Corporate governance may be at the top of the boardroom agenda, but FDs and IT managers have differing views of its significance – and of the impact IT can have on it. This is a key finding from a survey commissioned by Unisys in conjunction with Financial Director and our sister title IT Week. A similar survey last year explored the different approaches to management of IT projects and expenditure and found significant communication problems between the two departments.
To download a Power Point slide show of the corporate governance survey results click here.
Commenting on this year’s findings, Brian Hadfield, managing director of Unisys, says: “I still don’t think (IT and finance) work well enough. It’s as if the IT side has a kind of inferiority complex; they don’t think corporate governance has much to do with them and the bit that pertains to them is just box-ticking. I believe much of what they do is the basis of good corporate governance, whether it’s simple things like providing access to accurate information through web intelligence or data mining, or even business continuity issues. Things are getting better, but there is still a long way to go.”
To find out what progress is being made, we interviewed 200 readers from Financial Director and 200 readers from IT Week, chosen from mid-to-large size organisations, about their awareness and understanding of corporate governance.
An increasing focus on corporate governance could see IT projects taken more seriously, says one respondent, a senior IT manager at a telecoms/utility company: “Governance increases awareness of IT projects and IT as a service, and aligns IT with company requirements.”
A less positive view is taken by an IT manager in the finance, banking and insurance sector. “(IT) is a specialist and professional area, so getting higher levels involved does not mean they can understand or accept what we do,” he says. “Also, there are cost risks. It’s a huge investment in time and people, and it may not produce results that are easily quantifiable.”
Finance and IT managers have both seen an increased focus on governance issues recently. Almost 80% of IT managers and 92% of FDs have seen an increase in corporate governance in their organisations over the past two-to-three years.
Although the respondents agree that shareholder value is the main driving force behind corporate governance, several factors such as customer and insurance requirements and ethical policy also score highly as influences.
One-quarter of respondents believe directors are looking to reduce their own potential personal liability. As one large company finance director put it, “Governance provides us with good business discipline and keeps directors out of jail.”
But while corporate governance is widely perceived as a good thing, there are obstacles to its effective implementation as part of IT management: top of the list is a lack of time, resources and an increase in administrative workload, the main concerns for finance and IT managers. But almost half the respondents from each group also say there is “cultural resistance”, while smaller numbers cited inadequate service level agreements, reduced flexibility within the organisation and an inability to create “meaningful measures”. Clearly, many of these obstacles overlap and are undoubtedly related to each other: ‘time pressures’ may simply be a more acceptable way of describing ‘resistance to change’.
Part of good corporate governance is good risk management. But while IT and finance managers both believe the board understands the potential impact of a major IT systems disruption, a larger number of IT managers (21%) than finance managers (9%) do not believe the board fully understands the potential risks. A similar number of IT managers (26%) believe the board is ill-prepared to deal with the occurrence of a major IT disruption.
It should be noted that most FDs and IT managers are confident with the board’s readiness to respond to IT failure.
IT managers can argue that there are reasons for their cynical view of the board’s attitude toward IT system failure. Only two-thirds of organisations claim they perform a formal risk appraisal before embarking on a major IT project, while an informal appraisal is carried out by just one-third.
A vital part of corporate governance within the IT arena is auditing. Crucially, both departments agree that accountability measures for IT are “unsatisfactory”. This year, the principles and value of auditing the IT function were studied, revealing mixed results. Over two-thirds of all respondents believe that identifying the weakness in current systems is a benefit of IT auditing – the respondents’ most popular choice.
Only 45% of IT managers believe IT auditing helps to improve IT system efficiency, the second most popular choice, compared with 58% of finance managers. Perhaps the IT department believes core systems are running as efficiently as they can, or maybe FDs’ experience of an audit makes them more confident of the positive influence it can have on any particular process.
“Anyone who is not auditing on an internal or external basis regularly is mad,” says Hadfield. “Audit isn’t about telling you what’s right or wrong; it’s about helping you get better. The view of audit has to change – most people think of auditing as box-ticking. Risk assessment in audit helps you define a strategy and focus on minimising areas within the business that have the most exposure.”