Ever since the Enron scandal broke, the IT industry has been mulling its accounting practices. Maybe it’s no wonder, then, that accountants would turn their attention to IT.
The Canadian Institute of Chartered Accountants (CICA) Wednesday released a publication designed for the board of
directors in an enterprise company. Called “”20 Questions Directors Should Ask About IT,”” it’s a 14-page document that tries to give senior decision-makers a framework in which to feel comfortable discussing technology strategies. The CICA says it wanted to offer something for “”generalists”” — people who need to be involved in IT but can’t keep pace with its changes.
You don’t hear the term “”generalist”” much anymore. When personal computers became common in the late 1980s, the world was still divided between the geeks and the “”normal”” people — people who turned to technology only if absolutely necessary, never for its own sake. Those walls were broken down somewhat as PCs became (a little) easier to use, and the popularity of e-mail gave consumers a good reason to turn to their desktops every day. At this point, a culture shift occurred in which it was no longer fashionable to be completely ignorant of IT. The idea of a generalist who had no knowledge of search engines, online shopping or how to print became a euphemism for luddite. That’s partially because the triumph of technology became the preeminent business story of the 1990s, just as its struggles are the hot topic of this new decade. When 20-year-old upstarts became dot-com millionaires, many board members no doubt realized they had a lot of catching up to do. Now that we’re in a downturn, however, putting their head back in the sand is not an option.
The question is how far their heads ever came out of the sand. With only a cursory reading of Fortune, Forbes or the technology section of a daily paper, it would have been possible to pick up enough jargon to avoid embarrassment in a board meeting and pass yourself off like an armchair IT manager at parties. With return-on-investment pressures what they are today, that’s no longer possible.
With that in mind, the CICA’s document does a remarkably comprehensive job of covering all the bases. The 20 questions are grouped into three main areas — strategic issues, internal control issues and risk issues — which provide an excellent means of prioritizing the discussion. These broad topics are further categorized into the factors and metrics that need to be considered, like personnel, performance, governance and availability. Many of the questions themselves elicit “”yes”” or “”no”” responses, but several others are first-rate. “”How has management ensured that it has identified the required technology expertise and how is top talent attracted and retained?”” asks one. “”What is management doing to ensure that employees are aware of, and are in compliance with, the company’s information and security policies?”” goes another. These may sound deceptively simple, but if more enterprises had tackled them earlier, we would not be hearing about the customer relationship management challenges and other IT project-related nightmares that are becoming so common.
One of the most difficult parts of planning an IT project is getting management on side. Many board members are no doubt overwhelmed by the technical details, but a mixture of fear and resentment probably keeps them from asking something stupid. On the flip side, IT people often find themselves blamed when they are given mixed signals from management.
It has taken the accounting industry to develop a checklist that intelligently phrase the questions that could organize a productive planning session, and the CICA is to be commended. Smart IT managers will read these questions too, and develop answers for them before they enter the boardroom. Finally, a way to get specifics about a field in which nothing is general.