RSK2601
ASSIGNMENT 1
DUE DATE: 1 APRIL 2026
, RSK2601 ASSIGNMENT 1 2026
DUE 1 APRIL 2026
Assessment of Board Responsibility for Emerging Risks in Accordance with King
IV Principle 11
Introduction
Corporate governance in South Africa is anchored by the King IV Report on Corporate
Governance for South Africa, which adopts an outcome-based approach to ensure
organisations are directed ethically and effectively. Principle 11 of King IV specifically
mandates that the governing body should govern risk in a way that supports the
organisation in setting and achieving its strategic objectives . This principle moves
beyond mere compliance, requiring that risk management be integrated into the
strategic fabric of the organisation, encompassing both threats and opportunities. In the
context of the scenario where a financial services company suffered a major
cyberattack after delegating all cybersecurity responsibilities to the IT department with
limited board oversight, this assessment critically evaluates the board’s failure to uphold
its fiduciary duties in accordance with Principle 11. The board’s approach was
fragmented and reactive, directly contradicting the holistic and strategic risk governance
model prescribed by King IV.
Evaluation with Examples
The board’s handling of cybersecurity risks demonstrates a fundamental
misunderstanding of its role as defined by Principle 11. King IV stipulates that the
governing body is responsible for setting the direction for how risk should be
ASSIGNMENT 1
DUE DATE: 1 APRIL 2026
, RSK2601 ASSIGNMENT 1 2026
DUE 1 APRIL 2026
Assessment of Board Responsibility for Emerging Risks in Accordance with King
IV Principle 11
Introduction
Corporate governance in South Africa is anchored by the King IV Report on Corporate
Governance for South Africa, which adopts an outcome-based approach to ensure
organisations are directed ethically and effectively. Principle 11 of King IV specifically
mandates that the governing body should govern risk in a way that supports the
organisation in setting and achieving its strategic objectives . This principle moves
beyond mere compliance, requiring that risk management be integrated into the
strategic fabric of the organisation, encompassing both threats and opportunities. In the
context of the scenario where a financial services company suffered a major
cyberattack after delegating all cybersecurity responsibilities to the IT department with
limited board oversight, this assessment critically evaluates the board’s failure to uphold
its fiduciary duties in accordance with Principle 11. The board’s approach was
fragmented and reactive, directly contradicting the holistic and strategic risk governance
model prescribed by King IV.
Evaluation with Examples
The board’s handling of cybersecurity risks demonstrates a fundamental
misunderstanding of its role as defined by Principle 11. King IV stipulates that the
governing body is responsible for setting the direction for how risk should be
