////////////////////////////////////////////
// JAVASCRIPT PROMPTS & GLOBAL VARIABLES
////////////////////////////////////////////
//
// PTH CHANGE THE TOTAL NUMBER OF QUESTIONS BELOW and AREAQUESTIONS, MAIN,
var maxQuestions = 102;
var maxAreaExam = 102;
var defaultQuestions = 102;
var numQues = 0; // SET TOTAL NUMBER OF QUESTIONS REQUESTED
var numChoi = 2; // NUMBER OF CHOICES PER QUESTION
var numQuesTotal = 0; // NUMBER OF QUESTIONS CREATED
var pickDomain = 0; // SET DOMAIN SELECTION CHOICE
var score, finalScore, C1score, C2score, C3score, C4score, C5score, C6score;
var totalTime;
var quesPerArea = new Array(0,0,0,0,0,0); // NUMBER OF QUESTIONS PER AREA
var areaPercent = new Array(.3431, .13725, .12745, .098, .245, .049); // AREA PERCENTAGES
//var tempArray = new Array();
var selected = new Array();
var selectedName = new Array();
var tosort = new Array();
// QUESTION DEFINITIONS
var C1_1 = new Array("C1_1", "An IT governance charter and policies are established and implemented. The IT governance charter and policies outline the decision-making rights and accountability framework for IT governance that will enable the desirable culture in the use of IT within the company.", "An IT Governance Charter and suitable policies for IT have not been established by the Board.", "Both the IT Governance Charter and suitable policies for IT are implemented and adequately outline decision-making rights and accountability of the IT Steering Committee and/or CIO.", "King III requires that as part of the IT governance framework, the board should ensure that an IT governance charter and policies are established and implemented.", 2, 1);
var C1_2 = new Array("C1_2", "The IT Steering Committee and/or CIO have established and implemented an accountability framework to identify, and clearly and unambiguously assign roles and responsibilities, decision-making rights and accountability to all IT staff in support of the achievement of corporate objectives.", "An accountability framework has not been implemented in the manner required to assign IT roles and responsibilities.", "An accountability framework has been used to identify and assign to staff their roles and responsibilities, decision-making authorities and personal accountabilities.", "King III requires an accountability framework to clearly and unambiguously assign roles and responsibilities, decision-making rights and accountability to all IT staff.", 2, 1);
var C1_3 = new Array("C1_3", "A suitable organisational structure and the terms of reference for each oversight body within the structure is defined and implemented.", "An organisational structure and/or their terms of reference have not been defined or implemented.", "An organisational structure comprising a governance layer, management (management system) layer and an operational layer has been implemented with terms of reference for each oversight committee/authority.", "King III requires that management be responsible for the implementation of all the structures, processes and mechanisms to execute the IT governance framework.", 2, 1);var C1_4 = new Array("C1_4", "An integrated process model and suitable management systems covering all IT activities have been adopted to execute the IT governance framework.", "Insufficient processes and management systems have been defined and implemented by management as part of their IT governance framework.", "A business focused, integrated, process-orientated approach combined with the necessary management systems have been adopted for all IT activities as part of the governance framework.", "King III requires that management be responsible for the implementation of all the structures, processes and mechanisms to execute the IT governance framework.", 2, 1);
var C1_5 = new Array("C1_5", "Effective governance mechanisms such as policies, plans, processes, systems, goals, role descriptions, standards, schedules, metrics and other similar artefacts are in regular use.", "Few mechanisms are in systemic use as part of the governance framework.", "Appropriate governance mechanisms have been identified and deployed as appropriate to the organisational maturity of the company and its goals.", "King III requires that management be responsible for the implementation of all the structures, processes and mechanisms to execute the IT governance framework.", 2, 1);
var C1_6 = new Array("C1_6", "Either an IT steering committee, CIO or executive management has been appointed by the board to assist with the governance of IT (having regard for the company's size being large, medium or small).", "The board has not formally appointed anyone to assist them with their governance of IT.", "The board has formally appointed an IT steering committee / CIO/ executive management to assist them with their governance of IT.", "King III requires the board to appoint an IT steering committee or similar forum or function to assist with its governance of IT.", 2, 1);
var C1_7 = new Array("C1_7", "The daily tasks within IT are influenced by the board's decisions and any direction it has provided to the IT steering committee/CIO.", "An appropriate and effective governance framework has not been implemented to translate the board's decisions into actions.", "An appropriate and effective governance framework has been implemented to translate the board's decisions into actions.", "King III requires that the IT governance framework be appropriate and applicable to the company.", 2, 1);
var C1_8 = new Array("C1_8", "Executive managers representing business interests actively participate as members of IT oversight boards and committees.", "Senior representatives from the business do not assist with the oversight of IT.", "Senior representatives from the business do assist with the oversight of IT.", "King III requires that there should be relevant representation from business and IT on IT oversight structures.", 2, 1);
var C1_9 = new Array("C1_9", "The board does understand the strategic importance of IT and therefore IT is regularly on the agenda of board meetings.", "The strategic importance of IT is largely not understood by the board.", "The board's members do evaluate, direct and monitor the use of IT across the company.", "King III requires that the board understand the strategic importance of IT.", 2, 1);
var C1_10 = new Array("C1_10", "IT frameworks, policies, procedures and standards are used to deliver value, minimise IT risk, ensure business continuity and assist the company to manage its IT resources efficiently and cost effectively.", "IT frameworks, policies, procedures and standards are not being used extensively to effectively deliver value, minimise IT risk, ensure business continuity and optimise resource usage.", "IT frameworks, policies, procedures and standards are being used extensively to effectively deliver value, minimise IT risk, ensure business continuity and optimise resource usage.", "King III requires the implementation of IT frameworks, policies, procedures and standards that minimise IT risk, deliver value, ensure business continuity and assist the company to manage its IT resources efficiently and cost effectively.", 2, 1);
