Damage Control

Continuing fallout from the "Enron effect" hits CIOs where it hurts the most

Hardly a day passes without more bad news about inadequate or improper corporate financial reporting and the implications for C-level executives held responsible for accounting errors and falsehoods. As investor confidence in financial statements wanes and the stock market crisis expands, government agencies and businesses are expecting IT departments to help them clean house and deliver accurate and timely information from strategic back-office applications.

In Gartner Inc.'s CIO Alert, "The 'Enron Effect' Makes a CIO's Job Tougher — Action Should Be Taken Now" (June 12, 2002), Gartner vice president and research director Diane Tunick Morello urges CIOs to be proactive in retaining control of their IT realms even as corporate empires collapse around them. The fall of Enron Corp. and others like it could have "significant repercussions on CIOs' spheres of influence in governance, sourcing, systems, and people," according to Morello.

"CIOs who are not ready with contingency plans will face IT project disruption and unplanned cost increases," says Morello. "CIOs are going to be caught between trying to prove the value of IT and trying to boost their own credibility at a time when systems are becoming complex, chaotic, and risky."

On June 28, the U.S. Securities and Exchange Commission (SEC) published a list of the 945 largest publicly traded companies subject to new accountability requirements under SEC Order 4-460. CEOs and CFOs of these companies must certify in writing and under oath that their companies' most recent reports are complete and accurate. Any executives caught making false certifications will be held personally liable for the discrepancies.

This SEC ruling applies to all companies reporting revenues exceeding $1.2 billion, such as Intel, Microsoft, Oracle, and a host of others across a wide range of industries. The SEC is considering many other reporting requirements as well (see "Fast Company," News & Analysis, July 26, 2002). When CEOs have to put their personal fortunes on the line, you can bet that they'll be turning up the heat in their IT departments to make sure they're getting the right information for their sworn statements.

Gartner recommends CIOs cover the bases on everything from relationships with external service providers (ESPs) to IT department ethics audits. In addition, IT leaders had better be on the ball when it comes to ensuring that enterprise systems are ready for the onslaught of detailed reports required in the current climate of intensified scrutiny.

Gartner surmises that many organizations have kept legacy, back-office accounting and finance systems limping along through Y2K retrofits from 1999 and earlier. However, most of these systems are ill-equipped to handle the "frequent and detailed financial reporting" tasks that will now be necessary as companies try to restore investor trust and prepare for the inevitable strict new regulations. CIOs should anticipate heightened demand for financial data and conduct readiness assessments, according to Gartner.

"CIOs must begin to work with business-unit managers, internal audit departments, and IT staff members to review back-end systems and to assess their readiness for more-stringent financial reporting," says Morello. "If the readiness assessment highlights problems, CIOs should establish alternative strategies — such as enhancing systems or bringing forward an ERP implementation — and cost them out at a high level."

While a number of ERP vendors have financial applications that can accommodate expanded real-time reporting, companies already using such products may have problems with "feeder systems that pass financial transactions to ERP systems," according to Gartner. The feeder systems may not transfer the right information, or may transmit data in batch updates that aren't frequent enough to satisfy accelerated reporting needs.

The quest for accountability extends to the public sector too, as demonstrated by the high-profile Oracle contract scandal in April-May 2002, which led to the downfall of the California Department of Information Technology (DOIT) and its beleaguered CIO Elias Cortez. Legislative hearings raised questions about Oracle's campaign contributions and the DOIT's methods for awarding contracts. Agencies, companies, and CIOs would do well to follow Gartner's guidelines for handling ESP activity, such as identifying conflict-of-interest areas and monitoring who's working on IT projects.

"CIOs should ensure that IT projects retain clear separation between advice and execution," says Morello. "For example, ESPs that are used in a software or hardware evaluation should not be used for the implementation."

— Claudia Willen

In this Issue: