RSK2601
Assignment 1
Semester 1
Due 1 April 2026
,Corporate Governance Assessment: AI-Driven Customer Data
Analytics System (King IV Principle 16)
Introduction
The board of a South African retail company holds ultimate accountability for ensuring
technology initiatives comply with ethical standards and legal frameworks. When the
board approved an artificial intelligence driven customer data analytics system without
establishing clear oversight mechanisms or data governance policies, it failed to meet
its obligations under King IV Principle 16. This principle requires governing bodies to
adopt a stakeholder-inclusive approach that balances the needs, interests and
expectations of material stakeholders in the best interests of the organisation (Institute
of Directors in Southern Africa, 2016). This assessment evaluates the board's
responsibilities regarding technology and information governance using the scenario as
a practical reference point.
Evaluation with Examples
King IV Principle 16 emphasises that governing bodies must ensure stakeholder
inclusivity in decision-making processes (Institute of Directors in Southern Africa, 2016).
In this scenario, the board's failure to implement data governance policies meant
customer consent was not properly obtained, directly violating the Protection of
Personal Information Act (POPIA). This oversight demonstrates a critical disconnect
between strategic approval and operational governance. For instance, when the
company processed customer data without proper consent mechanisms, it treated
personal information as a business asset rather than a trust responsibility, thereby
undermining stakeholder confidence (Cookiebot, n.d.).
The board's responsibility extends beyond project approval. Under King IV, governing
bodies must ensure that technology and information governance supports strategic
objectives while managing associated risks (Tongaat Hulett, 2018). By delegating
implementation without establishing oversight frameworks, the board created an
, environment where compliance failures became inevitable. The regulatory penalties that
followed were not merely operational setbacks but governance failures that could have
been prevented through proactive board engagement.
Furthermore, Principle 16 requires boards to consider the broader impact of decisions
on society and the environment (NEPI Rockcastle, 2022). The company's approach to
customer data ignored the societal expectation of privacy protection, reflecting a narrow
focus on sales growth at the expense of ethical conduct. This misalignment between
business objectives and stakeholder expectations illustrates why boards must embed
governance considerations into every strategic initiative.
Suggested Actions
To strengthen governance, the board should immediately establish a technology and
information governance committee with clear terms of reference. This committee would
oversee data protection compliance, conduct regular audits of AI systems, and ensure
customer consent mechanisms are robust and transparent (Old Mutual Limited, 2019).
Additionally, the board should integrate data ethics training into its annual development
programme, ensuring directors understand their responsibilities under POPIA and King
IV.
Conclusion
Effective governance requires boards to look beyond financial returns and consider the
ethical implications of technology adoption. By embedding stakeholder inclusivity into
decision-making processes, the board can rebuild trust and ensure sustainable value
creation.
Assignment 1
Semester 1
Due 1 April 2026
,Corporate Governance Assessment: AI-Driven Customer Data
Analytics System (King IV Principle 16)
Introduction
The board of a South African retail company holds ultimate accountability for ensuring
technology initiatives comply with ethical standards and legal frameworks. When the
board approved an artificial intelligence driven customer data analytics system without
establishing clear oversight mechanisms or data governance policies, it failed to meet
its obligations under King IV Principle 16. This principle requires governing bodies to
adopt a stakeholder-inclusive approach that balances the needs, interests and
expectations of material stakeholders in the best interests of the organisation (Institute
of Directors in Southern Africa, 2016). This assessment evaluates the board's
responsibilities regarding technology and information governance using the scenario as
a practical reference point.
Evaluation with Examples
King IV Principle 16 emphasises that governing bodies must ensure stakeholder
inclusivity in decision-making processes (Institute of Directors in Southern Africa, 2016).
In this scenario, the board's failure to implement data governance policies meant
customer consent was not properly obtained, directly violating the Protection of
Personal Information Act (POPIA). This oversight demonstrates a critical disconnect
between strategic approval and operational governance. For instance, when the
company processed customer data without proper consent mechanisms, it treated
personal information as a business asset rather than a trust responsibility, thereby
undermining stakeholder confidence (Cookiebot, n.d.).
The board's responsibility extends beyond project approval. Under King IV, governing
bodies must ensure that technology and information governance supports strategic
objectives while managing associated risks (Tongaat Hulett, 2018). By delegating
implementation without establishing oversight frameworks, the board created an
, environment where compliance failures became inevitable. The regulatory penalties that
followed were not merely operational setbacks but governance failures that could have
been prevented through proactive board engagement.
Furthermore, Principle 16 requires boards to consider the broader impact of decisions
on society and the environment (NEPI Rockcastle, 2022). The company's approach to
customer data ignored the societal expectation of privacy protection, reflecting a narrow
focus on sales growth at the expense of ethical conduct. This misalignment between
business objectives and stakeholder expectations illustrates why boards must embed
governance considerations into every strategic initiative.
Suggested Actions
To strengthen governance, the board should immediately establish a technology and
information governance committee with clear terms of reference. This committee would
oversee data protection compliance, conduct regular audits of AI systems, and ensure
customer consent mechanisms are robust and transparent (Old Mutual Limited, 2019).
Additionally, the board should integrate data ethics training into its annual development
programme, ensuring directors understand their responsibilities under POPIA and King
IV.
Conclusion
Effective governance requires boards to look beyond financial returns and consider the
ethical implications of technology adoption. By embedding stakeholder inclusivity into
decision-making processes, the board can rebuild trust and ensure sustainable value
creation.
