significant areas of concern that the sub-committee believe could materially impact the Group’s standing in this regard.