Technologies that enhance corporate governance

Even by the standards of the technology boom, the case of Lernout & Hauspie was extraordinary. The South Korean unit of L&H, the then market-leading speech-recognition software supplier, reported brisk business in early 2000. Too brisk, perhaps. Revenue jumped from $97,000 in the first quarter of 1999 to $58.9 million the following year – a rise of more than 6,000%. Not bad, especially considering that the Belgian company’s sales were slipping elsewhere in the world.

But within a few days of the results announcement, the company’s shares dived amid rumours of a sham. Back in Belgium, company chiefs pored over the financial data, but could find no fault with the figures. In fact, they were so convinced that the rumours were wrong that they ordered a costly mid-year audit to clear up the “confusion”. Gaston Bastiaens, then president and chief executive of L&H, said he had no doubt “that the auditors will confirm that during the first two quarters of 2000, L&H Korea had strong revenues and a very solid business base, as already publicly reported.”

The board may have hoped, expected even, that the internal audit would clear the company’s name, but instead it discovered that the head of the Korean unit had booked dozens of bogus deals to earn himself a multi-million dollar bonus. More damningly, the auditors uncovered evidence of an even wider fraud that led to the eventual collapse of the company and the jailing of its founders.

There are many lessons from the L&H story, some obvious, others less so. From an IT perspective, L&H executives in corporate headquarters clearly did not have access to accurate data about Korean sales and did not have the necessary checks and balances in place. This was not just a nadir for corporate governance, it was also a setback for those who championed IT’s ability to give directors so-called 360-degree vision – the ability to oversee all employee actions. Good practice in corporate governance means good practice in handling and monitoring data. After the heady days of the dot-com boom, when it seemed that technology could achieve almost anything, the case of L&H was a reminder of its limits.

Buy me and stay out of jail

For advocates of good corporate governance, things got worse before they got better. Within two years of L&H, the world was reeling from multi-billion dollar frauds perpetrated by executives at Enron, Andersen and WorldCom. Politicians, chastened by the sight of once respected directors being led away by FBI agents in handcuffs, introduced a raft of regulations designed to make companies more accountable and to tackle Wall Street’s various conflicts of interest.

Today, an avalanche of regulations is cascading over businesses. That is true not only in the US, where the post-Enron witch-hunt began, but also in the UK and elsewhere in Europe.

The most pervasive of the new rules are enshrined in the Sarbanes-Oxley Act, perhaps the most important piece of legislation governing public companies since the establishment of the Securities and Exchange Commission (SEC), the US corporate watchdog, in 1934. But there are others too, with names such as Higgs, Basel II and the International Accounting Standards (see box, Corporate governance laws). Other laws may be waiting in the wings. Speculation is mounting, for example, that Brussels wants to follow Washington’s lead and introduce a ‘SarbOx’ of its own for companies listed on European stock markets.

Corporate governance laws

Sarbanes-Oxley Act: Named after two US lawmakers who originally authored rival bills, Sarbanes-Oxley is Washington’s bipartisan response to the wave of corporate scandals that swept through the US in 2002. It is a broad, wide-ranging set of mandates that essentially compel companies listed on US exchanges to revise guidelines for governance committees, put in place disclosure mechanisms and prepare codes of conduct. The two sections receiving greatest attention from IT professionals relate to the documentation of internal systems and processes and the ‘real-time’ disclosure of any material change in a company’s financial condition. In other words, companies must prove they have good business intelligence and must become more transparent. But these sections are two of the mandates that have no specific deadline. UK companies listed in the US want to be exempt from ‘SarbOx’, over fears that they will be hit by a ‘double jeopardy’ rule, subjecting them to two conflicting regulatory regimes at home and abroad.

Basel II: Also known as the New Basel Capital Accord, Basel II is an updated global code of conduct for information risk-management that financial institutions must comply with by the end of 2006. It requires banks to link together disparate databases and reporting systems and update older applications in order to improve management information and ensure that historical records are in order.

IAS 2005: European companies must consolidate their financial reports in agreement with International Accounting Standards (IAS) by 2005 under a European Union directive. The aim is to standardise accounting practices across the region. Companies will have to rethink fundamentally how they measure performance and communicate with the capital markets. That will mean an overhaul of financial applications and business performance management tools and systems.

Higgs: Named after former investment banker Derek Higgs, the Higgs report sets out a code for reform of the boardroom and is due to take effect on 1 July 2003, although delays can be expected as proposals are debated by business leaders and politicians. In its present form, Higgs, among many other things, calls for non-executive directors to satisfy themselves that systems of risk management are robust and effective. Thus, post-Higgs, executives may be forced to look afresh at wider IT governance practices, such as security and business continuity.

