2002: Sarbanes-Oxley

A number of accounting scandals from leading-edge tech companies (Enron, WorldCom, and the like) led to legislation designed to remake the financial reporting practices of public companies from top to bottom. While Sox, as the act came to be known, explicitly targeted the behaviors of CEOs and CFOs, it probably changed the lives of CIOs as much or more.

Sox required that every act in a company’s financial life be documented and that every document be auditable, forcing CIOs to supervise a massive increase in documentation and in the control of that documentation. Change management, in particular, went from something the CIO could do on his or her own in an afternoon (for reasons best known to the CIO) to an agenda item for the Change Management Committee.

The scary part is that, given how integrated IT has become with financial reporting, if a CEO or CFO were to be indicted for Sox violations, the CIO is at risk of being sucked into the same prosecution, as a coconspirator.

On the other hand, CIOs are now right at the heart of the enterprise. The bean counters used to complain that IT was all cost and no benefit. Thanks to Sox, IT can now point to a benefit the most obtuse bean counter is likely to appreciate: keeping him out of jail.

2003: Virtualization

Imagine you have two (or more) IT objects, A and C. You want to hook A and C together so they can send signals to each other. Alas, they are incompatible, perhaps because they come from different manufacturers. Virtualization is the business of making a third object, B, that you slip between A and C to fool each of the original objects into thinking the other is speaking its own language, creating compatibility where before there was none.

The IT objects could be anything at all: servers, operating systems, routers, applications, hard disks, caches, whatever. Virtualization allows you to hook anything up to anything else and force the combo to work harmoniously.

Starting in 1999, a company named VMware committed itself to the technology. The early years were slow. People complained that everything had to be done twice (first by A or C and then by B), which meant that everything took twice as many cycles and burned up twice as many resources. The process added complexity. But by 2003 the world was beginning to understand how versatile and powerful a solution this was. One of signs of this dawning comprehension came at the end of 2003 when EMC, a huge storage company, bought a big piece of VMware. In 2007, VMware went public and, in a generally listless market, had the biggest tech stock debut since Google. Virtualization had arrived.

2004: ERP Hangover

In 2004 (or thereabouts), enterprise resource planning (ERP), fell off the hype cliff and (perhaps this is the fairest way to put it) became subject to the net of its positives and its negatives.

ERP is the art of framing a single formal definition for every object and act in a company so that everything can be managed together, top down. For instance, pre-ERP, each department or division in a company usually defined the term “employee” differently. These differences might be tacit and hard to define and perhaps not even known to top management, but they would usually matter. Once ERP came to that company, “employee” would mean the same everywhere, and every aspect of that identity would be explicit and transparent. There would be one database for the entire company and one interface to that database. A manager setting policies for “employees” would know exactly what he or she was doing. ERP is an instrument for bringing companies to a higher degree of integration.

The great virtue of ERP lies in how well it supports compliance with companywide policies. A given change just radiates across the company, with every division learning about it at the same time and in the same way. In the case of Sarbanes-Oxley, which mandates a specific framework for financial reporting, ERP seems essential to getting to compliance at all.

All good. However, as experience with the technology accumulated, downsides swam into view, among them a loss of flexibility and weakest-link exposure risks—if one department enters information inaccurately or imprecisely, everybody suffers. There were others.

ERP is connectivity taken to the extreme; and while the program has applications that are important and useful, it also teaches that there are limits. Connectivity is not the solution to all problems.

Sometimes it is even best avoided.