A Failure of Strategy

Justice Owen included a number of observations about how a healthy corporate organism would have functioned, and the failings evident at HIH. He found there was no formal or regular strategy planning or process, no proper information flow between management and the board, and inadequate due diligence at the board and senior management level on significant transactions, including the fatal opening of the UK branch, the re-acquisition of CareAmerica, the FAI acquisition and the Allianz joint venture.

"The significance of IT to all of this is the potential for IT to address these governance failings," Catalyst Consulting director Chris Dellit wrote in an article for Software Engineering Australia's (SEA) Software journal (October 2002). "IT systems which track strategy implementation are linked to key performance indicators and verified data contained in secure environments or data warehouses can be used at board and senior management levels to assure governors that strategy is on track, major risks are covered or the reverse but on a timely basis.

"Similarly, greater accountability of management can also be assisted by well-designed delegations, reporting templates and automated reporting systems with built-in prompts which the IT function can customise to the needs and capabilities of the particular board and senior management team."

IT can help the board in their deliberation over significant transactions by providing preliminary questionnaires and risk algorithms which present an objective overview of the proposal and its risks to the strategy team, Dellit says. Knowledge management systems can also provide directors with tags on key data or information used to base a proposal under a review.

"While none of this monitoring function requires IT, the broad sourcing and distribution of key data, dispersed business unit locations and the need for timely reporting and aggregation of data may see a burst of activity among software developers to meet a growing market for governance dashboards or platforms to enable governors to track the performance of their organisations against sensible benchmarks and to more actively engage with the senior management team," says Dellit.

Forensic Evidence

Meanwhile, having assisted the commission in the use of forensics to retrieve data, e-Law director Allison Stanfield says a further useful lesson can be drawn from the number of e-mails that were produced in evidence which the directors might have been forgiven for thinking were dead and buried. (For a closer look at this issue, see "When Documents Rise from the Grave", page 94.)

"I think a lot of the senior executives, particularly in FAI, didn't give credence to the thought that everything that they wrote was in fact there, it was backed up, it could be produced in evidence five years later. Careful thought should be given to anything that is in writing, and really all dealings should be done honestly, and with a view that if something is reviewed in five, 10 years time, however long it might be, that whoever is writing [the document] is comfortable with the information and can back it up and not have to try and dodge behind what was actually said," Stanfield says.

And finally, there is another lesson from HIH: the need for integrity across all levels of the business.

"CIOs should probably be taking an awful lot from this, actually," says Bernard Cronin, the executive director of the Australian Institute of Management. "What's fundamentally behind the HIH collapse, and in fact all the collapses that have occurred, has been a breakdown in values, and that leads sometimes to obfuscation or enough greed to have money being transferred, as happened in a number of the high-profile American cases."

Cronin concedes CIOs have no real control over the values displayed by those executives above them, but says, in a sense, every person is responsible for the values they bring to the organisation, and for ensuring those values are not corrupted by the people around them. "The values are the foundations, the building blocks, the character of a person," he says. "How they behave, what they do, is certainly what needs to be watched, and if a CIO or a CFO forms a belief that decisions that are being made by senior management or directors of the company are inappropriate or worse, illegal, then that person has a duty to do something about it."

Whistleblower legislation, Cronin points out, is not designed solely to protect senior management. "I believe that in organisations we all have got a duty to somebody: to your fellow workers, to the other stakeholders in the business, to the shareholders if there are some, and even to the community at large," he says.

CIOs whose companies are starting to look a little shaky at their foundations have been warned.