While some IT organizations have benefited from IT Governance, a recent roundtable held in Calgary turned up plenty of evidence that some CIOs put it on a par with kicking bricks in their bare feet.
Co-hosted by the Calgary Chapter of the Canadian Information Processing Society (CIPS), PricewaterhouseCoopers and RIS, the roundtable was one in a series of such events that have taken place across the country over the past two years.
A key conclusion of the roundtable was that now, five years after the introduction of Sarbanes Oxley, countless compliance audits and exercises have cost IT organizations frustration, inefficiencies and time. Perhaps the only upside to the whole exercise has been that IT and business people have communicated much more, and now have a better understanding of one another’s importance.
The following comments are indicative of the level of frustration felt by some of the panelists:
“Warning…auditors don’t get IT, and if you’re not careful they’ll impose controls that make no sense. It’s crazy what they’re asking us to do.”
“The whole process has made us less efficient, in part because of separation of duties. I don’t know that it’s done anything for quality.”
“I think organizations like CIPS should be part of that [general pushback against governance]. Organizations should say no…these are silly rules.”
“Our controller said that even if Enron was SOX compliant, its meltdown would have still happened.”
About half the participants had had direct exposure with governance frameworks such as ITIL and COBIT. Two represented companies that were mandated to be SOX compliant, while three organizations have to comply with multiple regulatory agencies.
IT executive panelists included Agrium’s George Hollinger, Newalta’s Dennis Kalma, TransAlta’s Parviz Mohamed, TransCanada Pipelines’s Alex Pochmursky, Trimac’s Janet Topic, Atco’s Maria Wan, City of Calgary’s Ingy Randhawa, Calgary Board of Education’s Cindy Siebel, and Southern Alberta Institute of Technology’s Peter Kehler.
The proceedings document can be found at www.risglobal.com/EventOverview.html.