strategic risk framework and policy, as outlined in the Risk Report of this Annual Report. A compliance framework has been developed and various aspects of it are being implemented. Compliance with risk is monitored through the Audit and Risk Committee of Council (ARCC) in terms of the approved Risk Management Strategy. Council can confirm that it maintained a reporting system that enabled it to monitor changes in the Institution’s risk profile and gained an assurance that risk management was effective. Council is not aware of any key risk – current, imminent or forecasted – that may threaten the sustainability of the University.
TECHNOLOGY AND INFORMATION
GOVERNANCE
Governance and oversight of IT remain the responsibility of ARCC. The Committee drives strategic leadership on the alignment of IT plans with the University’s strategic objectives and activities. IT risks form part of the University’s risk management activities and considerations. Recognising
the need to entrench Governance Risk and Compliance (GRC) best practices, an internal Information and Communication Technology (ICT) Steering Committee has been established. Its role is to ensure that the University’s planning for and investment in IT, which is understood to encompass hardware, infrastructure, software, systems and information, supports the strategic goals of the Institution. Accepted standards are applied to protect the privacy of, and ensure control over, all data. As far as is practicable, systems are designed to promote ease of use for all users. The development, maintenance and operation of all systems is under the control of competently trained staff. Relevant controls and procedures are designed and implemented to minimise the risk of fraud or error in utilising electronic technology to conduct transactions with staff, students and third parties. Initiatives such as the implementation of the i-enabler is part of the Enterprise Resource Planning (ERP) system aimed at paperless transactions that promote more efficient and secure systems and processes.
The IT strategy, framework and policies are actively
  UNIVERSITY OF ZULULAND ANNUAL REPORT 2020
6