APRG01-7 Week 9 Assignment A (Part 2)
template
Having analysed MultiChoice and Shoprite individually, you now have a clear view of how two
leading South African corporates identify, assess, and govern their technology risks. This
comparative exercise will deepen your understanding by highlighting industry-specific
practices, shared governance patterns, and divergent approaches to similar challenges. Your
task is to synthesise those insights into a concise comparison that not only catalogues
differences but also explains the underlying reasons - be they strategic priorities, regulatory
pressures, or operational complexities.
Instructions
1. Key dimensions for comparison
In the assignment template, we have identified the key dimensions for comparison;
do not select your own. For each aspect, describe how MultiChoice approaches it and
how Shoprite approaches it, using the exact section titles from their reports.
2. Populate the comparative table

MultiChoice and Shoprite approach: Use concise descriptions of the company’s
practice, citing page numbers or section headings.

Key difference (✓/✗): Mark ✓ if the approaches are broadly similar, ✗ if they differ
significantly.

Explanation: Provide a high-level analysis of why the difference (or similarity)
exists.
1
Comparative table: MultiChoice and Shoprite
Aspect
MultiChoice approach
Shoprite approach
Key difference
Explanation
(✓/✗)
✗
IT risk identification and
Risk management and material
Risk management (p. 26)
prioritisation
matters (p. 42)
Shoprite focuses on operational
and capital-integrated, while Shoprite’s is
MultiChoice identifies IT risks
continuity and cybersecurity,
operational and compliance-driven. This
through its enterprise risk
prioritising risks based on data
reflects their respective business models:
framework, aligning them with
protection and compliance. Their
digital-first vs. retail logistics.
strategic priorities and the six
assessment is tied to business
How does each company decide
which IT risks are most critical?
Consider the link between
identified risks and the
organisation’s strategic priorities
or the six capitals. Note the
thresholds or criteria used to
include a risk (e.g., potential
MultiChoice’s approach is more strategic
capitals. Criteria include customer resilience and stakeholder trust.
experience disruption, regulatory
exposure, and reputational
impact.
revenue impact, customer‐
experience disruption, regulatory
exposure).
Emerging-technology risks
Which emerging technologies are
flagged, and how are these
✗
Technology and innovation (p. 46)
A Smarter Shoprite (p. 33)
MultiChoice adopts a proactive, future-
MultiChoice flags AI ethics, cloud
Shoprite highlights automation and
oriented stance, while Shoprite’s framing
migration, and platform
data analytics as enablers of
is more operational. This difference
2
framed - as opportunity, threat or
scalability as both risks and
efficiency, with limited reference to
stems from strategic priorities and
both? Note how forward-looking
opportunities. These are tied to
ethical governance or future-
industry focus.
language (e.g., “future-ready AI
budgeted innovation and ethical
readiness.
ethics”) signals proactive
oversight.
governance, and whether any
risks are tied to concrete actions
or budgets.
✓
Governance bodies and
Corporate governance report (p.
Value-enhancing governance (p. 67)
reporting lines
60)
Shoprite assigns IT oversight to the
committees for IT governance, reflecting
Technology oversight sits with
Risk and Compliance Committee,
King IV principles. MultiChoice’s inclusion
the Risk and Audit Committees,
with board-level accountability
of Irdeto adds a specialised lens, but the
supported by Irdeto’s
embedded in broader governance.
overall structure is comparable.
How is IT oversight structured?
Identify which board committees
or sub-committees own
technology governance, and how
they enforce accountability.
Both companies use board-level
cybersecurity governance. Clear
reporting lines to the board are
maintained.
✓
Operational control integration
Operational performance – Irdeto
Operational performance –
and metrics
(p. 80)
Supermarkets RSA (p. 55)
operations, though MultiChoice’s are
Controls are enforced via global
Shoprite uses centralised IT controls
more security-focused. The similarity
cybersecurity protocols, frequent
focused on system uptime, data
What routine IT practices enforce
board directives? Consider
Both firms embed IT controls into
3
frequency, ownership, and scope
audits, and KPI tracking. These
integrity, and compliance metrics,
reflects the need for robust assurance in
of these controls.
are embedded in daily
reviewed quarterly.
large-scale environments.
operations.
Disclosure practices
How prominently is IT governance
featured? Note standalone
sections vs. embedded narratives,
and any separate policy
references.
✗
Technology and innovation (p. 46)
A Smarter Shoprite (p. 33)
MultiChoice provides standalone
Shoprite embeds IT governance
reflect its tech-driven strategy, while
disclosures on IT governance,
within broader operational
Shoprite’s embedded style aligns with its
innovation, and cybersecurity,
narratives, with fewer standalone
retail-centric reporting. This difference is
with cross-references to risk and
disclosures.
shaped by industry positioning and
strategy.
MultiChoice’s standalone disclosures
stakeholder expectations.
4