var C1_11 = new Array("C1_11", "The strategy, structure and size of the IT function is sufficient to manage the IT function.", "The strategy, structure and size of the IT function is inadequate to manage the IT function.", "The strategy, structure and size of the IT function is adequate to manage the IT function.", "King III requires each company to consider the suitability of strategy, structure and size of its IT function, considering what is appropriate for the adequate management of the IT function.", 2, 1);
var C1_12 = new Array("C1_12", "The strategy, structure and size of the IT function is sufficient to adequately manage the associated risk.", "The strategy, structure and size of the IT function is inadequate to manage the associated risk.", "The strategy, structure and size of the IT function is adequate to manage the associated risk.", "King III requires each company to consider the suitability of strategy, structure and size of its IT function, considering what is appropriate for the adequate management of the associated risk of the particular company.", 2, 1);
var C1_13 = new Array("C1_13", "Reporting by the board in the integrated report is complete, timely, relevant and accurate.", "There are no processes or steps specified to ensure that reporting by the board in the integrated report is complete, timely, relevant and accurate.", "There are specific steps and processes to ensure that reporting by the board in the integrated report is complete, timely, relevant and accurate.", "King III requires that the board takes the necessary steps to ensure that there are processes in place for complete, timely, relevant accurate and accessible IT reporting, firstly from the management to the board and secondly by the board in the integrated report.", 2, 1);
var C1_14 = new Array("C1_14", "The significance of IT and its role in supporting the business is reflected in IT's integration with business operations.", "The IT function's integration with the business is not adequate to support the business.", "The IT function's integration with the business is adequate to support the business.", "King III requires that the structure of the IT function, its role and its position in terms of reporting lines, should reflect the company's decision on how IT is integrated with its operations.", 2, 1);
var C1_15 = new Array("C1_15", "An individual has been appointed as CIO (or of similar title) and is responsible for the management IT.", "An individual is not appointed with overall responsibility for the management of IT.", "An individual is appointed with overall responsibility for the management of IT.", "King III requires that the CEO appoint an individual responsible for the management of IT, often referred to as a Chief Information Officer (CIO).", 2, 1);
var C1_16 = new Array("C1_16", "The CIO/Head of IT is to be suitably qualified and experienced, and interacts regularly on matters of IT governance with the board or appropriate committee or both.", "The Head of IT/CIO does not interact with board on matters of governance for IT.", "The Head of IT/CIO does interact with board on matters of governance for IT.", "King III requires the CIO be a suitably qualified and experienced person who should have access to, and interact regularly on, IT governance matters with the board or appropriate committee or both, as well as with executive management.", 2, 1);
var C1_17 = new Array("C1_17", "Managers are to provide timely information about the desirable use of IT.", "The CIO does not provide timely information about the IT function's strategic alignment, value delivery, risk management and resource optimisation.", "The CIO does provide timely information about the IT function's strategic alignment, value delivery, risk management and resource optimisation..", "King III requires that there be encouragement in the desirable use of IT by requiring managers to provide timely information, comply with the direction given and to conform to the principles of good governance.", 2, 1);
var C1_18 = new Array("C1_18", "Managers comply with the direction given.", "IT managers are not complying with the direction given by the directors.", "IT managers are complying with the direction given by the directors.", "King III requires that there be encouragement in the desirable use of IT by requiring managers to provide timely information, comply with the direction given and to conform to the principles of good governance.", 2, 1);
var C1_19 = new Array("C1_19", "Managers conform to the desirable use of IT through adhering to the principles of good governance.", "IT managers are not conforming with the King principles of good governance (i.e. focus on the effective and efficient use of IT resources and deliver in line with corporate objectives).", "IT managers are conforming with the King principles of good governance (i.e. focus on the effective and efficient use of IT resources and deliver in line with corporate objectives).", "King III requires that there be encouragement in the desirable use of IT by requiring IT managers to provide timely information, comply with the direction given and to conform to the principles of good governance.", 2, 1);
var C1_20 = new Array("C1_20", "Incorporate IT governance in corporate governance.", "IT governance is currently an isolated discipline and not an integral part of overall corporate governance.", "IT governance is an isolated discipline and it is an integral part of overall corporate governance.", "King III requires IT governance not be an isolated discipline but is an integral part of overall corporate governance.", 2, 1);
var C1_21 = new Array("C1_21", "Minutes of board meetings reflect the attention given and the decision-making by the board regarding IT.", "IT governance matters are not regularly discussed at board meetings.", "IT governance matters are regularly discussed at board meetings and decisions recorded in the minutes of board meetings.", "King III requires that IT is on the agenda of board meetings.", 2, 1);
var C1_22 = new Array("C1_22", "The board does understand the strategic importance of IT.", "The board does not demonstrate its understanding of the strategic importance of IT.", "The board does demonstrate its understanding of the strategic opportunities IT has for the business.", "King III requires the board understand the strategic importance of IT.", 2, 1);
