Tourism Authority must protect industry from undue IT threats

By Boitumelo Babuseng MPL, DA Northern Cape Provincial Spokesperson of Finance:

The DA welcomes the achievement of a clean audit by the Northern Cape Tourism Authority (NCTA) but notes that a general lack of controls in Information Technology (IT) governance continues to poses a threat to the entity.

The King III report states that IT has become an integral part of doing business today, as it is fundamental to the support, sustainability and growth of organisations. IT cuts across all aspects, components and processes in business and is therefore not only an operational enabler for a company, but an important strategic asset which can be leveraged to create opportunities and to gain competitive advantage.

In this respect, the NCTA’s marketing strategies are largely enhanced through information management. Amongst other things, the entity has made large investments in social media platforms, digital marketing campaigns and advertising.

The gains made through capitalizing on IT related initiatives, could however be undone in the click of a button.
The King III report further goes on to state that in as much as IT can be a strategic asset to the company, IT also presents organisations with significant risks. The report therefore emphasizes that the strategic asset of IT and its related risks and constraints should be well governed and controlled.

The Auditor-General has been raising this issue across government institutions for some time now but, probably due to institutions underestimating the importance of this issue, there remains a reluctance by institutions to act on this.

The DA will write a letter to the acting MEC of Economic Development, requesting that he explains to us how the NCTA, as well as the department’s other entities, plan to improve controls on IT governance.

Tourism is an important contributor to the economy of the Northern Cape and therefore the NCTA must give the people of this province the assurance that they are doing everything necessary to protect the tourism industry from undue IT threats.