"Mr Selim replied, 'Can you make it so the data is not retrievable by anyone?' To which I replied, 'I don't know, I could try to do a lower level format, which may or may not work - I'm not a hardware expert'. To which Mr Selim replied, 'Just do whatever you can'."
Brooks also said that Selim also instructed him to change the computer dates so that no one could tell when the data had been erased.
Brooks was given a letter of comfort by the team prosecuting Selim, but whatever the outcome of that case, CIOs need to be aware there is an increasing obligation on all company officers and hence CIOs to keep more and more records. Bennett co-authored a paper with fellow lawyer Ben Stack earlier this year on the need for improved information records management policies. They argue that organizations have to put much greater focus on proper records management. Why? Because, "as courts and regulators increase the severity and frequency with which they sanction organizations for improper information and record management practices, record management must be elevated as a core component of every organization's functions".
The poster child for insolvency and inadequate records management in Australia is HIH. Its information systems were attacked as woefully inadequate by Justice Neville Owen in his 2003 Royal Commission report (see CIO August 2003). With former directors Rodney Adler and Ray Williams now serving jail time, it should send a clear signal to corporations that they need information systems that can alert them to the possibility of financial trouble long before it strikes. It should be at the very top of the corporate governance agenda for every organization. If they do not have that sort of early warning system, they had better make sure that their information records management is up to scratch because the courts are unforgiving towards those companies that are slack over record keeping.
As Bennett and Stack point out, when the liquidators got hold of HIH's company hard drives, laptops and backup tapes, a forensic team was able to restore more than 42 million documents that were analyzed for evidence in the Royal Commission. One database had more than 8000 e-mails deleted the day before the collapse, some of which stretched back to the period before HIH bought FAI. It is proof for doubting executives that you can run from technology but you cannot hide from it.
According to Paul Weston, a partner in the business recovery and insolvency division of Horwath Australia and who has conducted many high-profile administrations including that of the Froggy Group, almost inevitably the companies that do call in administrators, or have them forced upon them, have very poor information systems. "When we are called in, generally the information systems are poorly run. They often have a system that they were told would run the business, but it doesn't," Weston says.
Not that it is generally the fault of the IT staff. The IT department is often provided with insufficient budgets, and the IT budget is one of the first things that gets pared when times do get tough, Weston acknowledges. Then he says a vicious circle kicks in, because the good IT people see the data early, recognize that the company is in trouble, "and the good ones jump ship". The financially troubled company does not replace the staff, and the remaining team is swamped and unable to provide the information reports that might help the business through the crisis. The whole thing goes from bad to worse.
"We don't see over-analysis at our end. If you have too much information then you can usually sift through it to find the fundamentals. But invariably it's the opposite: information is too out of date, or it's inaccurate."
Attack of the Reporting Monster
There are companies, however, that fall into the trap of measuring everything and understanding nothing. There are businesses in danger of being swamped by their systems once they get bitten by the analytics bug. It's not uncommon for an organization to create a reporting monster rather than focusing on the essentials. Just having the data is not enough. There has to be a commonsense analysis of the data.
At a user conference held in Melbourne earlier this year, UK supermarket chain Sainsbury's admitted it had been swamped. Alex Fovargue, the head of customer analytics marketing, said when he joined in 2001, Sainsbury's had 5 terabytes of data stored across 28 nodes and details on eight million customers. But it still found itself planning the coming Christmas promotions without really knowing what the previous Christmas had been like. Fovargue determined quickly what information he needed and discarded the rest.
Most companies would benefit from the business and the CIO sitting down together to work out the eight to 15 KPIs that can be measured and used as a barometer of corporate health. These can then be used to construct a system that can provide management with easy-to-understand amber or red alerts if the company is headed for bother.
Engineering consultancy Parsons Brinckerhoff does just that, with IT and finance working closely together to ensure that the right information reports reach the right people on time. National IT manager Michael McPherson sees his role predominantly as one of creating the computing and communications infrastructure to support the reporting. "The definition of the local data warehouse is a joint effort by me and the financial guru. He then generates the period reports, which are mostly shown as graphs and line charts," McPherson says, although he adds that in the future it may replace that with a Web-like interface to provide easier access to the underlying data.
"This is really about understanding the business parameters in your sector of the economy," McPherson says - which means in Parsons Brinckerhoff's case, a weekly refresh of the key indicators providing management with a seven-day overview of how the business is performing.
Increasingly corporate compliance codes such as Sarbanes-Oxley in the US and CLERP 9 in Australia are encouraging more companies to develop early warning systems. Compliance issues, even for much smaller companies, are starting to affect the quality of financial information systems.
According to Horwath's Weston, the introduction of the GST and the need for companies to submit a regular Business Activity Statement to the Tax Office has prompted some improvement in company record keeping already. "It's still a struggle, but in the main it's better than the pre-GST regime," Weston says.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.