Safeguarding the Data

Safeguarding the Data

Let's talk about information technology. Do you believe CIOs have a particular obligation in this regard?

SEKAR: I think the issue that CIOs and people in technology face today is how to determine their roles as guardians and keepers of data. What data gets recorded? A lot of the time, actions get recorded, but the policy that drives those actions are hidden from any of the views of most of the people who are in charge of simply looking at the data or guaranteeing it.

Bart Bolton Bart Bolton Former CIO at Digital Equipment Corp., and an IT leadership facilitator for the Society for Information Management and various IT organizations.

BOLTON: Technology gives you a new capability to do something illegal. Go back and look at who's been making the initial profits on the Internet. It has been the pornographers, right? And you better believe that criminal organizations are some of the first users and adopters of this technology. They certainly were with the telegraph. It was about getting the results of the horse race to the guy before the bets were closed. Now, what is wireless going to do to us? What is a GPS system going to do?

ROBBINS: Technology systems, I believe, are mirrors of the organizations and the people who built these systems. Often, we may point to the mirror and say the mirror is the problem. But in the end, we're the ones who need to address the issue because it's essentially a people problem and not a systems problem.

Well, let's say if a CIO, the keeper and distributor of a company's data, notices quite by accident that the data itself is corrupt, or has reason to suspect fraud on the part of the CFO. Does the CIO have an obligation to speak out, or should there be companywide policies drawn up to spell things out?

ROBBINS: One of the big conundrums is the quarterly reporting of financial data. All of us in IT know that a good project takes far longer than three months to roll out. They're often nine-month cycles, they're often 18-month cycles. In fact, product development can take 36 months. How do you gauge accurately the health of a corporation when, in fact, you've got these 90-day cycles and at least for the last month in that cycle, there's a lot of reporting and summarization, and two weeks after the quarter you've got a lot to do? So you lose about half of the quarter just gathering this metric, which I believe is a false metric. But that metric, false or otherwise, has just driven a great deal of policy and adjustment in IT. It causes IT people to focus on a metric that doesn't reflect the health of the corporation and triggers a lot of problems.

Mike McCracken Mike Mccracken President of Tatum CFO Partners LLP, a national partnership of career CFOs that provides CFO services to companies.

McCRACKEN: I think some of this comes down, perhaps, to a redefinition of the CIO's role, a redefinition of who you report to. Where the CIO reports does have a bearing on the ethical aspects of business and who is accountable. If the CIO is, in fact, only expected to be the keeper of the data and is not responsible all the way through the financial reporting aspect of it, then there's a different level of built-in responsibility that's left up to the CFO. Is the CIO reporting through the CFO? Should he or she be? Should you have a check and balance?

A discussion of ethics could become a discussion of internal controls, as they have a very strong bearing on what the financial results will actually be. Is the correct data being accumulated? Who's making the final call as to how it all gets reported and what information is shared?

ROBBINS: Mike, are you saying that if the CIO is reporting to the CFO, there's less of a check and balance than if the IT organization were an independent function?

McCRACKEN: Absolutely.

Malka Treuhaft CIO of the Centre Group, the insurance-based finance arm of the Worldwide Zurich Financial Services Group.

TREUHAFT: I disagree. I really do not think the question of ethics in an organization should have anything to do with whom you report to. I think that at the end of the day it's about every individual and how honest they are about what they do and what they're asked to do. I mean, I don't care if I report to the chairman, the CFO or the COO, I think that if somebody asks me a question and says, "What are your thoughts on this, what are the final results on that, what are the finances on this," I should be able to come forth with the same result regardless of who that individual is. On the other hand, if there's a discomfort in doing that, then there's an integral problem in the organization because then people don't feel comfortable being honest, and I think that's the true crux of the whole issue.

This article was originally published on 08-13-2002
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.