 

 

But while the political will is there, the technical challenges may have been underestimated. Improving visibility will not be quick, easy or cheap. Lawmakers might urge companies to keep accurate records and document internal controls, but without a lot of software and a lot of IT integration, not to mention considerable cultural buy-in, much of this will not be possible.

As a key facilitator of the necessary changes, the IT director’s standing may be about to grow. That means corporate governance is at, or near, the top of the IT decision-maker’s agenda again. “It sometimes seems that we worry about little else,” says Kevin Lloyd, chief technology officer of Barclays, the UK bank, which is investing large sums to comply with Basel II. “Corporate governance pervades all we do, and has put such things as architectural conformance and IT strategy in a much more compelling context.”

None of this has been lost on the IT industry, which is desperate for new sources of growth. Leveraging the key role of IT decision-makers, marketers have made ‘Buy my product or go to jail’ the catchiest sales pitch in Silicon Valley. While the SarbOx bounce is far from a re-run of 1999, some suppliers are reporting healthy growth again.

“Gosh, they [the new regulations] have certainly helped,” says Jim Goodnight, CEO of SAS Institute, a business intelligence software supplier where revenue grew by 18% in the first quarter of 2003. SAS is not the only supplier tapping into the opportunity. In the last few months, a steady stream of post-Enron products have been brought to the market, including offerings from Oracle, EMC, PeopleSoft, Documentum, Clearswift, Hyperion, Citicus, Kodak, BoardVantage and Mirror World Technologies. And a variety of conventional technologies, from corporate performance management tools to enterprise resource planning (ERP) software, from document and content management software to email management technology, have been re-badged as a means to enhance corporate governance practices (see box, Technologies that enhance corporate governance).

As always, there is a danger of information overload. It will be up to IT analysts to strike the right balance. But executives need to have a deep understanding of their business and this has pushed the need for dashboards and key performance indicators all the way to the boardroom. As Bill Tueber, chief financial officer of EMC, the storage technology company, says: “Good corporate governance starts at the top.”

No easy thing

Clearly there are limits to the ability of new technologies and regulations to prevent another Enron. “The technology can always be an enabler but it cannot be the ‘be all and end all’. It is not going to change people’s behaviours,” says EMC’s Tueber. Goodnight of SAS agrees. “Technology can certainly make a difference,” he says, “but what Enron was doing, for example, was so complex and well hidden that it may not have shown up [on performance management records].”

Even simple technologies have still to make their mark in many boardrooms. “We are still living in an age when some of our CEOs do not use their computers,” says Goodnight. That is worrying, given the CEO’s central role in corporate governance.

“I think one of the primary impediments to effective oversight by boards of directors has been the CEO’s control of the information they receive,” says Nell Minow, one of the US’s leading campaigners for better corporate governance and the editor of the Corporate Library, a database of corporate information. “Directors who use technology to review documents and developments between board meetings and to stay in direct contact with sub-CEO officers and each other will do a far better job of setting the goals and evaluating progress.” It is a truism that is ignored surprisingly often.

 

Technologies that enhance corporate governance

ERP: The backbone of the corporate IT infrastructure, enterprise resource planning (ERP) software performs a broad set of activities that helps companies manage the important parts of their businesses. Significantly, it gives organisations a consistent financial package across all divisions and subsidiaries. Key suppliers include SAP, PeopleSoft and JD Edwards.

BI: Business intelligence (BI) software increases visibility into company financials, maintains audit trails and gives users the ability to understand the information behind the raw data. Key suppliers include SAS Institute, Cognos, Hyperion and Business Objects.

BPM: Business performance management (BPM) refers to the metrics, processes and systems used to monitor and manage strategy. Many methodologies exist, including scorecards, activity-based costing and ‘economic value added’. Key suppliers include IBM and Staffware.

Content management: Companies can maintain full audit trails of text files, emails, attachments and even video files and scanned-in paper records. Key suppliers include FileNet, Documentum and Vignette.

Records management: Software that enables companies to know which static records to keep, for how long they should be kept, who should be able to access them and what happens at the end of the retention period. Key suppliers include IBM, Documentum and Open Text.

Email management: Software that provides structured storage and retrieval capabilities for electronic mail, according to rules set by the user. Some technologies allow the user to remove emails permanently; others have anti-shredding capabilities. Key suppliers include KVS, Clearswift and EMC.

IRM:A growing sector of IT, post-Enron, investor relationship management (IRM) software creates and maintains governance information on web sites and enables companies to achieve regulatory compliance in minutes. Related technologies produce portals of information that can be accessed by board members and shareholders. Key suppliers include b2i and BoardVantage.

