CIOs Hold Key to Compliance
Throughout the last two years, finance executives have been at the forefront of the compliance discussion, and with good reason. The regulations of Sarbanes-Oxley (SOX), as well as new laws passed around the world, have had a big impact on how companies run their financial operations.
And while the law may have helped put the public's mind at ease that accounting transgressions were no longer occurring, for most CFOs it also created a new set of headaches in the form of procedures to follow and paperwork to complete.
As the CFO became the poster child for all that was wrong with corporate America and the finance department became the epicenter for the required clean-up work, the role of the CIO in ensuring that an effective compliance framework was in place was not readily apparent.
After all, it wasn't the systems that committed the fraud, it was the people.
Today, however, as internal control environments have been updated or put in place, as processes have been committed to paper, and as areas of risk have been identified, IT systems are now back in the spotlight. And guess who the focus has turned to? That's right, the CIO.
This was to be expected. As the more qualitative aspects of SOX, such as creating "environments," have been implemented, attention is turning to the more quantitative issues, such as data quality and the rapid reporting of material events. In other words, now it's the CIO's turn to squirm.
Many CIOs, however, are not threatened by the emerging focus on the IT systems. Instead, they are actually excited to get back in the game. They've read enough articles about their irrelevance to the organization, and are eager to show the value that systems bring to producing a compliance environment that doesn't just meet the minimum standards, but provides a competitive advantage to the organization.
How, exactly, are they doing this?
One way is to ensure data quality. As CFOs have constructed new control environments to assess risk, they are realizing that the issues lie not so much with the output of the applications that show if they are in compliance, but with the data going into these systems in the first place. And that's an area where the CIO can really impact the business.
Whether it's a home-grown solution or a product from a strategic vendor, CIOs are now turning to extract, transform, and load (ETL) tools that fit the scale and reliability and data quality. More important, ETL is being viewed as part of a holistic reporting, scorecards, analytics and data warehouse strategy to meet compliance requirements and deliver information accountability back to the business.
Now that organizations are making progress creating internal control environments and ensuring data quality as mandated by Section 404 of SOX the focus of line-of-business managers is turning to the next dragon to slay, Section 409, the rapid reporting of material events.
Once the executive management team agrees on what constitutes a "material event" for the business (the law is quite vague on this), attention will turn back to the systems in place today and the CIO.
In many organizations, the operational systems do an adequate job of reporting on the data in their own systems. However, in order to comply with Section 409, more and more CIOs are realizing that they need a more strategic solution that takes into account the dozens of disparate data sources in their organizations.
For this reason, business intelligence and analytics have moved from "nice to have" to strategic investment. CIOs realize that events which affect materiality show up across multiple systems, most of which are not integrated, and they are looking for ways to aggregate this information to get the truest representation of the state of the business back to the CFO.
By using business intelligence across the operational silos of the organization, gaining insight into event materiality becomes a natural output of the financial environment.
Data and information management are the keys to compliance. In a world where the CFO and the CEO must both validate business results and report on material events, the CIO has a new role in the management not only of data and systems, but of the results of the entire organization.
Guy Weismantel and Patrick Morrissey have more than 25 years experience in software, hardware and technology services and have worked with leading companies including IBM, HP, PeopleSoft, Business Objects, Cisco, Manugistics, Sun, Microsoft, Oracle and the usual suspects in consulting and services. They write about business intelligence and performance management issues under the pseudonym "The Performance Guys."