Why CIOs are More Vital Than EverBy John McCormick | Posted 2006-02-07 Email Print
Leaving your company's top technology post unfilled is risky—especially in the Sarbox era.
Corporate America just ended its second year under Sarbanes-Oxley regulations, which, among other mandates, requires corporations to keep, secure and document the controls they use in their financial reporting.
Last month, across America, auditors were finishing up their work for 2005. So, it's too early to tell how many companies failed to meet their SarbOx obligations.
For 2004, however, corporate-rating service Moody's Investors Service did a count and found that about 5% of the companies it had been watching fell short of the government's financial requirements. Among them: BearingPoint, the subject of this month's cover story.
An interesting side note to the story is that the company's chief information officer, Thomas Wilde, resigned at the end of last year to pursue other interests. And the company, says a spokesman, has not made "a determination on how that position will be handled going forward."
But while companies certainly can get by for a while without a chief information officer, it's probably not a good idea these days for BearingPoint or any other company to leave the post vacant for any extended period of time.
"Business processes continue to become more and more dependent on technology embedded within them for timely, comprehensive and accurate execution," states a report on information-technology risks and controls put out by Protiviti, a firm that specializes in business and technology risk consulting services. "The financial reporting process, as well as processes that accept, record, accumulate, summarize and report the transactions underlying financial reporting in most, if not all, companies, are accomplished with computers, programs, and other technology-related equipment and software."
And, as companies move ahead, they'll need even stronger technology leadership to make sure their SarbOx processes are as effective—and efficient—as they can be.
Big companies spent an average of about $15 million on their compliance efforts in 2004, according to the Securities and Exchange Commission. And while similar numbers aren't yet available for last year, experts who study this area, such as French Caldwell, a research vice president at Gartner, say corporations spent just as much last year on compliance as they did the year before. That kind of spending, Caldwell says, simply isn't sustainable for most companies.
Corporations will need to streamline corporate governance. And for many companies, that will mean looking for ways to automate controls—deploying technologies to better monitor and inspect transactions and to better manage the documentation process.
Corporate CIOs, according to Gartner, also will need to work with other managers to track regulatory developments and develop compliance and corporate governance best practices.
"You need to have the appropriate management to both drive and direct the investment that helps support the business," says Jeffrey Weber, a managing director at Protiviti. "It's absolutely critical to have the CIO position integrally involved."
CIO, by definition, is a C-level executive, Weber says, and carries corporate weight that an information-technology director doesn't.
Robert Half Technology doesn't track the length of CIO vacancies, but division director Jeff Markham, who's been in the business for a decade, says the time companies leave the top tech spot open has been decreasing—and he says one reason is SarbOx concerns. "It's a factor," he says, "a serious factor."
There are other reasons beside SarbOx as to why the CIO role is taking on more importance—such as the continued move by most corporations to become increasingly digital and more virtual—but few things get a CEO's attention more than financial reporting and controls.
For all these reasons, a fully engaged, C-level information chief is increasingly vital to the health and well being of corporations. Any company that tries to get by for any amount of time without a CIO does so at its own risk.