Brian Hadfield of hardware and services giant Unisys explains how IT should play a crucial role in corporate governance.
IT Week: As managing director of Unisys in the UK, how would you define corporate governance?
Brian Hadfield: The ethical behaviour that companies should follow, particularly when they are looking for investment, whether public or private. It's a guarantee that people who invest will get a responsible return based on a series of best practices. Things that may be covered include an organisation's honesty and integrity, whether they behave in an ethical manner with an accurate portrayal of their numbers. Firms need to offer financial auditing, transparency and accuracy. It also covers how well companies operate risk management and risk assessment - we know that businesses are not perfect but it is about how well they weigh up that risk.
Do you think that corporate governance really concerns IT?
There are lots of practical things that IT needs to do in order to provide governance. Most of the information used for reporting or to identify or manage risk is data-based. IT is often the owner and distributor of data. IT managers have got the wrong end of the stick here. Corporate governance is not something that is happening to them, but something that they themselves should be shaping and influencing. There are too many people playing the poor, disaffected IT director because they are not part of the business. They are the business and they need to get rid of the chip on their shoulder.
How can IT be brought back into line?
IT can contribute to ensuring firms comply with corporate governance in a number of ways. For example, by providing business intelligence and data mining capabilities so that all people across an organisation have access to the same information, boosting transparency. IT staff can also play a key role in risk management by making sure that they have built an infrastructure that will support the requirements of a business while weighing up the risks that are involved. IT directors need to ask whether they have invested enough in security to make sure that their organisation is adequately protected - terrorists are not just people in far away lands. And delivering projects on time will enhance shareholder value by cutting out expensive overruns.
Why is there so much ignorance about what IT should be doing?
It's hard to blame IT teams for their lack of knowledge. Enlightened organisations are encouraging IT to get involved in the whole process. It's good to have IT at board level because then they must be involved. The problem is that IT teams are under huge pressure having had their budgets cut. Most IT directors are working hard just to keep their head above water and deliver value, so they have neither the time nor the inclination to contribute to the debate. (But) if they are not involved, they will become isolated.
How should IT teams view auditing?
In the past auditing was very much viewed as a box-ticking exercise, with questions asking whether you have done this or you have not done that. As a result people got into a defensive mindset. Once you look at audits in terms of risk assessment and valuations, audits become more useful. By clarifying what you are measuring your performance against and working out what points you need to address, it becomes a more interactive process that can change mindsets. If things are too black and white, this breeds the wrong behaviour and people look to hide things. If IT teams adopt a more risk-based approach to auditing it can work in their favour by advancing their case for more budget.
What is encouraging improvement in corporate governance?
We have seen some cataclysmic events over the past couple of years including September 11, and the financial scandals of WorldCom and Enron. Unfortunately it takes a disaster or series of significant events before people wake up. As far as the financial scandals are concerned, the failure of these companies is not as bad as the fact that they appeared to be aided and abetted by outside organisations. This called into question the integrity of both the audit companies and big business. There is a general feeling that business is not clean [that has created] a lack of shareholder confidence.
Have your say: reply to IT Week
ABOUT BRIAN HADFIELD
Hadfield has worked for Unisys for 20 years and is currently managing director of Unisys in the UK.
Previously, Hadfield worked for Unisys in the US in roles including vice president and general manager of business development and communications in the systems and technology division.
Hadfield also led the ClearPath Business Initiative, headed the Unisys Banking Practice and was area vice president in New York City.
