
The release of the King V Code on Corporate Governance for South Africa, 2025 (King V), represents an evolution in South Africa’s governance framework. For organisations already aligned with King IV, their focus should be on achieving governance maturity, rather than a structural overhaul. The question boards should now be asking is no longer “what must be rebuilt?” but rather “how do we evolve our existing governance arrangements to better deliver on the four governance outcomes”?
King V raises expectations by sharpening the focus on integrated thinking, positioning governance as performance-enabling, and sustainable value creation.
A stronger emphasis on integrated governance
The governance role of the governing body is a continuous, integrated cycle encompassing:
steering the organisation and setting its strategic direction;
formulating policies and putting together plans to give effect to the set direction and then deliberating on and approving these policies and plans;
delegating the implementation to management and exercising oversight and monitoring thereof; and
ensuring accountability of the organisation to its stakeholders through formal reports, disclosures and engagement.
In carrying out this role, governing bodies must operate across four complementary dimensions: (i) they need to look inward at the organisation itself, and (ii) outward at the economic, social and environmental context in which it operates; (iii) they must balance a present‑day focus on oversight and control with accountability for past decisions, while at the same time (iv) keeping a clear eye on the future through strategy and policy.
Technology governance moves to the centre
Under King IV, technology governance was embedded within corporate governance, focusing on aligning technology with business strategy, strengthening resilience, and ensuring that information, data and technology risks were well governed and compliant. The aim was to create resilient organisations capable of adapting to technological advancements while safeguarding against emerging risks.
King V elevates data, information and technology into a strategic pillar (Principle 10), positioning them as core to value creation, sustainability and stakeholder trust. This shifts the governing body’s role from oversight alone to active stewardship of how data and technology are used responsibly.
For boards, this means technology oversight must be integrated, regular, and strategic, not episodic or technical in nature.
Combined assurance becomes a strategic board tool
While King IV introduced combined assurance, King V significantly raises expectations around its application. Boards are now expected to ensure a deliberate, coordinated, and outcomes‑focused approach to assurance across:
Management controls
Internal audit
External audit
Risk, compliance, and specialist assurance providers
The objective is not simply assurance coverage, but confidence, reducing duplication, closing blind spots, and enabling the board to rely on a coherent, consolidated view of risk and control effectiveness. In practice, combined assurance moves from being a governance concept to a strategic mechanism supporting board accountability.
Governing in the data, information and technology era: from oversight to stewardship
Under King IV, the governing body and its committees were primarily positioned as oversight and review forums. King V allows forflexibility in governance structures provided that boards can demonstrate effective oversight and achievement of governance outcomes.
For Principle 10, the test should be: “Has the governing body structured itself in a way that enables informed, ethical and effective stewardship of data, information and technology?”
Use of existing committees (combined or expanded mandates)
Many organisations will locate Principle 10 oversight within the Risk Committee, provided its mandate is expanded to include:
Data and information governance risks (privacy, quality, ethics)
Technology and cyber risk
Outsourced technology and data processing risks
Emerging technology risks and opportunities (including AI)
- Practical governance actions
Strengthening skills through appointments, inductions, or targeted development
Improving collaboration between committees, management, and assurance providers
Ensure standing agenda items on:
Cyber posture and incidents
Material data breaches or privacy issues
Technology investment risk and value realisation
The Audit Committee may play a supporting role, particularly in relation to:
Data quality and integrity underpinning reporting
Assurance over information controls
Oversight of assurance on data and technology governance
- Where there is no separate technology committee, the Audit Committee can:
Oversee assurance reports on Principle 10
Coordinate with Risk Committee to avoid gaps or duplication
Specialist or hybrid committees (adaptive practice)
Organisations may form specialist committees provided they enhance effectiveness.
Technology / Digital / Data Committee
This is increasingly appropriate where technology and data are central to value creation in the organisation, or there is significant reliance on digital platforms, data analytics or AI.
Typical mandate under Principle 10
Oversight of data and technology strategy alignment
Monitoring ethical use of data and AI
Review of major technology investments
Escalation of material risks to the board
Smaller organisations and individual delegation
King V recognises that smaller or less complex organisations may delegate Principle 10 responsibilities to a single board committee with a broad mandate, or an individual board member with relevant expertise.
Conditions for effective application
Delegation must be formal and documented
Reporting lines to the full governing body must be clear
The board must retain ultimate accountability
- Compensating measures may include:
More frequent board-level reporting
External assurance or advisory input
Clear escalation thresholds for data or technology incidents
Ensuring Principle 10 is implemented in substance, not form
To evidence effective application of Principle 10 through governance structures, boards should be able to demonstrate that:
Oversight of data, information and technology is explicitly allocated
Committee mandates, terms of reference and board charters are updated accordingly
There is regular reporting on:
Data governance effectiveness
Technology risks, opportunities and resilience
Ethical and compliant use of emerging technologies
- Periodic independent assurance is obtained and considered
- Disclosures explain how proportional application still achieves the objectives of Principle 10 in the overall pursuit of the governance outcomes.
Capability matters more than committee structure
King IV moved away from a “tick box” approach to board committees. Rather than prescribing specific committees, it placed the responsibility on the governing body to determine which structures are appropriate for the organisation. Committees were therefore a matter of informed judgement, shaped by the organisation’s needs and stakeholder interests, and not a compliance exercise. Under King V, existing audit and risk committee structures for many organisations remain fit for purpose provided they evolve, while in others, some overlapping committees may need to be consolidated. The emphasis is on the expectation that boards and committees should collectively demonstrate effective governance outcomes across:
Financial and integrated reporting
Enterprise and emerging risks
Technology, cyber, and data governance
ESG and sustainability
Governance and ethics
Major failures (cyber breaches, AI misuse, data ethics scandals) consistently trace back to weak board‑level understanding . Boards are therefore expected to understand, challenge and guide data and technology decisions.
What boards should do next to respond to King V?
To respond effectively to King V expectations, boards, audit and risk committees should consider the following actions:
- Reassess integration across oversight functions – Evaluate how audit, risk, technology, and assurance currently intersect.
- Update mandates and committee charters – Explicitly reflect King V integration expectations, including technology and ESG oversight, within the committees’ terms of reference.
- Strengthen governance capability – Assess whether the current board and committee composition provides sufficient depth in risk, technology, digital resilience, and sustainability.
- Elevate combined assurance – Ensure combined assurance is coordinated, deliberate, and aligned to the organisation’s most material risks.
- Focus on governance outcomes – Refocus discussions toward decision quality, resilience, and value creation.
King V does not demand more governance. It demands better governance.
For boards, executives, and regulators alike, this is an opportunity to strengthen trust, resilience, and long‑term performance through truly integrated oversight.
Our latest insights
View all insights

King V Practical Application: Data, information and technology

Managing remuneration policies and implementation plans at AGMs

DivInsight Report - Q1 2026

2025 South Africa AGM Season Review