var C1_23 = new Array("C1_23", "The terms of reference of the board do address the board's responsibility for the governance of IT.", "The board's terms of reference do not include the governance of IT.", "The board's terms of reference do include the governance of IT.", "King III requires that the board assume responsibility for the governance of IT.", 2, 1);
var C1_24 = new Array("C1_24", "The governance framework starts with the board providing leadership.", "The board does not DIRECT, MONITOR and EVALUATE the effective and efficient achievement of the company's strategic objectives.", "The board does DIRECT, MONITOR and EVALUATE the effective and efficient achievement of the company's strategic objectives.", "King III requires that the board provides the required leadership and direction to ensure that the company's IT achieves, sustains and enhances the company's strategic objectives.", 2, 1);
var C1_25 = new Array("C1_25", "IT governance addresses both information and related technology.", "IT governance only addresses the IT environment.", "IT governance addresses information regardless of whether the processes used are manual or automated.", "King III requires that IT governance focuses on the governance of the information as well as the governance of technology.", 2, 1);
var C1_26 = new Array("C1_26", "An awareness exists of the maturity levels of governance currently in place.", "IT management is not aware of the maturity level of the governance currently in the place.", "IT management is aware of the maturity level of governance currently in place, being one of:
- largely dependent on people,
- focus on managing risk with the aid of a repeatable process,
- address the effectiveness and efficiency of the processes used,
- seek to identify quality defects in the processes,
- provide competitive advantage and continuous improvement in service to stakeholders.", "King III requires that the board oversees the cultivation and promotion of an ethical IT governance and management culture.", 2, 1);
var C1_27 = new Array("C1_27", "An IT internal control framework has been adopted and implemented.", "IT managers have not implemented an adequate system of internal control for information and technology solutions.", "IT managers have an adequate system of internal control in place to ensure that all information is accurate, complete and valid and the processes used to produce this information are sufficiently reliable, efficient, effective and secure.", "King III requires that the board ensures an IT internal control framework is adopted and implemented by management.", 2, 1);
var C1_28 = new Array("C1_28", "The board receives independent assurance that the system of internal control adopted by management is effective.", "The board does not receive independent assurance about the effectiveness of the system of internal control for information and technology.", "The board does receive independent assurance about the effectiveness of the system of internal control for information and technology.", "King III requires the board receives independent assurance on the effectiveness of the system of internal control.", 2, 1);
var C1_29 = new Array("C1_29", "An ethical IT governance culture is being cultivated.", "An ethical IT governance culture is not being cultivated across the organisation.", "An ethical IT governance culture is being cultivated across the organisation based on responsibility, accountability, fairness and transparency.", "King III requires that the board should oversee the cultivation and promotion of an ethical IT governance culture.", 2, 1);
var C1_30 = new Array("C1_30", "An ethical IT management culture is being cultivated.", "An ethical IT management culture is not being cultivated.", "An ethical management culture is being cultivated based on responsibility, accountability, fairness and transparency.", "King III requires that the board should oversee the cultivation and promotion of an ethical management culture.", 2, 1);
var C1_31 = new Array("C1_31", "IT management skills and competencies are being promoted.", "IT management skills and competencies are not being developed.", "IT management skills and competencies are being promoted and developed.", "King III requires that the board should oversee the cultivation and promotion of management skills and competencies.", 2, 1);
var C1_32 = new Array("C1_32", "A common IT language is being cultivated and promoted through the adoption of IT frameworks.", "Little attention is being given to promote a common IT language.", "Through the adoption of a generally accepted IT framework a common IT language is being promoted.", "King III requires that the board should oversee the cultivation and promotion of a common IT language.", 2, 1);
var C1_33 = new Array("C1_33", "IT management is responsible for the implementation of all the structures, processes and mechanisms to execute the IT governance framework.", "IT management has not progressed very far with the implementation of structures, processes and mechanisms to execute the IT governance framework.", "IT management has progressed with the implementation of effective organisational structures, integrated processes and mechanisms to execute the IT governance framework.", "King III requires that IT management be responsible for the implementation of all the structures, processes and mechanisms to execute the IT governance framework.", 2, 1);
var C1_34 = new Array("C1_34", "The board discharges its moral duties regarding the governance of IT.", "Directors have not displayed commitment, courage, conscience, competence and inclusivity of all stakeholders in pursuing IT governance.", "Directors have displayed commitment, courage, conscience, competence and inclusivity of all stakeholders in pursuing IT governance.", "King III requires each director to discharge the moral duties of commitment, courage, conscience, competence and inclusivity of all stakeholders", 2, 1);
var C1_35 = new Array("C1_35", "The board provides ethical leadership regarding the governance of IT.", "The board has not demonstrated ethical leadership.", "The board has demonstrated ethical leadership displaying responsibility, accountability, fairness and transparency.", "King III requires ethical leadership from the board based on responsibility, accountability, fairness and transparency.", 2, 1);
var C2_1 = new Array("C2_1", "IT management acquires and uses the appropriate technology, processes and people to support its business and governance requirements in a timely manner and accurately.", "The acquisition of people, process and technology is not in line with business and governance requirements.", "People, process and technology are acquired in line with business and governance requirements.", "King III requires that the company ensures it acquires and uses the appropriate technology, processes and people to support its business and governance requirements in a timely manner and accurately.", 2, 2);
