Business scandals put IT on the spot

As business leaders are indicted in the US for massive frauds that brought down seemingly indestructible companies, Nick Huber...

As business leaders are indicted in the US for massive frauds that brought down seemingly indestructible companies, Nick Huber looks at how the fall-out is affecting UK investors' expectations of IT.

The high-profile bankruptcies of Enron and WorldCom rocked the global economy and focused managerial minds on the need for robust corporate governance.

So far investor and regulator concerns have centred largely on dubious accounting methods and lavish executive share options. But industry experts have begun to warn that the performance of corporate IT systems and the success of large-scale technology projects will come under greater investor scrutiny over the next few years.

The warning is a stark one. As business becomes more dependent on complex technology - and more vulnerable when it goes wrong - IT-literate investors may withhold crucial funds if a company's technology is deemed a risk.

"Over the next five years IT is going to become even more critical to the performance of a company and as an indication of its health," said Martyn Emery, director of Nordic operations at professional services company Cresta Trading and formerly head of the Y2K consultancy, Corporation 2000.

"If a company is late in delivering major IT projects the investment community needs to [know] this. The goal is to make the chief information officer more accountable to the investment community," he said.

Investor scrutiny will focus on two main areas, he said - the smooth delivery of major IT projects and the efficiency of systems supporting business-critical operations. These systems could include software for enterprise resource planning, customer relationship management and Web services. Their performance can be judged by monitoring technology - software that gives an overview of a company's IT systems and projects, producing a percentage score according to criteria set by the user.

Investors could, for instance, check the performance of multimedia servers, which are used to allow mobile phone users to exchange pictures. Investors could log-on to telecoms service providers' Web sites and check how long it takes to register for new services.

Examples of troubled IT projects denting company profits and share prices have also become more common. Last month, for example, chemical giant ICI said the failure of a new supply chain management system had contributed to a 38% fall in profits in its Quest food business.

The banking industry faces some additional corporate governance targets, in the shape of the New Basel Capital Accord. The accord, an updated global code of conduct for risk management, is due to come into force in 2005. Industry analysts have already warned that it could present a more expensive compliance burden for the banking industry than Y2K. It requires banks to link databases and reporting systems to improve management information, and ensure that historical records are in order.

All of this will entail a change in work culture for IT managers. Although they are already under intense pressure to demonstrate how IT can cut costs, boost profits and reduce risk for the business, most IT managers will not be used to having to argue their corner with fund managers and other big-hitter institutional investors.

And while investors will normally check the robustness of a potential target's IT systems during due diligence, the performance of corporate IT systems has held a fairly low-profile on money markets - until now.

In some industries IT directors already have experience of subjecting their budgets to external scrutiny. This is particularly the case in the financial services industry, where strict limits on charges for certain products - most notably stakeholder pensions - have forced firms to rely on IT to reduce administration costs.

"Because of the 1% world, for the past three or four years now analysts have been looking at insurance and focusing much more on our IT systems and technology and whether we are getting the best out of them," said Margaret Smith, director of business technology and delivery at financial services firm Legal & General. Good IT governance lies in ensuring that IT and business are dovetailed, she said.

But in many industries this is easier said than done. In the meantime jittery corporate investors will demand clear answers from company boards and their IT departments.

Corporate governance and IT
IT should be integral to any corporate governance strategy. Corporate governance aims to make companies manage risks to their business in a more systematic way through stringent internal controls.

Under the Combined Code regulations companies are liable if they do not assess the business risks of systems. This includes ensuring effective information security management and business continuity arrangements, as well as defining the value of IT to the business.

Further information
For more information on IT governance visit: or the IT governance institute,

Next Steps

GRC pros focused on regulatory initiatives 

Read more on Antivirus, firewall and IDS products