 

The CEO problem may be offset by new regulations that seek to erode his or her power, particularly in those companies where the roles of CEO and chairman are performed by the same person. One outcome of the post-Enron business environment, say management consultants, is that more responsibility for oversight and corporate visibility initiatives will be delegated to subordinates, including heads of IT.

New committees and working alliances will be created, and new roles established. For example, companies may have to appoint a dedicated ‘records czar’, who will help to maintain full audit trails of all business-related documents, whether electronic or paper. As well as integrity, a records czar was one of the things missing at Enron.

In addition, some IT directors will take on a broader role, says Martin Douglas, a KPMG senior manager, because they have such a good understanding of enterprise-wide systems. This has happened at France’s AXA Group, where Claude Cargou was moved from vice president of IT and ebusiness to take charge of corporate governance, as head of group audit. Cargou says the involvement of the head of IT makes sense. “Governance is an IT issue,” he says. “The CIO sometimes needs to say to finance, or even the CEO: ‘If we don’t have a consistent view of the information, these are the consequences’.” Another company that has seized this nettle is Computer Associates, the systems management software company that has been dogged by investigations into its accounting practices. It recently appointed its first ever VP of corporate governance, seemingly to send a message about its determination to reform its business practices.

IT staff will also be key to satisfying shareholders’ desire for greater accountability. For one thing, they can develop portals for investors that carry information about the company’s performance. But there is a flipside. Greater accountability will also increase the pressure on IT directors, since it seems likely that shareholders will identify the progress of large-scale IT projects as one of the things they will study more closely from now on. When news leaked out that a failed SAP implementation at the Dutch subsidiary of chemicals giant ICI had contributed to the parent’s recent profits warning, the head of the Dutch unit was sacked.

Cost of compliance

New roles and management reforms are by no means the biggest obstacles to better corporate governance. Financial directors are drawing in a collective breath at the growing cost of compliance. A recent survey by AMR Research found that 77% of companies are spending far more on IT infrastructure and consulting services as a direct result of Sarbanes-Oxley. In addition, the report revealed that companies are worried about missing key deadlines and may have underestimated the scale of the challenge.

For banks, the IT investment that they have to make in order to comply with Basel II is also significant. Commentators are already comparing the financial burden to complying with Y2K. Some estimates have put Basel II-related costs as high as £100 million for a large financial institution.

KPMG’s Douglas says that, in general, UK companies are being slower to make change to their business processes. “The US does seem more engaged,” he says. In recent weeks, as the September 2003 deadline for compliance with most aspects of the Sarbanes-Oxley Act comes into view, there has been a re-doubling of efforts to at least satisfy minimum requirements. But companies everywhere still need to address general issues of governance and control and get a handle on risk management issues, he says.

At some European companies there is growing evidence not only of foot-dragging, but of outright revolt. In recent months, for example, companies including German carmaker Porsche, UK risk management advisers Benfield Group and Japanese bank Daiwa, have cited the stringent requirements of the Sarbanes-Oxley Act as a reason for backing out of planned share offerings in the US.

But good corporate governance has always meant more than keeping company directors out of jail. The internationally accepted definition, issued in 1999 by the Organisation for Economic Cooperation and Development (OECD), the international development think-tank, is rather long-winded and wordy. But one line, and particularly its last few words, is revealing: “Good corporate governance should provide proper incentives for board and management to pursue objectives that are in the interests of the company and stakeholders and should facilitate effective monitoring, thereby encouraging firms to use resources more efficiently.”

Thus, company directors should look beyond the short-term and view the new regulations as an opportunity, albeit one thrust upon them, to integrate their applications and improve their records gathering and storage policies. After all, a series of surveys by academics over the last few years has found clear evidence of a link between profits and good corporate governance practices.

But even the most optimistic or determined campaigners accept that the message will take years to get through. As if to underline the point, history repeated itself in May 2003. Three years after L&H’s bogus deals, Ixos of Germany admitted that its earnings during calendar 2002 were overstated by EU1 million after a sales person at its Belgian unit forged customer orders.

The fraud is on a smaller scale than L&H, but the story has a sting in its tail: Ixos develops software that helps businesses record and manage contracts and other files. It is unclear whether the disgraced sales person actually used the company’s technology to make the forgeries. But even if he did not, the case serves as a timely reminder that technology can abet as well as prevent corporate scandals, and that ultimately only ethical people, with the right tools, can rehabilitate the private sector.

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics

Compliance
Governance