var C2_2 = new Array("C2_2", "The board is to facilitate the integration of IT into business strategic thinking and development.", "IT and business strategic thinking are not integrated.", "IT and business strategic thinking are integrated.", "King III requires that a bridge be established between IT and the business and therefore have a strategic approach and facilitate the integration of IT into business strategic thinking and development.", 2, 2);
var C2_3 = new Array("C2_3", "Business and IT plans are integrated.", "Business and IT plans are not integrated.", "Business and IT plans are integrated.", "King III requires that the alignment between IT and strategic and business processes includes ensuring that business and IT plans are integrated.", 2, 2);
var C2_4 = new Array("C2_4", "The CIO defines, maintains and validates the IT value proposition.", "The CIO does not define, maintain or validate the IT value proposition.", "The CIO does define, maintain and validate the IT value proposition.", "King III requires that the CIO establishes the alignment between IT, strategic and business processes includes defining, maintaining and validating the IT value proposition.", 2, 2);
var C2_5 = new Array("C2_5", "IT operations are aligned with the overall business operations.", "IT operations are not aligned with the overall business operations.", "IT operations are aligned with the overall business operations.", "King III requires that the alignment between IT and strategic and business processes includes aligning IT operations with overall business operations.", 2, 2);
var C2_6 = new Array("C2_6", "The company's IT achieves, sustains and enhances the company's strategic objectives.", "The company's IT does not achieve, sustain and enhance the company's strategic objectives.", "The company's IT does achieve, sustain and enhance the company's strategic objectives.", "King III requires that the board ensures that the company's IT achieves, sustains and enhances the company's strategic objectives.", 2, 2);
var C2_7 = new Array("C2_7", "IT is seen to add value by enabling the improvement of the company’s performance and sustainability.", "IT is not seen to add value by enabling the improvement of the company's performance and sustainability.", "IT is seen to add value by enabling the improvement of the company's performance and sustainability.", "King III requires that IT be seen to add value by enabling the improvement of the company's performance and sustainability.", 2, 2);
var C2_8 = new Array("C2_8", "The negative impact that IT could have on the environment is considered.", "The negative impact that IT could have on the environment is not considered.", "The negative impact that IT could have on the environment is considered.", "King III requires the company to consider the negative impact that IT could have on the environment.", 2, 2);
var C2_9 = new Array("C2_9", "There is a robust process in place to identify, and exploit where appropriate, opportunities to improve the performance and sustainability of the company in the triple context through effective and efficient use of IT.", "There is no process in place.", "There is a robust process in place to improve the performance and sustainability of the company.", "King III requires the board to ensure that there is a robust process in place to identify, and exploit where appropriate, opportunities to improve the performance and sustainability of the company in the triple context through effective and efficient use of IT.", 2, 2);
var C2_10 = new Array("C2_10", "The need for joint accountability and responsibility for IT is understood.", "Joint accountability for IT delivering value and managing risk is not established with executive management and senior business leaders.", "Joint accountability for IT delivering value and managing risk is established with executive management and senior business leaders.", "King III requires that a bridge be established between IT and the business and joint accountability and responsibility for IT is understood.", 2, 2);
var C2_11 = new Array("C2_11", "The strategy, structure and size of the IT function is sufficient to address any legislative requirements that apply to IT.", "The strategy, structure and size of the IT function is inadequate to address the legislative requirements applicable to IT.", "The strategy, structure and size of the IT function is adequate to address the legislative requirements applicable to IT.", "King III requires each company to consider the suitability of strategy, structure and size of its IT function, considering what is appropriate for the adequate management having regard to any legislative requirements that apply to the IT function.", 2, 2);
var C2_12 = new Array("C2_12", "The CIO serves as a bridge between IT and the business and is business orientated.", "The CIO is not a bridge between IT and the business, and is not business orientated.", "The CIO serves as a bridge between IT and the business, and is business orientated.", "King III requires that the CIO be a bridge between IT and the business and therefore be business-orientated, understand business requirements, the long-term strategy for the business of the company and translate this into efficient and effective IT solutions.", 2, 2);
var C2_13 = new Array("C2_13", "The CIO understands the business requirements and the long-term strategy for the business.", "The CIO does not understand the business requirements and the long-term strategy for the business.", "The CIO does understand the business requirements and the long-term strategy for the business.", "King III requires that the CIO be a bridge between IT and the business and therefore be business-orientated, understand business requirements, the long-term strategy for the business of the company and translate this into efficient and effective IT solutions.", 2, 2);
var C2_14 = new Array("C2_14", "The CIO is a bridge between IT and the business and ensures that long-term startegy translates into efficient and effective solutions.", "IT solutions are not the result of long-term business plans.", "IT solutions are the result of long-term business plans.", "King III requires that the CIO be a bridge between IT and the business and therefore be business-orientated, understand business requirements, the long-term strategy for the business of the company and translate this into efficient and effective IT solutions.", 2, 2);
var C3_1 = new Array("C3_1", "Management informs the board about whether the company's IT function is on track to achieve its objectives.", "The board is not informed about whether the company's IT function is on track to achieve its objectives.", "The board is informed about whether the company's IT function is on track to achieve its objectives.", "King III requires management to inform the board about whether the company's IT function is on track to achieve its objectives.", 2, 3);
