2019 Integrated Report

CORPORATE GOVERNANCE REPORT | 75 The GRC established the Group Technology Steering Committee (GTSC) as a sub-committee of the GRC to, inter alia , assist and enable the GRC to discharge its responsibilities in relation to the management of Information Technology (IT) delivery and risks. There is overlap in the non-executive membership of the GRC and the GTSC. Further particulars of the GTSC are provided in this Integrated Report. The GRC meetings held during the year and the attendance thereat were as follows: Group Risk Committee 5 Mar 2019 27 May 2019 9 Sep 2019 6 Nov 2019 Dr J A van der Merwe (Chairman) P P P P Dr D P Du Plessis P P P P Mr C Erasmus P P P P Mr E J S Franklin (Appointed 1 March 2019) P P P P Mr I J Smit P P P P GROUP TECHNOLOGY STEERING COMMITTEE (GTSC) MEMBERS Mr E J S Franklin (Chairman) B Sc Physics and Applied Mathematics, B Sc Elec Eng, M Sc Elec Eng (Manchester), MBA Dr J A van der Merwe MB ChB, MBL, DBL, PED. (IMD) Mr L de Villiers (Acting Chief Information Officer) BA Economics and Statistics, Nat. Dip. Electronic Data Processing, GITI – Information Technology & Telecommunications (INSEAD), DIS – Information Technology (Harvard) Mr A Nel B Com (Computer Science, Management Accountancy) Mr N J Battersby (Chief Operating Officer) B Sc Mech Eng, B Com (Hons), CFP, MBA, AMP (Harvard) Dr A Bachoo (Chief Technology Officer) B Com, B Sc (Hons), M Com, PhD (Wits) (Resigned 31 January 2020) All the members of the GTSC were appointed on 9 September 2019, the date of establishment of the committee by the GRC. The role of the GTSC is to assist and enable the GRC to discharge its responsibilities in relation to the management of Information Technology (IT) delivery and risks. The Committee has an independent oversight role, with delegated responsibility for interrogating and monitoring IT Risks, associated ratings and responses in a manner that promotes engagement between IT and business and to report thereon to the GRC. The Committee must perform all the functions necessary to fulfil this role and is responsible for governing technology and information in a way that supports the organisation setting and achieving its strategic objectives, as set out in the recommended practices under Principle 12 (Technology and information governance) of the King IV Report of Corporate Governance for South Africa, 2016. In addition, the Committee has the following specific responsibilities as assigned to it by the GRC, on an ongoing basis: ~ ~ Review and annually approve the Group IT Strategy; ~ ~ Review and monitor the supporting management actions, in order to implement the IT strategy in a timeous and cost-effective manner, ensuring that the desired business benefits are realised; ~ ~ Review and approve the Group Architecture Principles as recommended by the Group Architecture Review Board (ARB); ~ ~ Monitor that effective IT programme/project approval, prioritisation processes, risk management and corporate governance are in place for the PPS Insurance Group; ~ ~ Review the IT strategic and operational risk assessments; ~ ~ Review the IT audits, including, but not limited to: –– IT General Controls audits; –– Security Audits; –– Disaster Recovery audits; –– King IV Compliance audits; –– IT Service Management (ITIL) audits; ~ ~ Review the Software Development Life Cycle; ~ ~ Review metrics for the measurement of IT Operations (“run environment”) and the IT Build environment (“DevOps”); ~ ~ Review and approve the IT Operating Model structure (organogram); ~ ~ Review and approve the IT skills strategy (sourcing, retaining, building in redundancy and upskilling); ~ ~ Promote engagement between IT and business within the Group; ~ ~ Assess the impact on IT of current projects (dashboard) and consider which projects are at risk; ~ ~ Review and interrogate feedback from the ARB and the Strategic Change Office for consistency of approach, and to provide insights to management.