Information Technology Risks and Governance Disclosure: Evidence From Top 40 JSE Listed Companies


  • Taurayi Stephen NYAGOPE University of Kwazulu-Natal, South Africa
  • Rajendra RAJARAM University of Kwazulu-Natal, South Africa
  • Oloyede OBAGBUWA University of Kwazulu-Natal, South Africa



Information Technology, Risk Governance Disclosure, King IV


The study analyzed the extent to which information technology in the 40 JSE-listed companies discloses (IT) risks and governance. It also identified the similarities and differences between the South African King IV governance and other international IT governance and risk disclosure codes. We employed a qualitative content analysis technique and found that 32 of the top 40 JSE-listed entities (80%) completely complied with King IV and other international standards. In contrast, eight of the top forty JSE-listed businesses (20%) partly complied. Moreover, 79% (19/24) of provisions in King IV are similar to that of the international standards, while 21% (5/24) differ. The findings imply that most of the top 40 JSE-listed firms are protected from the consequences of non-compliance with IT risks and governance disclosure, such as going concern risk, fraud, and data manipulations. We also confirmed that King IV provisions regarding IT risks and governance aligned substantially with global standards, enhancing multinational firms' implementation of efficient IT risks and governance.


Download data is not yet available.


Abraham, S., & Shrives, P. J. (2014). Improving the relevance of risk factor disclosure in corporate annual reports. The British accounting review, 46(1), 91–107.

Baker, C., Rajaratnam, K., & Flint, E. J. (2016). Beta estimates of shares on the JSE Top 40 in the context of reference-day risk. Environment Systems and Decisions, 36(2), 126-141.

Barr, G., Kantor, B., & Holdsworth, C. (2007). The effect of the rand exchange rate on the JSE Top-40 stocks-an analysis for the practitioner. South African Journal of Business Management, 38(1), 45–58.

Byrnes, P., Gullvist, B., Brown-Liburd, H., Teeter, R., Mcquilken, D., & Vasarhelyi, M. (2012). Evolution of Auditing: From the Traditional Approach to the Future Audit-White Paper. American Institute of Certified Public Accountants (AICPA), New York.

De Haes, S., Van Grembergen, W., & Debreceny, R. S. (2013). COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of Information Systems, 27(1), 307-324.

Debreceny, R. S. (2013). Research on IT governance, risk, and value: Challenges and opportunities. Journal of Information Systems, 27(1), 129-135.

DEWI, G. A. R. P., & PUTRI, P. Y. A. (2020). AUDIT QUALITY REDUCTION BEHAVIOR: LOCUS OF CONTROL, JOB STRESS, TIME PRESSURE. International Journal of Environmental, Sustainability, and Social Sciences, 1(2), 19–27. PUSAT.pdf%0A

Elazhary, M., Popovi?, A., Henrique de Souza Bermejo, P., & Oliveira, T. (2022). How Information Technology Governance Influences Organizational Agility: The Role of Market Turbulence. Information Systems Management, 1-21.

Gheorghe, M. (2010). Audit Methodology for IT Governance. Informatica Economica, 14(1).

Hardy, G. (2005). Information Risks: Whose business are they? IT Governance Institute.

Hohls-du Preez, C. (2016). IT risk management disclosure in the integrated reports of the Top 40 listed companies on the JSE Limited—University of Johannesburg (South Africa).

IoD. (2016). King IV report on corporate governance in South Africa. Africa, LNS.

Jordaan, W. (2019). IT Governance Disclosure Practices in the Annual Integrated Reports of South African Listed Companies. University of Johannesburg (South Africa).

JSE (Johannesburg et al.), 2017. JSE launches Green Bond segment fund low-carbon projects.

Jusufi, L. (2013). Information Technology as Factor in Development of Contemporary Business. Iliria International Review, 3(1), 135-154.

Kotze, A. (2017). FTSE/JSE Top 40 index long-term returns. Available at SSRN 2978093.

Mamaro, L. P., & Tjano, R. (2019). The relationship between dividend payout and financial performance: evidence from Top40 JSE firms. The Journal of Accounting and Management, 9(2).

Mangalaraj, G., Singh, A., & Taneja, A. (2014). IT governance frameworks and COBIT-a literature review.

Marx, A., Moolman, A., & Ngwenya, M. (2016). Information technology governance disclosure compliance of JSE-listed companies. International Journal of eBusiness and eGovernment Studies, 8(1), 57-70.

Marx, B. (2009). An analysis of audit committee responsibilities and disclosure practices at large listed companies in South Africa. South African Journal of Accounting Research, 23(1), 31–44.


Marx, B., & Mohammadali-Haji, A. (2014). Emerging trends in reporting: an analysis of integrated reporting practices by South African top 40 listed companies. Journal of Economic and Financial Sciences, 7(1), 231-250.

Marx, B., & Voogt, T. (2010). Audit committee responsibilities vis?á?vis internal audit: How well do the Top 40 FTSE/JSElisted companies shape up? Meditari Accountancy Research.

Ngwenya, M. (2015). Analyzing information technology governance disclosure of the top 40 JSE-listed companies

Pa, N. C., BOKOLO JNR, A., Nor, R. N. H., & Murad, M. A. A. (2015). Risk assessment of IT governance: A systematic literature review—Journal of Theoretical & Applied Information Technology, 71(2).

Parent, M., & Reich, B. H. (2009). Governing information technology risk. California Management Review, 51(3), 134-152.

Pholohane, M., Ajuwon, O., & Wesson, N. (2020). The Impact Of Shares Moving In And Out Of Ftse/Jse Top 40 Index. Journal of Smart Economic Growth, 5(2), 59–93.

Pirta, R., & Strazdina, R. (2012). Assessing the need for information technology control environment establishment. Information Technology and Management Science, 15(1), 99-104.

Raemaekers, K., & Maroun, W. (2014). Trends in risk-disclosure practices of South African listed companies University of the Witwatersrand, Faculty of Commerce, Law and Management …].

Rubino, M., Vitolla, F., & Garzoni, A. (2017). The impact of an IT governance framework on the internal control environment. Records Management Journal.

Russell, F. (2010). FTSE/JSE Top 40 Index. Technology, 2(511,411), 7.81.

Schutte, B., & Marx, B. (2018). The role of information technology in the risk management of businesses in South Africa. Journal for New Generation Sciences, 16(2), 92-111.

Selig, G. J. (2018). IT governance—an integrated framework and roadmap: How to plan, deploy and sustain for competitive advantage. 2018 Portland International Conference on Management of Engineering and Technology (PICMET),

Tohidi, H. (2011). The Role of Risk Management in IT Systems of Organizations. Procedia Computer Science, 3, 881-887.


Van Vuuren, H. J. (2020). The Disclosure of Corporate Governance: A Tick-Box Exercise or Not? International Journal of Business and Management Studies, 12(1), 50-65.

Van Zijl, W., & Hewlett, V. (2022). An analyze the extent and use of fair value by JSE's Top 40 companies. South African Journal of Accounting Research, 36(2), 81–104.