Ask the Experts
Ask the experts is a column in the Financial
Times IT Review supplement, which focuses on addressing IT issues faced by
business leaders. This short article, written by Auridian’s MD and founder, Ade McCormack,
appeared in the 15th December edition.
""What impact does IT have on corporate
governance?"
The term corporate governance is typically used in
conjunction with terms such as risk, compliance, creative accounting, Sarbox,
IAS, DPA, regulatory requirements, prison, stakeholders, Parmalat and Basel II.
There are over 6 million pages on Google that refer to it. Definitions of
corporate governance include:
- A
way to ensure that lenders of finance get a return on their investment
- The
system by which business corporations are controlled
- The
relationship of a company to its shareholders and society
- Promotion
of corporate fairness, transparency and accountability
- The
‘hot button’ for selling anything to CxOs.
What we have seen is the emergence of roles such as Chief
Compliance Officer, Chief Risk Officer and Chief Governance Officer. Less
visible is how IT is playing a strategic role in supporting good corporate
governance.
Interesting facts are emerging in this respect. Gartner estimates
that $2bn will be spent on IT projects in respect of Sarbox compliance alone in
Europe. A study by the Economist Intelligence Unit shows that only 27% of
senior executives ask for input from their IT department when planning major
deployments.
Clearly there is a ‘disconnect’ between the level of IT
spend and the level of IT influence in respect of corporate governance. So one
answer to the question posed by this article is that IT (as in the department)
has very little impact. It would appear that IT is brought in purely as
implementation specialists after the planning process is complete.
This is unfortunately the wrong answer and as this subject
matures, stakeholders are likely to cite the lack of IT involvement as a prima
facie example of poor corporate governance.
It is one thing for the directors to claim that they are in
control of their business, but quite another to demonstrate it. The auditing
requirement associated with corporate governance can only be delivered if each
and every relevant IT system has governance functionality in-built. Plus there
needs to be consistency between the governance outputs of the various IT
systems if the aggregated picture is to make sense. Therefore corporate
governance cannot be tackled in a piecemeal fashion.
In short corporate governance has architectural implications
for an organization’s IT infrastructure. We are talking ‘drains up’ on the IT
investment to date. Failure to do so will result in each ‘governance update’
sending a shock wave of problems through the IT infrastructure.
The good news is that most corporate IT architectures have
been ‘suspended in amber’ during the recent technology nuclear winter, and so
are due for an overhaul anyway. Driving out costs, getting closer to the
customer and security concerns are all driving architectural reviews.
Governance should be added to the list. Ultimately this will fall into the
remit of the IT Governance Officer, but that’s a scare story for the future.
Corporate governance could well go down in history as the
issue that initiated the ‘golden era of IT’, whereby the IT department played
an instrumental part in rebuilding trust in capitalism. For the CIO this is a
dilemma. Do they keep quiet despite knowing the consequences? Do they break
protocol and insist they are involved in the planning process. Or do they look
out for a ‘keen as mustard’ outsourcer onto whom they can offload the risk? As
usual, the future of business is in the hands of the CIO.
Ade McCormack
ade@auridian.com
Ade McCormack is an IT-value consultant and author of ‘IT
Demystified - The IT handbook for
business professionals’ available via www.auridian.com/book
and all good business bookstores.