var C3_2 = new Array("C3_2", "Management informs the board about whether the company's IT function is resilient and agile enough to adapt to strategic needs.", "The board is not informed about whether the company's IT function is resilient and agile enough to adapt to strategic needs.", "The board is informed about whether the company's IT function is resilient and agile enough to adapt to strategic needs.", "King III requires management to inform the board about whether the company's IT function is resilient and agile enough to adapt to strategic needs.", 2, 3);
var C3_3 = new Array("C3_3", "Management informs the board about whether the company's IT function is adequately protected from the risks it faces.", "The board is informed about whether the company's IT function is adequately protected from the risks it faces.", "The board is not informed about whether the company's IT function is adequately protected from the risks it faces.", "King III requires management to inform the board about whether the company's IT function is adequately protected from the risks it faces.", 2, 3);
var C3_4 = new Array("C3_4", "Management informs the board about whether the company's IT function is such that opportunities can be pro-actively recognised and acted on.", "The board is not informed about whether the company's IT function is such that opportunities can be pro-actively recognised and acted on.", "The board is informed about whether the company's IT function is such that opportunities can be pro-actively recognised and acted on.", "King III requires management to inform the board about whether the company's IT function is such that opportunities can be pro-actively recognised and acted on.", 2, 3);
var C3_5 = new Array("C3_5", "The business value is in proportion to the level of investment in IT each year.", "The business value is not in proportion to the level of investment.", "IT management is able to determine that the business value is in proportion to the level of investment.", "King III suggests that the level of investment in IT is significant and continues to increase (and few companies would survive without this). King III states there are many examples of companies generating value from investing in IT, but many executives are questioning whether the business value is in proportion to the level of investment.", 2, 3);
var C3_6 = new Array("C3_6", "The business strategies and objectives, and the role of IT in achieving them, is clearly stated by the board.", "The board does not oversee the proper value delivery of IT.", "The board does oversee the proper value delivery of IT.", "King III requires that the board oversee the proper value delivery of IT.", 2, 3);
var C3_7 = new Array("C3_7", "There is measurement and management of the amount spent on and the value received from IT.", "The expected return on investment from significant IT investments and projects is not measured and managed.", "The expected return on investment from significant IT investments and projects is measured and managed.", "King III requires that the board is to ensure that the expected return on investment from significant IT investments and projects is delivered.", 2, 3);
var C3_8 = new Array("C3_8", "Information and intellectual property contained in the information systems are appropriately protected.", "Information and intellectual property contained in the information systems are not adequately protected.", "Information and intellectual property contained in the information systems are appropriately protected.", "King III requires that the board is to ensure the information and intellectual property contained in the information systems are protected.", 2, 3);
var C3_9 = new Array("C3_9", "The board has assigned accountability for organisational changes required to benefit IT capabilities.", "Accountability for organisational changes is not assigned.", "Accountability for organisational changes is assigned.", "King III requires the board to assign accountability for organisational changes required to benefit IT capabilities.", 2, 3);
var C3_10 = new Array("C3_10", "There is learning from each IT implementation.", "Generally, lessons are not learnt and similar mistakes are being repeated.", "Mechanisms are in place to learn from past mistakes and avoid similar mistakes in the future.", "King III requires that the board oversee the proper value delivery of IT.", 2, 3);
var C3_11 = new Array("C3_11", "The IT governance framework does facilitate and enhance the company's ability to reach its objectives by enabling appropriate decision-making regarding the security and sustainability of IT in its operations, programmes and services.", "The IT governance framework does not facilitate the inclusion of IT security that is robust and reliable, configurable and scalable, customisable and interoperable.", "The IT governance framework does facilitate the inclusion of IT security that is robust and reliable, configurable and scalable, customisable and interoperable.", "King III requires the incorporation of IT into its operations, programmes and services on a secure and sustainable basis.", 2, 3);
var C3_12 = new Array("C3_12", "The IT governance framework addresses both the delivery of value and the management of risk.", "The IT governance framework is less focused on the delivery of value from IT than it is on managing risks.", "The current IT governance framework is well suited to overseeing the delivery of value from IT.", "King III requires that the IT governance framework include relevant structures, processes and mechanisms to enable IT to deliver value to the business and mitigate IT risk", 2, 3);
var C3_13 = new Array("C3_13", "The IT organisation is becoming more adept at sharing and re-using IT resources.", "Generally, the re-use of IT resources is not significant.", "The re-use and sharing of IT resources is of growing significance.", "King III requires that the board oversee the proper value delivery of IT.", 2, 3);
var C4_1 = new Array("C4_1", "Management do consider sustainability and the impact on strategic objectives as important criteria when acquiring new IT solutions (either through purchase or development).", "Management do not consider sustainability and the impact on strategic objectives as important criteria when acquiring new IT solutions.", "Management do consider sustainability and the impact on strategic objectives as important criteria when acquiring new IT solutions.", "King III requires that a bridge be established between IT and the business, and that care and skill be exercised to design, develop, implement and maintain sustainable IT solutions to enable the achievement of strategic objectives.", 2, 4);
