In this humbling year for American business, technology executives have been made to know their place. And that’s not altogether a bad thing.
The Andrew Fastows with their off-balance-sheet partnerships, the Dennis Kozlowskis with their $15,000 umbrella stands, the Bernie Ebberses with their run-the-company-into-the-ground accounting scams, were all chief executives or chief financial officers. There wasn’t a technology executive among them.
But the fallout from 2002—the push toward tighter corporate governance that put the Sarbanes-Oxley Act on the fast track, that has CEOs certifying quarterly results for the Securities and Exchange Commission, and that has boards of directors scrambling to develop better methods of financial oversight—won’t bypass technology executives entirely. Here are three things that will be different after this year of fraud.
Guardian Role. The board-level problems at Enron and Tyco and WorldCom were related not to systems failure but human failure—the directors were credulous and careless and probably plain lazy. Still, information systems and those responsible for them are bound to figure in the remedies now being considered. “From a design point of view, CIOs are going to be under pressure to provide boards with ongoing information about how companies are doing,” Ed Lawler, a business school professor and author of Corporate Boards, told me in a phone conversation. “Boards don’t want to be caught unaware or unprepared.”
The shift was also noted by Ron Ponder, a longtime technology executive who serves as chairman of the governance committee on the board of the Lincoln Financial Group in Philadelphia—and who thus understands the issue from two sides. “We have to look at these things in a new light,” said Ponder, the chief information officer of Wellpoint Health Networks. “I don’t think we can assume the work we’ve been doing in the past is enough.” In particular, Ponder said chief information officers need to become better custodians of their companies’ financial control systems, in part by forming stronger partnerships with internal auditors.
The Command Performance. Top technologists in the post-Enron era may also be called upon periodically to develop information systems exclusively for the use of directors. This has already happened at Brady Corp.; the $550 million label-maker has spent roughly $100,000 to develop a secure Web zone with information available only to its nine-member board. “There’s a new emphasis not only on the accurate reporting of results but also on the process by which you gather your information,” said Brady chief Katherine Hudson, a former CIO herself. “That’s definitely within the purview of the CIO.”
Your John Hancock, Please. Since the summer, some top technologists have been asked to do like the boss and attest, in writing, to their results. Of course, it isn’t quite the same thing, since these “certifications” don’t get sent to the SEC—they get the once-over from the CFO and then get filed away. The transportation-company Roadway, for instance, is making about a dozen executives—including those responsible for technology—sign off on their results. “I think the formalization of it, in this environment, gives good documentation as to what’s been rolled up that supports the certification that the CEO and CFO are required to sign off on,” said Dawson Cunningham, Roadway’s CFO. But what is the CIO certifying? “We’re asking him to attest to our continued ability to rely on the systems and information that come from his area,” Cunningham said.
Still, there are limits to the documents technology executives will sign. Would they attest to the expected financial return of a given technology project? Researcher Eugene Fram said he doubted it. “ROI is very difficult,” said Fram, the J. Warren McClure professor of marketing at the Rochester (N.Y.) Institute of Technology. “There might be CIOs around who have more guts than I have. But if I were a CIO, I would be rather insecure in attempting to do that.”
