Learning From Disaster | Part One - Under Scrutiny

A report from research firm Gartner points out that the "Enron Effect" is already making the CIO's job tougher. "The fallout from the collapse of Enron will have significant repercussions on CIOs' sphere of influence in governance, sourcing, systems and people. CIOs should take action today to avoid unpleasant surprises," Gartner warns. While Gartner says the Enron Effect manifests itself in various ways, CIOs would do well to especially take note of its warning that "investors and regulators will demand greater transparency in company performance and, hence, in company data deeply buried in systems".

"The size and scope of the Enron failure, coupled with the potential political fallout, means that investors, regulators and government in the United States and around the world will now marshal their forces. Changes will likely emerge in auditing practices, accounting standards and reporting regulations - changes that will require enterprises to disclose more information about their activities and financial status," Gartner says.

We have already seen activity from all corners of the globe confirming Gartner's prediction.

Keith Skinner, chief operating officer Deloitte Touche Tohmatsu, warns the level of accountability demanded of directors - particularly non-executive directors - has already started and will continue to increase quite substantially. Judgments in recent legal cases involving Nick Whitlam at NRMA and Ray Williams and Rodney Adler at HIH make it clear courts today are taking a very different line on their interpretation of what directors should or should not have to do in determining whether a company is meeting its obligations, Skinner says.

"I think it's going to lead to directors requiring a lot better information, which in turn is going to require a lot better systems to support what [directors] are going to require [in order] to independently determine whether a company is fulfilling its responsibilities," he says. "So I think the ante is going up quite substantially and is continuing to do so. There will be a bigger role not just for the CIO - it's hard for him to do it by himself - but I think all of the executives - the CEO, CFO, CIO, COO - are all going to have to, together, really improve a lot of the information systems and the reports that they get."

Good technology cannot overcome unsound financial practices. However, systems that make the financial health of the company more transparent, along with better risk assessment, might. That puts an onus on CIOs to examine closely all business operations and the systems that can keep them on track. While it is not the role of an IT executive to uncover financial fraud, they will have a crucial part to play in keeping companies honest in the future. And it elevates the importance of IT governance to heights so far unrealised in all the debates. (See CIO October for a comprehensive look at IT governance.)Before becoming COO, Skinner was regional Asia-Pacific and Australian head for Deloitte Touche Tohmatsu's corporate reorganisation group, and has spent the past 20 years doing corporate restructuring and insolvency work. He says in all that time, he saw no company with great information systems collapse. In fact, lack of good information systems is a common theme in just about every company that fails.

"I wouldn't go so far as to say an information system causes a company collapse; there has got to be something fundamentally wrong with the business," Skinner says. "But I think it's important to look at a business and look what the real critical performance factors are, what really needs to be measured and monitored, and then make sure you've got systems that are capable of doing that and presenting meaningful reports."

Page Break

The Buck Stops Where

CIOs traditionally have not felt responsible for the way financial information is recorded. In the mind of most, that responsibility has been the province of the CFO and the auditors who validate the data. Still, some CIOs and analysts see in the financial maelstrom of last year a warning for CIOs to become more proactive in delivering operational information to senior management more frequently to ensure faster and more accurate decision-making.

Allen Brown, CEO and president of The Open Group, says in the new environment the CIO needs to be able to define and describe the risks, and then mitigate them. In short, CIOs can move to keep CEOs out of jail by drawing on the combined expertise of insurers, auditors, standards development organisations, the legal community and vendors to develop information systems that make a difference.

"A likely scenario is that stakeholders and stockholders will try to hold company directors liable for technology failures that cause substantial losses," notes Brown. "They will feel the effects of catastrophic losses in their portfolios and their pension funds and point to CEOs as the accountable party. CEOs will, in turn, take aim at their CIOs for not taking sufficient precautionary measures to protect the company's assets.

"Another likely scenario is that company directors could face criminal penalties in the future if their company collapses as a result of not being sufficiently diligent in protecting their infrastructure," Brown says.

David Landy, a partner in law firm Clayton Utz, points out there are now civil penalty provisions in the Corporations Act that make it easier for the Australian Securities and Investments Commission (ASIC) to act against directors because the level of burden of proof has been lowered. Now too, the obligation relating to continuous disclosure is on the company rather than an individual.

"If you breach the listing rules you've breached the Corporations Act," Landy says. "The person responsible is the company, but now if you commit an offence there's these extended provisions if you aided, abetted or were knowingly involved [in these] sorts of offences. So there could be arguments that if you didn't have proper systems in place, the directors or other officers may be held responsible for the company's breach."

CIOs should take careful note, and remain keenly aware, that in any accounting scandals of the future, fingers of blame may well be pointed their way unless they take steps to avoid that risk.

Whatever the quality of accounting information systems within Enron or HIH, businesses fail because expenditures exceed revenues despite the efficiency of the measurement and audit systems, says Professor Geoffrey George, director, International Programs at the School of Accounting and Finance, Faculty of Business and Law at Victoria University, Melbourne. In the cases of both Enron and HIH it appears that the accounting reports, attested to by the auditors, were incomplete, misleading or both.

"Accounting information systems are believed to be central to the success - and failure - of enterprises," says George. "The construction of accounting reports and the attestation to the Â'truth and fairness' of such reports by Â'independent' auditors are integral parts of the credibility of enterprises in any society.

"If accounting systems mislead information users or fail to relate the whole story, and if the audit of such systems fails to remedy misleading or partial information, then losses will be suffered by anyone who deals with such organisations."

Page Break

Tools No Substitute for Planning

One point the corporate collapses illustrate as forcibly as anything that has gone before is that the amount of money invested in IT systems is a very poor determinant of their ultimate value. Take Enron. In April, CIO told the story of how Enron had spent millions to install unused database tools, build massive trading platforms that some say never worked, and pay outside firms to produce work that Enron could easily have done in-house, even as the business as a whole was spinning out of control.

