Archives || Search || About Us || Advertise || Feedback || Subscribe-
Issue of June 2005 

[an error occurred while processing this directive]

 Home > Analyst's Corner
 Print Friendly Page ||  Email this story

IT and corporate governance

All businesses today depend on IT and its successful deployment as a key tool in achieving corporate goals and objectives. Business processes use IT for the cost-effectiveness and the time saving that it ensures.

For listed companies that mandatorily have to comply with Clause 49 of the Listing Agreement laid down by SEBI, life can indeed be difficult without IT.

The amendments in Clause 49 span over a number of business sections and involve groups of executives such as the Management, Board of Directors, Audit Committee and shareholders. To ensure compliance in all business areas, the CIO needs to be well informed about Clause 49 and employ an effective IT strategy for the company.

Legal compliance

Sunil R Chandiramani, Partner, Ernst & Young, discusses two key areas of Clause 49—legal compliance and risk management.

On a quarterly basis, the CEO or the Chief Compliance Officer is expected to certify to the SEBI that the company is in compliance with all the applicable rules, laws and regulations required of a listed organisation. The areas of compliance that a company may need to certify are numerous and complex, and involve several employees of the company. Some of the areas of compliance are Labour Act; Shops and Establishment Act; Health, Safety and Environment Act; value added tax; excise; sales tax and customs. The list could go on with variations at a state level, could be in relation to the Explosives Act for its canteen where LPG cylinders are stored, or the Labour Act, where labour is employed.

Risk management

On a periodic basis, every company listed on the stock exchange is expected to report to the Audit Committee about the risks facing the company, along with the risk assessment and the minimisation procedures. For this, the company has to gather data about the risks it may face from all business areas. This data needs to be collated, prioritised and presented to the CEO.

Tools for risk management

Companies need surveys that can be easily implemented to assess the risks being faced. Also required are data collation tools, means of understanding trends in the market and information about new risks and ventures. Further, companies need to identify people responsible for a particular risk, know their perceptions of the risk and compare the same with reality.

All of this can be done efficiently and quickly using technology.

The CIO’s role

CIOs, as the IT heads of companies, can play a pivotal role with their knowledge of technology. They can provide solutions for compliance by advising about collation and presentation of data, and thus enable the Board to act.

Unfulfilled role

In my experience, CIOs don’t usually participate in Board discussions about compliance issues. This raises some important questions: Are CIOs shying away from these discussions? Are they unaware of them, or are they being kept out by the business leaders?

This is a key issue that is facing corporates today.

Steps for the CIO

To ensure that compliance and the IT’s role in it are discussed in the Board, without CIOs being sidelined, they should:

  • Get a comprehensive understanding of Clause 49.
  • Discuss with the CEO, CFO and Chief Internal Auditor (CIA), and plan the projects that the company can undertake to support compliance.
  • Decide the technology that must be used and how that can be effectively integrated in other systems and procedures of the company. This will create a network solution for the purpose, and ensure cost-effectiveness.

The CIA’s role

Besides the CIO, the CIA also plays an important role in corporate governance. In compliance review assessment, he reports to the management and the Audit Committee. Section 302 of the Sarbanes-Oxley Act requires CEOs and CFOs to certify in writing and under oath, the accuracy of financial reports and the effectiveness of ‘disclosure controls and procedures.’

Organisations need reliable processes to support these certifications, and internal auditors play a key role in designing and evaluating these processes. These practices are emerging to provide CEOs and CFOs with the information necessary to assure the investing public that financial representations are complete and materially correct.

IT in compliance

The role of IT in compliance can be summed up as:

  • It helps collaborate in a controlled environment—IT provides a role-based control environment that encourages collaboration while maintaining discipline and structure. Users can effectively publish, store, share and find all information relating to corporate governance in this environment, including minutes of the Board meeting, corporate policies, risk data, corporate control, SEC filings and other managed documents.
  • It promotes standard operating procedures—This provides a robust content repository for storing and controlling the documents that describe organisational charts, policies and standard operating procedures.
  • It facilitates effective risk management—Risk management provides knowledge gathering and notification capabilities that would ensure that internal and external risks to achievement of corporate objectives, such as changing economic, regulatory and operating conditions, are quickly discovered and assessed, and well-informed decisions are made to mitigate risk.
  • It gathers and disseminates relevant information—This activity provides numerous ways to identify, capture and communicate relevant information in a form and timeframe that enables people to work within their responsibilities.
  • It effectively monitors performance—IT enables you to effectively monitor the quality and performance of its control systems through ongoing monitoring or single evaluations.
  • Mergers & acquisitions—IT enables you to effectively merge two different entities and their respective IT architectures. A poorly-handled IT integration between merging companies can jeopardise the business.

Measuring compliance

There are two key steps by which a CIO can measure whether an organisation is compliant with Clause 49:

1. The speed with which information becomes available in the company.

2. The ease with which compliance can be achieved.

Cost of compliance technology

One can look at the cost factor this way—if technology isn’t there, how would one certify on compliance?

For example, the number of man hours taken by a company to manually create reports and business processes, and then check whether it had achieved compliance, is much more than the time taken by the same company after it had deployed IT for the purpose. This is the fact about compliance that is being valued by all stakeholders.

Pitfalls to avoid

There are a few processes typically performed wrong by organisations that try to be compliant with Clause 49.

  • Many don’t try to find enough about the automated IT controls within their financial systems, which can help with compliance. They look at other financial means instead.
  • Some don’t use technology for the process of achieving compliance. Others lack the understanding of what needs to be done about the compliance process—what it means, how large it is and so on. By US standards, this would amount to fraud.

Other focus areas

Compliance and risk management are just two of the most important focus areas related to Clause 49. Others are related to management, greater independence, tracking data, and compliance with different procedures and processes. For achieving compliance smoothly in all these fields, it is impossible for a company not to use technology to be cost-effective and to gain competitive advantage.

As told to Soutiman Das Gupta and Newly Paul

- <Back to Top>-  
Untitled Document
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.