|Sign-Up for Free Exclusive Services:||Portals|||||eNewsletters|||||Web Seminars|||||dataWarehouse.com|||||DM Review Magazine|
|Covering Business Intelligence, Integration & Analytics||Advanced Search|
Eye on ROI:
Mention "compliance" to most people and they will tell you its all about Sarbanes-Oxley (SOX) requirements involving disclosure and reporting. And they would not be wrong - but that is far from the complete story. While SOX is a significant and daunting set of new corporate requirements, it is not alone. There is also Basel II (primarily affects companies in banking industries and financial services), the U.S. Patriot Act, new reporting requirements from the stock exchanges and proposed rulings from the Financial Accounting Standards Board (FASB), requiring companies to disclose the cost of employee stock options in their financial reporting. Even though the Senate has not acted yet on the latter (called the Stock Option Accounting Reform Act of 2003) nor has the SEC approved it, many companies have already begun to comply.
Taken all together, the new legislation - proposed or in place - is mandating the implementation of business processes, stipulating new levels of detail in reporting and holding management accountable for all of the above. In order to comply with most or all of the new reforms, businesses must be able to capture and integrate more data (more accurately), mine that data for deeper levels of information, analyze and distill and report. Hmmm ... sounds a lot like a business intelligence system.
But wait, there's more. Not only must the technologies for these capabilities be in place, so must business processes. SOX, in particular, is heavily focused on enterprise deployment of internal controls and demands evidence that these controls are embedded properly in operations. Internal controls are essentially managed business processes (can you say "business process management?"). The internal controls referred to by SOX are a specific kind of business process, the management of which is called "corporate governance." Essentially, meeting the requirements of new legislation begins with the upper-most levels of corporate management and percolates on down throughout the enterprise.
So what does all this have to do with ROI?
Namely, this: when considering the ROI of compliance or meeting SOX requirements or avoiding non-compliance of any of the other rules and regulations, there is more to the exercise than calculating the costs and benefits of technology implementation. Assessing the ROI of compliance really starts with understanding the costs and economic returns that result from improved governance.
"Governance" is the decision-making process that drives the operation of an organization. "Corporate governance" refers to the top-level decisions that ultimately drive the success, or failure, of a business. "IT governance," on the other hand, refers to decision-making processes around IT, including investment decisions and prioritization. Both types of governance have direct bearing on business performance and, hence, ROI.
Investing in good governance involves investing the capital and resources to create effective business processes and to actively embed them into the operations of the organization. Managing these processes proactively against the performance of the organization completes the picture. Consider this finding from a study based on 256 companies conducted at the MIT Sloan School of management:On average,businesses with superior governance practices generate 20 percent greater profits than other companies.1
Another finding of this study is that superior governance practices involve the linkage of IT governance with corporate performance goals. As we know, "aligning IT goals with corporate objectives" is much easier said than done. In fact you can go to the Web sites of many IT vendors who list IT alignment as one of their most prized benefits.
To the extent that IT and corporate alignment requires investment in IT solutions that facilitate it, this could be said to be an investment in improved governance. Other tangible costs of good governance may include replacement of key executives and managers, and the costs of designing, testing, implementing and tracking business processes that are the embodiment of governance. Intangible costs associated with the development of the framework to support improvements in governance are more difficult to measure and include the additional human capital resources required to track and incrementally adjust relevant processes.
Measuring the benefits of good governance may, in fact, be one of the easiest tasks if we follow the lessons learned from the MIT study cited above. Ultimately the true test of the success of any decision or process administration is how much value it generates and over what time period. Profitability is an excellent gauge of value. However, it may be difficult to know how to allocate profitability improvements directly to changes in governance.
The way that good governance can generate ROI begins with an enterprise-wide assessment of business processes - not just those business processes in finance and accounting. Financial reporting is fed by every function within a company and establishing proper internal controls over financial reporting actually means that you must have established business processes in every corporate function. Most companies that conduct a rigorous assessment of business processes across the enterprise will find at least a few instances (if not many) where existing procedures are cumbersome, duplicated, paper based and unautomated and, most importantly, unreliable. When enterprise workflow is optimized as a result of the implementation of new, streamlined automation, the results can be tangible:
Intangible benefits also abound:
As previously mentioned, the requirements of SOX and the host of SEC and FASB regulations that are driving corporate executives to be accountable for the reliability and accuracy of their financial reporting translates directly into the need for transparent, documentable information at nearly all operational levels of the company. While good corporate governance is the ultimate foundation for ensuring that sufficient internal controls are instituted, it is not sufficient: IT governance is of paramount importance to the compliance outcome. Plainly stated, problems in IT will result in problems achieving compliance. Those executives who do not recognize that SOX is scrutinizing not only financial processes but also the IT processes on which they are based will likely discover compliance in perpetuity to be unattainable.
Oddly, even though it may seem plain to some that any assessment of business processes is synonymous with examination of the underlying IT processes, a report from the IT Governance Institute (ITGI) released in July 2004 found that nearly 40 percent of the CEOs responding are not considering implementing an IT governance program.2 Development of a framework for making IT decisions (including investments) that is guided by the goals and objectives of the company must be considered a key part of overall good corporate governance.
No matter how ethical and well-meaning an executive team may be, not including measurement of IT performance, IT resource management and the delivered business value of IT decisions will ultimately be a barrier to effective corporate governance. A study from Georgia State University and Institutional Shareholder Services released last year plainly revealed that companies with strong corporate governance outperformed others in ROI and ROE (return on equity) by 18.7 percent and 23.8 percent, respectively; the difference between the annualized returns of strongest and weakest governance was 11.9 percent over the preceding five-year period.3 The study found that the biggest factor in determining strong corporate governance was composition of the board of directors. This supports the ITGI finding of a positive relationship between the effectiveness of IT governance measures and the level of board participation in IT decision processes and monitoring.
1. Weill, Peter. "IT Governance: How Top Performers Manage IT Decision Rights for Superior Results." Harvard Business School Press, 2004.
2. "IT Governance Global Status Report", conducted by PricewaterhouseCoopers for the ISACA, July 2004.
3. Georgia State University and Institutional Shareholder Services jointly conducted research by Lawrence Brown, Ph.D. and Marcus Caylor of GSU, February 2004.
Dawna Paton and Dale Troppito are managing partners of the Gantry Group. Paton has helped guide the Gantry Group's rigorous ROI best practice models based on a 25-year career as chief executive officer, CFO, sales and marketing executive, and venture capitalist in high technology companies. You can reach her at firstname.lastname@example.org. Dale Troppito, company cofounder, believes that the technology leaders of the future will be those that understand the crucial role that a market-validated, value delivery strategy and compelling ROI play in shaping corporate competitiveness and customer satisfaction. You can reach her at email@example.com.
|E-Mail This Column|