Listed US companies and their international subsidiaries may have the rules and penalties of Sarbanes-Oxley to guide them, but what about local companies? Is there effective governance in place in South Africa? And how does IT help or hinder corporate governance?

Present at a recent Brainstorm  roundtable discussion on these topics were: Haydn Pinnell, MD of Gallium Technology; Sagaran Naidoo, senior solution strategist at CA Africa; Karel Rode, solution strategist for security, also of CA Africa; Theo Potgieter of IT project management in corporate transactional banking at FNB; Bryce Thorrold, principal consultant for security and risk at Symantec; Paul Mullon, information governance executive at Metrofile; Eugene Pfister, director of IT advisory at KPMG; Barry Gill, technical director at Mimecast; Mark Penberthy, consultant at Continuity SA; Hugo Winterbach, CIO of Business Connexion; Amir Lubashevsky, director of Magix Integration; and Paul Platen, risk and compliance manager at Condyn. What follows is an edited version of the discussion. Brainstorm: How seriously are local companies taking governance?