Comment: IT takes governing role

In this post-Enron, post-Worldcom, post-Andersen world in which we live, it is a fair bet that issues of corporate governance will become increasingly important to UK blue-chips.

But is anyone in IT actually preparing for this? Perhaps more to the point, does anyone in IT have the faintest idea what it's all about?

The trouble with corporate governance is that it sounds so incredibly dull, and if you are wrestling with fulfilling some particularly painful service-level agreements, it's going to be the last thing on your mind.

But times they are a changing, and as various experts debate just how strict to make UK corporate governance codes, now is the perfect time to get your house in order.

In brief, rules of corporate governance are designed to protect shareholders and others against incompetence and corruption, placing responsibility firmly on the board. Directors are required to take measures to ensure that the internal processes and procedures of their businesses are in good shape to safeguard long-term value for shareholders. And to fulfil that obligation, corporate IT systems will play a leading role.

In the past few years IT has become increasingly important to companies, and this is beginning to be recognised by financial institutions - we have seen moves to class IT as an intangible asset to reflect the value of corporate databases. Meanwhile, e-business and electronic marketing initiatives are also becoming inextricably linked to company profit margins.

Clearly, good risk management in IT is essential for good corporate governance - the Turnbull code for corporate governance, which came into effect in 2002, calls for firms to have systems for managing risk that can be audited, and to disclose details in their annual reports. And this brings us to dull-but-worthy standards such as the BS7799 accreditation for security processes, which ensures a systematic analysis of firms' internal processes.

The fact that only 80 UK firms have bothered to comply with BS7799 shows how little some companies are doing to ensure good corporate governance.

Part of the problem may be the oft-cited communications gap between boards and IT departments. Boards may recognise where the biggest risks lie, but IT departments often look at things in purely technical terms. This can lead to problems in reducing risks and ensuring that valuable data is protected. It is important that firms set up an internal audit procedure to ensure that they are fulfiling their obligations under the Turnbull code, and other regulations. At the same time IT managers must ensure they are fully consulted over what needs to be done to satisfy the code, and this will involve getting the support of the chief executive.

As the economic slowdown continues, there are some very angry shareholders out there who are looking for an opportunity to blame someone for their dwindling investments.

IT directors are likely to sit up and listen when the first of their number is ousted for failing to implement adequate security procedures and bringing down their firm's share price. The smart ones will put things right before it comes to that.

Have your say: reply to IT Week

More IT Week Comments