var C4_2 = new Array("C4_2", "Resource usage and the leverage of knowledge is optimised.", "Resource usage and the leverage of knowledge is not optimised.", "Resource usage and the leverage of knowledge is suitably optimised.", "King III requires the CIO to optimise resources usage and leverage knowledge.", 2, 4);
var C4_3 = new Array("C4_3", "Information and intellectual property is protected.", "Information and intellectual property is not adequately protected.", "Information and intellectual property is suitably protected.", "King III requires the CIO to protect information and intellectual property.", 2, 4);
var C4_4 = new Array("C4_4", "Post-implementation reviews to learn from each implementation are conducted.", "Post-implementation reviews are not conducted.", "Post-implementation reviews to learn from each implementation are conducted.", "King III requires the CIO to conduct post-implementation reviews to learn from each implementation.", 2, 4);
var C4_5 = new Array("C4_5", "Information assets are effectively managed.", "Information assets are not effectively managed.", "Information assets are effectively managed.", "King III requires the CIO to manage information assets effectively.", 2, 4);
var C4_6 = new Array("C4_6", "The integrity and availability of information and information systems in a timely manner is ensured through appropriate controls.", "The integrity and availability of information and information systems in a timely manner is not ensured through appropriate controls.", "The integrity and availability of information and information systems in a timely manner is ensured through appropriate controls.", "King III requires the CIO to ensure the integrity and availability of information and information systems in a timely manner.", 2, 4);
var C4_7 = new Array("C4_7", "Information records management is implemented.", "Information records management is not adequately implemented.", "Information records management is implemented.", "King III requires the CIO to implement information records management and ensure information assets are identified, classified, retained, stored, archived, protected and made available when required for business and legal purposes.", 2, 4);
var C4_8 = new Array("C4_8", "Independent assurance that outsourced service providers have applied the principles of IT governance is obtained.", "Independent assurance that outsourced service providers have applied the principles of IT governance is not obtained.", "Independent assurance that outsourced service providers have applied the principles of IT governance is obtained.", "King III requires the CIO to obtain independent assurance that outsourced service providers have applied the principles of IT governance.", 2, 4);
var C4_9 = new Array("C4_9", "Independent assurance that the basic elements of appropriate project management principles are applied to all IT projects is obtained.", "Independent assurance that appropriate project management principles are applied to all IT projects is not obtained.", "Independent assurance that appropriate project management principles are applied to all IT projects is obtained.", "King III requires the CIO to obtain independent assurance that the basic elements of appropriate project management principles are applied to all IT projects.", 2, 4);
var C4_10 = new Array("C4_10", "Adequate business resilience arrangements in the event of a disaster affecting IT are regularly demonstrated to the Board.", "Adequate business resilience arrangements cannot be demonstrated to the Board.", "Adequate business resilience arrangements are regularly demonstrated to the Board.", "King III requires the CIO to regularly demonstrate to the Board of Directors that the company has adequate business resilience arrangements in the event of a disaster affecting IT.", 2, 4);
var C5_1 = new Array("C5_1", "IT risks are to be minimised.", "IT risks have not been minimised.", "IT risks have been minimised through appropriate counter-measures.", "King III requires risks to be minimised.", 2, 5);
var C5_2 = new Array("C5_2", "Implement a risk management process based on the board's risk appetite.", "A suitable risk management process is not implemented.", "A suitable risk management process to operationalise risk management is implemented.", "King III requires the CIO to implement a risk management process based on the board's risk appetite.", 2, 5);
var C5_3 = new Array("C5_3", "The company's compliance with applicable laws, rules, codes and standards, the board should ensure that IT related laws, rules, codes and standards.", "Compliance with applicable laws, rules, codes and standards is not established.", "Compliance with applicable laws, rules, codes and standards is established.", "King III requires that when considering the company's compliance with applicable laws, rules, codes and standards, the board should ensure that IT related laws, rules, codes and standards are considered. Companies must comply with the applicable IT laws and consider adherence to applicable IT rules, codes and standards, guidelines and leading practices.", 2, 5);
var C5_4 = new Array("C5_4", "Maintain an IT risk register, including IT legal risks.", "An up-to-date IT risk register is not in place.", "An up-to-date IT risk register is in place.", "King III requires the CIO to maintain an IT risk register, including IT legal risks.", 2, 5);
var C5_5 = new Array("C5_5", "Design, implement and monitor the IT risk management plan.", "An IT risk management plan is not being implemented and monitored.", "An IT risk management plan is being implemented and monitored.", "King III requires the CIO to design, implement and monitor the IT risk management plan.", 2, 5);
var C5_6 = new Array("C5_6", "Implement an IT controls framework.", "An effective system of control for all information and technology risks is not implemented.", "An effective system of control for all information and technology risks is implemented across the organisation.", "King III requires the CIO to implement an IT controls framework.", 2, 5);
var C5_7 = new Array("C5_7", "Obtain assurance on the effectiveness of the IT control framework.", "Assurance about the effectiveness of the system of controls has not been obtained.", "Assurance about the effectiveness of the system of controls is regularly obtained.", "King III requires the CIO to obtain assurance on the effectiveness of the IT control framework.", 2, 5);
var C5_8 = new Array("C5_8", "Obtain independent assurance of the effectiveness of the IT controls framework implemented by service providers.", "Assurance about the effectiveness of the system of controls implemented by service providers has not been obtained.", "Assurance about the effectiveness of the system of controls implemented by service providers has been obtained.", "King III requires the CIO to obtain independent assurance of the effectiveness of the IT controls framework implemented by service providers.", 2, 5);
