> BUSINESS >
holistic approach to governance and policy creation
Today, more than ever, IT
executives are faced with the complex task of having to watertight plans for
their company's IT investments. Not only must their plans be able to
communicate how IT will help the business meet its goals, they must also be
flexible enough to adjust to an evolving and competitive landscape.
With corporate and IT governance intimately intertwined nowadays, IT
executives are often faced with increased scrutiny to provide greater
visibility in their portfolio. Besides the need to work within constraints
such as limited financer, infrastructure and human resources support, they
must also ensure on the delivery of increased business value at the same
time. 'More for less' is still the mantra.
Inexperienced C-level management leads to loopholes
At a time when C-level management are faced with criminal charges for
violating corporate governance mandates, the need to better oversee IT
investments at the board level has never been greater. Despite the fact that
IT investments represent more than 50 percent of capital expenditure in many
companies, only a six percent of US publicly traded companies operate IT
Such weak governance has led to recent cases such as Disney writing-off
US$878 million due to poor investment decisions by its Internet division.
Similarly, Kmart wrote off US$130 million for its supply chain hardware and
software investments. Gateway also disposed of US$143 million worth IT
investments that no longer met with the company's strategy.
Little appreciation of corporate governance in Asia
Even more than their US counterparts, Asia based companies have a lower
level of awareness and appreciation for IT and corporate governance. In
fact, poor corporate governance has been widely viewed as one of the
structural weaknesses responsible for the damage caused by the Asian crisis
a decade ago.
This was especially the case for family-owned businesses, where owners would
pursue their private interest at the expense of minority shareholders or
Rightful owners of corporate governance
So who would be the best gatekeeper of IT governance in a company?
Normally, companies without a board-level technology committee will refer
the review of IT investments to the audit committee. Comprising of experts
from finance, accounting and auditing, this team sometimes do not possess
the depth of IT know-how that is needed for sufficient understanding of
strategic IT issues.
On the other hand, an all-IT technology committee would also be exposed to a
lack of knowledge on return on investment (ROI), total cost of ownership (TCO)
and other related concepts that a business specialist would be familiar
According to a survey conducted by the National Association of Directors
based in US, the most pressing concerns for boards of directors include CEO
relations and succession, corporate performance and valuation,
accountability systems, strategic planning and risk. The fact that almost
all these issues, with the exception of CEO succession, touches on IT,
already suggests the value of proper IT governance within a company.
As such, it is paramount that IT governance is taken care of by a team that
is well-versed in all areas of the business, including members of the board,
the management team, IT managers and other talents from the auditing team.
Tactical governance strategy and policy creation
That said, a lot of companies are still not adhering to a holistic approach
to governance and policy creation due to a lack of government regulations
and jurisdiction, especially in Asia.
Today, only key regulations such as the Sarbanes-Oxley Act (SOX) have been
driving the compliance of proper governance in mostly US-based companies and
its Canadian and Japanese counterparts, the CSOX and JSOX respectively.
Despite this, we have yet reached a stage whereby compliance is being upheld
in each and every country. Except for the ones that deal closely with North
America and Japan, most companies would have a lesser possibility of abiding
Besides the lack of jurisdiction, the lack of knowledge on the importance of
proper governance and its severe consequences may also be the cause of this
The right approach to IT governance
There are many existing frameworks developed to guide the implementation of
information technology governance. Some examples would be like the VAL IT,
Control Objectives for Information and related Technology (COBIT) and the
Information Technology Infrastructure Library (ITIL), which have all become
increasingly popular especially after the Enron scandal and the introduction
Designed to support businesses in achieving quality and value, such
frameworks have been mapped out to provide a set of best practices and
procedures in IT governance and auditing. That said, organizations should
make full use of them by evaluating their merits and incorporate them where
possible. It would also be crucial for the senior management to be actively
involved in this process to ensure success.
During the evaluation, companies are advised to measure the cost of any new
implementations that they are considering. By doing so, they will then be
able to tell if the implementation is worth the effort in terms of ROI.
Subsequently, the company should move on to adopt a systematic testing
approach to ensure that the implementation is workable, and that it has met
up with all critical business requirements.
There are many tools available to help organisations achieve these
objectives. For both situations, companies can actually leverage on Compuware's Changepoint and CARS (Compuware Application Reliability
By adopting the two solutions in tandem, companies will be able to follow a
methodology to help them justify any new IT deployments and allow for better
adhering to corporate governance regulations.
- Michael Lam is Managing Director of Asia South, Compuware.