The Buck Stops Where

CIOs traditionally have not felt responsible for the way financial information is recorded. In the mind of most, that responsibility has been the province of the CFO and the auditors who validate the data. Still, some CIOs and analysts see in the financial maelstrom of last year a warning for CIOs to become more proactive in delivering operational information to senior management more frequently to ensure faster and more accurate decision-making.

Allen Brown, CEO and president of The Open Group, says in the new environment the CIO needs to be able to define and describe the risks, and then mitigate them. In short, CIOs can move to keep CEOs out of jail by drawing on the combined expertise of insurers, auditors, standards development organisations, the legal community and vendors to develop information systems that make a difference.

"A likely scenario is that stakeholders and stockholders will try to hold company directors liable for technology failures that cause substantial losses," notes Brown. "They will feel the effects of catastrophic losses in their portfolios and their pension funds and point to CEOs as the accountable party. CEOs will, in turn, take aim at their CIOs for not taking sufficient precautionary measures to protect the company's assets.

"Another likely scenario is that company directors could face criminal penalties in the future if their company collapses as a result of not being sufficiently diligent in protecting their infrastructure," Brown says.

David Landy, a partner in law firm Clayton Utz, points out there are now civil penalty provisions in the Corporations Act that make it easier for the Australian Securities and Investments Commission (ASIC) to act against directors because the level of burden of proof has been lowered. Now too, the obligation relating to continuous disclosure is on the company rather than an individual.

"If you breach the listing rules you've breached the Corporations Act," Landy says. "The person responsible is the company, but now if you commit an offence there's these extended provisions if you aided, abetted or were knowingly involved [in these] sorts of offences. So there could be arguments that if you didn't have proper systems in place, the directors or other officers may be held responsible for the company's breach."

CIOs should take careful note, and remain keenly aware, that in any accounting scandals of the future, fingers of blame may well be pointed their way unless they take steps to avoid that risk.

Whatever the quality of accounting information systems within Enron or HIH, businesses fail because expenditures exceed revenues despite the efficiency of the measurement and audit systems, says Professor Geoffrey George, director, International Programs at the School of Accounting and Finance, Faculty of Business and Law at Victoria University, Melbourne. In the cases of both Enron and HIH it appears that the accounting reports, attested to by the auditors, were incomplete, misleading or both.

"Accounting information systems are believed to be central to the success - and failure - of enterprises," says George. "The construction of accounting reports and the attestation to the Â'truth and fairness' of such reports by Â'independent' auditors are integral parts of the credibility of enterprises in any society.

"If accounting systems mislead information users or fail to relate the whole story, and if the audit of such systems fails to remedy misleading or partial information, then losses will be suffered by anyone who deals with such organisations."