var C5_9 = new Array("C5_9", "Perform continual risk assessments.", "Continual risk assessments are not performed.", "Continual risk assessments are being performed.", "King III requires the CIO to perform continual risk assessments.", 2, 5);
var C5_10 = new Array("C5_10", "Consider and implement appropriate risk responses.", "Appropriate risk responses are not implemented to manage the IT risks.", "Appropriate risk responses are implemented to manage the IT risks.", "King III requires the CIO to consider and implement appropriate risk responses.", 2, 5);
var C5_11 = new Array("C5_11", "Implement an information security strategy.", "An information security strategy has not been developed and approved by the board.", "An information security strategy to deliver the security required by the business, has been developed and approved by the board.", "King III requires the CIO to implement an information security strategy.", 2, 5);
var C5_12 = new Array("C5_12", "Implement an information security management system in accordance with an appropriate information security framework.", "An information security management system is not implemented in accordance with an appropriate information security framework.", "An information security management system, comprising processes to plan, implement, run and check security is implemented in accordance with an appropriate information security framework.", "King III requires the CIO to implement an information security management system in accordance with an appropriate information security framework.", 2, 5);
var C5_13 = new Array("C5_13", "Establish a business continuity programme for the company's information and successful execution of the business’ activities.", "A suitable business continuity programme is not established.", "A suitable business continuity programme is established.", "King III requires the CIO to establish a business continuity programme for the company's information and successful execution of the business’ activities.", 2, 5);
var C5_14 = new Array("C5_14", "Identify all personal information processed by the company and treat this as an important business asset, including being processed in accordance with applicable laws.", "Procedures have not been established to identify all information of a personal nature and protect personal information as an important business standard.", "Procedures have been established to identify all information of a personal nature and protect personal information as an important business standard as required by applicable laws.", "King III requires the CIO to identify all personal information processed by the company and treat this as an important business asset, including being processed in accordance with applicable laws.", 2, 5);
var C5_15 = new Array("C5_15", "Provide the Audit and Risk Committees with relevant information about IT risks and the controls in place.", "The CIO does not provide the Audit and Risk Committees with relevant information about IT risks and the controls in place.", "The CIO does provide the Audit and Risk Committees with relevant information about IT risks and the controls in place.", "King III requires the CIO to provide the Audit and Risk Committees with relevant information about IT risks and the controls in place.", 2, 5);
var C5_16 = new Array("C5_16", "The audit committee is to consider the use of technology and related techniques to improve audit coverage and audit efficiency.", "The audit committee does not consider the use of technology and related techniques to improve audit coverage and audit efficiency.", "The audit committee does consider the use of technology and related techniques to improve audit coverage and audit efficiency.", "King III requires the audit committee to consider the use of technology and related techniques to improve audit coverage and audit efficiency.", 2, 5);
var C5_17 = new Array("C5_17", "The audit committee has responsibility for IT as it relates to financial reporting and the going concern of the company. The risk committee has the responsibility to oversee the broader risk implication of IT.", "The Audit and Risks Committees scope of responsibilities are not clearly defined.", "The Audit and Risks Committees scope of responsibilities are clearly defined.", "King III requires IT as it relates to financial reporting and the going concern of the company to be the responsibility of the audit committee. The risk committee has the responsibility to oversee the broader risk implication of IT.", 2, 5);
var C5_18 = new Array("C5_18", "Business areas that are highly dependent on IT are more exposed if IT risks are not appropriately governed. The risk committee is to obtain appropriate assurance that controls are effective in addressing these risks.", "The risk committee does not obtain appropriate assurance that controls are effective in addressing these risks.", "The risk committee does obtain appropriate assurance that controls are effective in addressing these risks.", "King III requires the areas that are highly dependent on IT are more exposed if IT risks are not appropriately governed. The risk committee should obtain appropriate assurance that controls are effective in addressing these risks.", 2, 5);
var C5_19 = new Array("C5_19", "The members of the risk committee does understand the company's overall exposure to IT risks from a strategic and business perspective, including the areas of the business that are most dependent on IT for effective and continual operation.", "The members of the risk committee does not understand the company's overall exposure to IT risks.", "The members of the risk committee does understand the company's overall exposure to IT risks.", "King III requires an understanding and measuring IT risks and that the members of the risk committee should understand the company's overall exposure to IT risks from a strategic and business perspective, including the areas of the business that are most dependent on IT for effective and continual operation.", 2, 5);
var C5_20 = new Array("C5_20", "The company's risk committee does consider IT risk as a crucial element of the effective oversight of risk management of the company.", "The company's risk committee does not consider IT risk as a crucial element of effective oversight.", "The company's risk committee does consider IT risk as a crucial element of effective oversight.", "King III requires that the risk committee should consider IT risk as a crucial element of the effective oversight of risk management of the company. In many cases the risk committee may need to rely on expert advice from within or outside the company.", 2, 5);
