DUE 1 APRIL 2026
Assessment of Board Responsibility for Emerging Risks in Accordance with King IV
Principle 11
Introduction
Corporate governance in South Africa is anchored by the King IV Report on Corporate
Governance for South Africa, which adopts an outcome-based approach to ensure
organisations are directed ethically and effectively. Principle 11 of King IV specifically mandates
that the governing body should govern risk in a way that supports the organisation in setting and
achieving its strategic objectives . This principle moves beyond mere compliance, requiring that
risk management be integrated into the strategic fabric of the organisation, encompassing both
threats and opportunities. In the context of the scenario where a financial services company
suffered a major cyberattack after delegating all cybersecurity responsibilities to the IT
department with limited board oversight, this assessment critically evaluates the board’s failure
to uphold its fiduciary duties in accordance with Principle 11. The board’s approach was
fragmented and reactive, directly contradicting the holistic and strategic risk governance model
prescribed by King IV.