A holistic approach to governance and policy creation
Michael Lam
02/06/2007

Today, more than ever, IT executives are faced with the complex task of having to watertight plans for their company's IT investments. Not only must their plans be able to communicate how IT will help the business meet its goals, they must also be flexible enough to adjust to an evolving and competitive landscape.

With corporate and IT governance intimately intertwined nowadays, IT executives are often faced with increased scrutiny to provide greater visibility in their portfolio. Besides the need to work within constraints such as limited financer, infrastructure and human resources support, they must also ensure on the delivery of increased business value at the same time. 'More for less' is still the mantra.

Inexperienced C-level management leads to loopholes

At a time when C-level management are faced with criminal charges for violating corporate governance mandates, the need to better oversee IT investments at the board level has never been greater. Despite the fact that IT investments represent more than 50 percent of capital expenditure in many companies, only a six percent of US publicly traded companies operate IT oversight committees.

Such weak governance has led to recent cases such as Disney writing-off US$878 million due to poor investment decisions by its Internet division. Similarly, Kmart wrote off US$130 million for its supply chain hardware and software investments. Gateway also disposed of US$143 million worth IT investments that no longer met with the company's strategy.

Little appreciation of corporate governance in Asia

Even more than their US counterparts, Asia based companies have a lower level of awareness and appreciation for IT and corporate governance. In fact, poor corporate governance has been widely viewed as one of the structural weaknesses responsible for the damage caused by the Asian crisis a decade ago.

This was especially the case for family-owned businesses, where owners would pursue their private interest at the expense of minority shareholders or profits.

Rightful owners of corporate governance

So who would be the best gatekeeper of IT governance in a company? Normally, companies without a board-level technology committee will refer the review of IT investments to the audit committee. Comprising of experts from finance, accounting and auditing, this team sometimes do not possess the depth of IT know-how that is needed for sufficient understanding of strategic IT issues.

On the other hand, an all-IT technology committee would also be exposed to a lack of knowledge on return on investment (ROI), total cost of ownership (TCO) and other related concepts that a business specialist would be familiar with.

According to a survey conducted by the National Association of Directors based in US, the most pressing concerns for boards of directors include CEO relations and succession, corporate performance and valuation, accountability systems, strategic planning and risk. The fact that almost all these issues, with the exception of CEO succession, touches on IT, already suggests the value of proper IT governance within a company.

As such, it is paramount that IT governance is taken care of by a team that is well-versed in all areas of the business, including members of the board, the management team, IT managers and other talents from the auditing team.

Tactical governance strategy and policy creation

That said, a lot of companies are still not adhering to a holistic approach to governance and policy creation due to a lack of government regulations and jurisdiction, especially in Asia.

Today, only key regulations such as the Sarbanes-Oxley Act (SOX) have been driving the compliance of proper governance in mostly US-based companies and its Canadian and Japanese counterparts, the CSOX and JSOX respectively.

Despite this, we have yet reached a stage whereby compliance is being upheld in each and every country. Except for the ones that deal closely with North America and Japan, most companies would have a lesser possibility of abiding the rules. Besides the lack of jurisdiction, the lack of knowledge on the importance of proper governance and its severe consequences may also be the cause of this trend.

The right approach to IT governance

There are many existing frameworks developed to guide the implementation of information technology governance. Some examples would be like the VAL IT, Control Objectives for Information and related Technology (COBIT) and the Information Technology Infrastructure Library (ITIL), which have all become increasingly popular especially after the Enron scandal and the introduction of SOX.

Designed to support businesses in achieving quality and value, such frameworks have been mapped out to provide a set of best practices and procedures in IT governance and auditing. That said, organizations should make full use of them by evaluating their merits and incorporate them where possible. It would also be crucial for the senior management to be actively involved in this process to ensure success.

During the evaluation, companies are advised to measure the cost of any new implementations that they are considering. By doing so, they will then be able to tell if the implementation is worth the effort in terms of ROI.

Subsequently, the company should move on to adopt a systematic testing approach to ensure that the implementation is workable, and that it has met up with all critical business requirements.

There are many tools available to help organisations achieve these objectives. For both situations, companies can actually leverage on Compuware's Changepoint and CARS (Compuware Application Reliability Solution) respectively.

By adopting the two solutions in tandem, companies will be able to follow a methodology to help them justify any new IT deployments and allow for better adhering to corporate governance regulations.

- Michael Lam is Managing Director of Asia South, Compuware.

advertisement