var C5_21 = new Array("C5_21", "The company's risk committee does ensure that IT risks are adequately addressed through its risk management, monitoring and assurance processes.", "The company's risk committee does not ensure that IT risks are adequately addressed.", "The company's risk committee does ensure that IT risks are adequately addressed.", "King III requires that the risk committee should ensure that IT risks are adequately addressed through its risk management, monitoring and assurance processes.", 2, 5);
var C5_22 = new Array("C5_22", "The board does consider how IT could be used to aid the company in its managing of risk and its compliance with laws, rules, codes and standards.", "The board does not consider how IT could be used to aid the company in its managing of risk.", "The board does consider how IT could be used to aid the company in its managing of risk.", "King III requires that the board should consider how IT could be used to aid the company in its managing of risk and its compliance with laws, rules, codes and standards.", 2, 5);
var C5_23 = new Array("C5_23", "The CIO is to address the IT legal risk arising from the possession, ownership and operational use of technology and which may result in the company becoming a part to legal proceedings.", "The CIO does not address the IT legal risk arising from the possession, ownership and operational use of technology.", "The CIO does address the IT legal risk arising from the possession, ownership and operational use of technology.", "King III requires that the IT legal risk arising from the possession, ownership and operational use of technology that may result in the company becoming a part to legal proceedings be addressed.", 2, 5);
var C5_24 = new Array("C5_24", "Management are to regularly demonstrate to the board that the company has adequate business resilience arrangements in place for disaster recovery.", "Adequate business resilience arrangements are not in place for disaster recovery.", "Adequate business resilience arrangements are in place for disaster recovery.", "King III requires that management should regularly demonstrate to the board that the company has adequate business resilience arrangements in place for disaster recovery.", 2, 5);
var C5_25 = new Array("C5_25", "IT risks form part of the company's risk management activities and considerations.", "IT risks do not form part of the company’s risk management activities.", "IT risks do form part of the company’s risk management activities.", "King III requires that IT risks form part of the company’s risk management activities and considerations.", 2, 5);
var C6_1 = new Array("C6_1", "Reports to the board by the IT steering committee/CIO do address the effective and efficient management of IT resources to facilitate the achievement of a company's strategic objectives.", "The board does not receive reports from the IT steering committee/CIO providing details about the effective and efficient management of IT resources to facilitate the achievement of a company's strategic objectives.", "The board receive reports from the IT steering committee/CIO providing details about the effective and efficient management of IT resources to facilitate the achievement of a company's strategic objectives.", "King III requires the board to take responsibility for the effective and efficient management of IT resources and the contribution IT makes to the achievement of the company's strategic objectives.", 2, 6);
var C6_2 = new Array("C6_2", "Reports to the board by the IT steering committee/CIO provide details about the risks, benefits and constraints of IT.", "The board does not receive reports frpm the IT steering committee/CIO providing details about the risks, benefits and constraints of IT.", "The board does receive reports from the IT steering committee/CIO providing details about the risks, benefits and constraints of IT.", "King III requires that the board assume responsibility for the governance of IT.", 2, 6);
var C6_3 = new Array("C6_3", "IT performance is measured and managed.", "The CIO does not measure and manage IT performance.", "The CIO does measure and manage IT performance.", "King III requires the measurement, management and communication of IT performance.", 2, 6);
var C6_4 = new Array("C6_4", "Processes have been implemented to ensure that reporting to the board is complete, timely, relevant, accurate and accessible.", "There are no processes or steps specifically implemented to ensure that reporting from IT management to the board is complete, timely, relevant and accurate.", "There are specific steps and processes implemented to ensure that reporting from IT management to the board is complete, timely, relevant and accurate.", "King III requires that the board takes the necessary steps to ensure that there are processes in place for complete, timely, relevant accurate and accessible IT reporting, firstly from the management to the board and secondly by the board in the integrated report.", 2, 6);
var C6_5 = new Array("C6_5", "The CIO regularly reports on IT's performance to the board.", "The CIO does not report on IT's performance to the board.", "The CIO regularly reports on IT's performance in delivering value, managing risk, strategic alignment and resource optimisation to the board.", "King III requires reporting to the IT Steering Committee / Board of Directors on IT performance.", 2, 6);
// QUESTIONS FOR EACH AREA
var C1 = new Array(C1_1, C1_2, C1_3, C1_4, C1_5, C1_6, C1_7, C1_8, C1_9, C1_10, C1_11, C1_12, C1_13, C1_14, C1_15, C1_16, C1_17, C1_18, C1_19, C1_20, C1_21, C1_22, C1_23, C1_24, C1_25, C1_26, C1_27, C1_28, C1_29, C1_30, C1_31, C1_32, C1_33, C1_34, C1_35);
var C2 = new Array(C2_1, C2_2, C2_3, C2_4, C2_5, C2_6, C2_7, C2_8, C2_9, C2_10, C2_11, C2_12, C2_13, C2_14);
var C3 = new Array(C3_1, C3_2, C3_3, C3_4, C3_5, C3_6, C3_7, C3_8, C3_9, C3_10, C3_11, C3_12, C3_13);
var C4 = new Array(C4_1, C4_2, C4_3, C4_4, C4_5, C4_6, C4_7, C4_8, C4_9, C4_10);
var C5 = new Array(C5_1, C5_2, C5_3, C5_4, C5_5, C5_6, C5_7, C5_8, C5_9, C5_10, C5_11, C5_12, C5_13, C5_14, C5_15, C5_16, C5_17, C5_18, C5_19, C5_20, C5_21, C5_22, C5_23, C5_24, C5_25);
var C6 = new Array(C6_1, C6_2, C6_3, C6_4, C6_5);
var allQuestions = new Array(
C1_1, C1_2, C1_3, C1_4, C1_5, C1_6, C1_7, C1_8, C1_9, C1_10, C1_11, C1_12, C1_13, C1_14, C1_15, C1_16, C1_17, C1_18, C1_19, C1_20, C1_21, C1_22, C1_23, C1_24, C1_25, C1_26, C1_27, C1_28, C1_29, C1_30, C1_31, C1_32, C1_33, C1_34, C1_35,
C2_1, C2_2, C2_3, C2_4, C2_5, C2_6, C2_7, C2_8, C2_9, C2_10, C2_11, C2_12, C2_13, C2_14,
C3_1, C3_2, C3_3, C3_4, C3_5, C3_6, C3_7, C3_8, C3_9, C3_10, C3_11, C3_12, C3_13,
C4_1, C4_2, C4_3, C4_4, C4_5, C4_6, C4_7, C4_8, C4_9, C4_10,
C5_1, C5_2, C5_3, C5_4, C5_5, C5_6, C5_7, C5_8, C5_9, C5_10, C5_11, C5_12, C5_13, C5_14, C5_15, C5_16, C5_17, C5_18, C5_19, C5_20, C5_21, C5_22, C5_23, C5_24, C5_25,
C6_1, C6_2, C6_3, C6_4, C6_5);
for (i=0; i< allQuestions.length;i++) { // ADD AN INDEX NUMBER TO THE EACH QUESTION ARRAY
allQuestions[i][12] = i;
}
var areas = new Array(C1, C2, C3, C4, C5, C6); // NEW ARRAY LIST