RSS I  I  I  I  E-Newsletter                             

 - Please note that CIPS is currently receiving a high volume of inquiries and applications. We thank you for your patience - 

Member Article: Corporate Governance has Driven the Need for Professionalism

J.G. Boufford, I.S.P., ITCP/IP3P, CIPS Past-President (2006-2007)

We are all aware that Sarbanes-Oxley (SOX) and similar laws have put a significant onus on officers of publicly-traded companies to ensure that financials are correctly reported.  However, robust financial reporting is just the tip of the iceberg.  At a conference that I attended a couple of years ago, the speaker estimated that more than 15.000 laws in Canada have to do with regulatory compliance - laws for example, relating to privacy, to restrictions on permitted uses of credit bureau information, or to electronic filings which are necessary to expedite the trans-border flow of shipments. 

Regulatory compliance has a significant impact upon how companies, and therefore how IT, does business and those impacts find their way down the chain of command.  Failure to comply affects the company's bottom line and might result in criminal sanctions.  In the public sector, institutions are under public scrutiny and failure to comply has consequences upon reputation and program delivery.

It's no longer just the large companies and government bodies that are faced with compliance.  The lessons learned during the SOX audits will be applied to varying degrees in all IT audits.

The result is that corporations and governments are looking to IT for transparency to navigate the "minefield".  Senior management reviews and approves significant IT projects and expenditures. Sometimes in the private sector, the Board broadly sets IT direction.

Therefore governance demands best practices and transparency.  Organizations cannot rely solely on trust of the practitioner or the prime contractor to ensure that adequate governance mechanisms are in place. 

The effect of increased governance will be felt across the IT organization.  This is a front-of-mind issue for IT management.  But the need for adherence to best practices and ethical practice applies equally to all professionals - especially those providing services on a tight budget where it is easy to cut corners and where the client is not capable of assessing the quality of a solution.

Being a professional demands adoption of ethical and best practices.  However, it also requires the practitioner to escalate thorny issues to senior management, and sometimes externally, when an IT project poses significant risks to compliance or public safety.

Professional certifications such as CIPS' Information Systems Professional or I.S.P. (Expert agréé en technologies de l'information or EATI in French) and CIPS' internationally-recognized Information Technology Certified Professional or ITCP (Professionnel agréé en technologies de l'information or PATI in French), which is aligned with the IP3P standard, are powerful tools to assess a practitioner's mastery of the profession, and adoption of ethical and best practices. 

I have been calling on IT leaders to deliver the professional certification message.  They understand the importance of it professionalism and governance, and how this translates into a more ethical and productive workforce that improves their bottom line. 

I use the analogy of the capability maturity model (CMM) when I speak on this topic.  There is nothing magical about the CMM.  An individual practitioner can deliver a system as per "spec", on time and on budget without adopting the CMM.  But as an organization adopts the CMM, success becomes more reproducible.  The same applies to hiring or contracting with professionally certified practitioners - they are accountable for their work; they deliver work product in an ethical manner; and they use best practices to improve reliability and reduce the risk of failure.

 The time has come for practitioners to recognize and take on the mantle of leadership as it exists in other professions by becoming more accountable for our actions and decisions, and embracing transparent standards of ethics and practice.  In doing so, the delivery of robust IT services will contribute to better IT governance practices and, in turn, overall corporate governance.

RocketTheme Drupal Themes