Just as we’ve seen in corporate governance and financial reporting in recent years, the landscape of accountability and responsibility in information technology is changing. Rising costs to support existing systems, coupled with a growing number of high profile software glitches, make IT poised to be the next industry to undergo an overhaul in ethics, professional liability and — in a worst case scenario — cumbersome government regulation.
CIOs might well be advised to put their IT house in order before they are legally obliged to do so.TextSuch changes are a foregone conclusion for some, but for others it represents an opportunity to take the right steps today to adapt to the changes, fend off regulation, and establish industry standards themselves. According to a number of industry observers, these steps can be summed up as responsible technology governance.
“Many of the problems we see in IT today, all the so-called computer glitches that we’ve read about, are issues of technology governance,” says Denis Chamberland, Vice President of ABTS, the technology consulting arm of Toronto-based law firm Aird & Berlis.
“Technology itself will run the same way today it did yesterday,” adds Chamberland. “But when a company’s internal practices are not sufficiently robust, that’s often when the technology glitches occur, and that’s a governance issue.”
Toyota’s best practices
Toyota is renowned internationally as a model of efficiency and quality, attributes that permeate throughout the entire organization. Toyota Canada CIO Hao Tien credits these qualities to the role that established and documented best practices play in the company’s technology governance.
“Toyota prides itself on doing business with precision, efficiency and the highest standard of care for our customers,” says Tien. “What allows us to do this is that every system process in the company is documented and laid out as standard procedures based on best practices that have proven successful.”
According to Tien, every change made to an application within Toyota is documented and tracked in real time, a best practice he sees as pivotal to the success of the company’s technology governance.
“We know exactly what the status of a given application is, who has access to change code, and what procedures need to be followed to make changes.”
Every system process in the company is documented and laid out as standard procedures based on best practices that have proven successful.Hao Tien>TextFor most companies, the challenge of implementing a level of governance as sophisticated as Toyota’s will lie in their portfolio of existing, older applications. Legacy systems and often decades-old mainframe applications continue to serve as the technology engine for many industries. But it’s these existing systems that often lack the documentation, reporting or support that’s needed for responsible technology governance.
Pierre Ducros, who co-founded consulting firm DMR in 1973, sees supporting existing applications becoming more and more critical, and costly, to organizations. Particularly affected are large organizations that are most mature in their use of IT, from banking to transportation.
Beyond their lack of documentation or support resources, Ducros also cites traditional attitudes towards existing systems as a challenge that the industry is starting to overcome.
“Traditionally, applications support played second bill to new technology development, but this focus is changing,” he said. “Supporting existing applications will be one of the most important disciplines in IT in the coming years.”
Could IT regulation happen here?
So, with governance and existing applications becoming more important, how realistic is regulation of IT? Will we soon see CIOs in orange jump suits being led into court in handcuffs if a system crashed under their watch? Probably a bit far fetched but according to Nikos Katinakis, Chief Technology Officer with Ericsson Canada and a member of the Board of Directors for the Canadian Advanced Technology Alliance, the decision to regulate or not will boil down to fairly simple criteria.
“If Canadian commerce, trade, or the best interests of Canadians are thought to be threatened by technology glitches and governance issues, the Government will have no choice but to look at regulatory options,” says Katinakis.
Katinakis acknowledges that such regulation would be contentious, a burden on industry and government, and that it may slow the pace of innovation in IT, but these challenges don’t mean that the issue should be ignored.
“It’s probably the last thing industry or government want to do, but regulation is a very real possibility if the IT profession doesn’t take the right steps now. Just look at what’s happened in corporate governance,” he said.
Let SOX be a warning
Perhaps the best example of similar intervention is Sarbanes-Oxley. Passed in the United States in 2002 to prevent another Enron, Worldcom or TYCO, SOX became law in relatively short order following the historic accounting irregularities first coming to public light. Dictating specific requirements for corporate governance and financial reporting, the Act has become a logistical nightmare for many companies trying to comply.
SOX is not an IT regulation. It does not protect consumers against the consequences of software glitches or poor technology governance. But it does show very clearly how quickly governments can act, and how virtually any regulation will have widespread implications for IT.
As technology continues to become critical for the delivery of everything from healthcare to defense, issues of accountability, responsibility and liability will only become more important. And while this importance tends to be underscored by bad news — the software glitches that dominated headlines in 2004, for example — for many the changes mean very good news for the industry.
It means an opportunity to develop standard codes of ethics, accountability and design. It means catching up to other professions such as engineering, medicine, law or accounting. Like a company preparing to go public, or a hockey player being called up to the majors, it means we’re going pro.
Dr. Peter Thompson is President and CEO of RIS, a 400-person IT services firm specializing in Applications Support and Maintenance. For more information visit www.risglobal.com.