Thought for the day:Stopping the scandals

IT governance expert Paul Williams looks at a hot issue of the day.Recent alleged accounting and financial reporting scandals at...

IT governance expert Paul Williams looks at a hot issue of the day.Recent alleged accounting and financial reporting scandals at US companies including Enron, WorldCom, Xerox, and now AOL Time Warner have contributed to the greatest fall in stock market values and investor confidence that we have seen for a great many years.

These cases and others have led to allegations of failures in corporate governance and oversight. Only time and detailed forensic investigations will tell us how these problems really occurred and to what extent the boards and their external advisers were really aware of the underlying issues.

But what has this got to do with the world of information technology? Surely these were just accounting and corporate governance issues with no relevance to the governance of IT?

It would be unfortunate if this were to be the perception. There is, of course, a danger that the messages of strong IT governance may seem to be trivialised and sidelined in the light of what may be seen as failures of corporate governance at the highest levels.

This would be understandable but wrong. These cases perhaps underline even more fundamentally the need for effective governance of IT. Perhaps, if anything, these recent events move the emphasis of IT very firmly from the T to the I - information. This would not be a bad thing.

In complex business models such as those allegedly employed by, for example, Enron, where the business transactions became ever more difficult to understand, it is particularly important that those charged with governance responsibilities have access to the right information and that they understand what it all means.

Information technology has a clear role to play in this. It is the IT systems that process, analyse and deliver the information. It is the controls exercised over that information as it moves from raw transaction data to fully analysed and summarised reported information that will help ensure its propriety, its accuracy, its completeness and, therefore, its reliability.

In my many years' experience as an IT risk consultant and IT auditor, it never ceased to amaze me how the concept of control, which to me seemed so fundamental, is often addressed as an afterthought, if at all, in the specification of systems.

Therefore how do those with the higher-level governance or oversight responsibilities satisfy themselves that the information presented to them is complete and accurate?

The simple answer is that generally they don't even ask the question. They often make assumptions or are ignorant of the fact that the management information presented to them may not be totally complete or reliable.

Perhaps these recent events will cause them to seek positive assurance on the continued reliability of key management information. Not only are they being told the truth but, equally important, is it the whole truth?

Such assurance is an essential prerequisite for them to discharge their governance responsibilities properly. IT governance in all its components should remain firmly on the corporate agenda.

What's your view?
Can IT help clean up corporate behaviour? Tell us in an e-mail >> reserves the right to edit and publish answers on the Web site. Please state if your answer is not for publication.

Paul Williams is an independent consultant specialising in IT governance, IT due diligence and project risk management. He can be contacted at mailto:[email protected] .

Click here to read a fuller version of this article

Read more on IT governance