"Enron IT was as cutting edge as it was Byzantine," Scott Berinato reported in "A Tale of Excess and Chaos". "There were plenty of great tools, but there was precious little planning. Any given piece of its technology was likely to be the best in the world - as much as a year ahead of the curve. And it didn't necessarily integrate with systems that it needed to work with."

Having great information systems can only take the company so far. The other side of the story was the way Enron was able to take in the world with its claims to be huge and profitable - claims that were clearly untrue - as the company engaged in what US PBS' Jim Lehrer's NewsHour economics correspondent Paul Solman calls "the fantasy finance game".

"How did Enron manage to fool the world? . . . The key was what you might call Â'accounting alchemy', miraculously turning lead into gold, water into wine, losses into profits, making debts and bad investments or anything they wanted to simply disappear. Or to put it differently, Enron played the all-in-the-family fantasy finance game, manipulating hundreds of subsidiary companies with names out of Star Wars, Jurassic Park [and] medieval Scotland," Solman says.

So on the face of it Enron's profligate IT spending had no clear link to its accounting scandal, even though several experts believe the situation in IT would eventually have caught up with the company. And some experts believe Enron might have found it somewhat harder to get away with finance games had its systems been better integrated.

Oh Captain, My Captain

Questionable partnerships, over-aggressive investments and shady accounting practices top a long list of factors in Enron's downfall. But as they look for lessons from history's biggest bankruptcy, analysts say IT is still failing too many organisations. CIOs should - but rarely do - deliver vital information to CEOs and board-level officers continuously, says Gartner vice president Ken McGee.

"If you provide the captain of a ship real-time GPS [position data] and other information, it will help them determine if a change in course is required," McGee told US Computerworld recently. He contends that there are few if any companies doing an effective job of delivering real-time operational and financial information to executives, since most IT managers have focused on a back-office, service approach.

Certainly the systems at HIH seemingly failed to fit that bill. HIH administrator Tony McGrath, of KPMG, went in to sort out the HIH mess and found an organisation born from a marriage of other insurance companies that was still running up to four separate legacy systems.

"The reality is that like many large organisations, keeping the information flow in an insurance company is very complex," McGrath says. "That's obviously a major issue with all modern business: how do you actually integrate on amalgamation?

"I have to say the CIO and the information people we dealt with at HIH were of an appropriate standard and we still employ most of them, because as you can imagine there are a huge number of projects that need to be completed," McGrath says. "The people that provide leadership for the group provide enormous support to us. But I think you'll find the Royal Commission has brought out in HIH the fact that there wasn't a fully-integrated knowledge of information. That there were, for instance, some things that were done offline that weren't then brought back to the main system."

Page Break

The quality of information systems at Ansett is also under question. A little over a year ago Ansett administrator Mark Mentha told ABC TV's The 7.30 Report that on coming in to sort out the Ansett mess he found "a business that's in great distress. And one that was very unorganised and one that had very little in the way of financial information".

Gary Toomey, CEO of parent company Air New Zealand, agreed, telling 7.30 Report business reporter Alan Kohler: "That's something we've been saying since we've been in there. We've been trying to fix that, but obviously there's a lot of work to be done in respect of the information systems."

Air New Zealand group vice president strategy and planning Andrew David says in part the comments reflect the challenges facing any voluntary administrator during difficult times, particularly when numbers of people hired by the company to provide management information have already walked out the door.

So were the Ansett systems capable of providing the quality of information the company would have needed to better forewarn it against collapse? David prefers to avoid a direct answer but confirms both Air New Zealand's and Ansett's systems needed replacing. Indeed, he says, when Ansett collapsed the two airlines were just days away from having an integrated data centre in Melbourne.

"There was a program of work that was under way to integrate both companies' IT infrastructure, which had actually all but happened. We'd already saved a sizeable sum," he says. "We had quite an extensive integration program under way, and we had a program planned over a three-year period to move to single systems, single business processes right across the two airlines, and we had made significant progress. We'd got single suppliers and were all but ready to turn the switch on one data centre in Melbourne. We were going to turn off our Auckland data centre and we've since had to spend six months breathing life back into the Auckland data centre."

Air New Zealand is now in the process of replacing its own finance, HR and procurement systems with PeopleSoft. David says Ansett would have been following a similar path had it survived.

"What companies want clearly is more information and less data, and that's still a problem here. I'm involved in a project right now to get better focus on key performance indicators and get that information to the right people with integrity. And it's got to be timely information as well. You do need the facts, and you need the facts now, not yesterday. You need to be smart and nimble," David says. (Look for Andrew David's story in a future issue of CIO magazine.)Peter Adams, a lecturer in IT at the School of Information Studies, Charles Sturt University, has other theories about the lessons for CIOs from the Ansett experience. Adams points to research highlighting that the difficulties in managing IT (and the business) increase exponentially as the organisation grows. The bigger the business, he says, the greater the complexity and cost.

"For [Ansett] specifically, each project and section within IT became its own entity with all the political and fiefdom implications," says Adams. "My understanding is they could not produce route-by-route profitabilities from their MIS [department]. This is in contrast to Kendell [Airlines] where we exported data from the financial management systems into fancy Excel spreadsheets our management accountants had designed and had a P&L out within four days of the period end.

"I clearly recall a consultant from the likes of KPMG or Ernst & Young asking me why we didn't implement a system like SAP [which Ansett used] to improve our management reporting . . . I guess the lesson here is big business listens to big name consultants, who often forget it is the quality and timeliness of the information that is important, not the Â'brand' of the package reporting it."

Next - Learning From Disaster | Part Two: Making Information Accountable