If I had a nickel for every time I talked about the changing role of the CIO…well, I’d have a lot of nickels. The cascading impact of technology change on business operations, governance models and roles just keeps on coming, like waves marching up the beach after a storm.
This seems to be a particularly intense period of change, thanks to the triple-threat pressures of the grim economy, accounting scandals and increased concern over security risks.
In this issue, we look at two new areas of CIO accountability: the need to eradicate security flaws in software and the mandate to ensure that corporate accounting data stands up to audit scrutiny under the Sarbanes-Oxley Act.
Software bugs are nothing new, and CIOs have long lamented their number and nastiness. There are reasons why vendors churn out buggy software, and some of those will never go away. So are CIOs doomed to live with software riddled with security holes?
Absolutely not, writes Senior Editor Scott Berinato in “The Bugs Stop Here” on Page 60. First of all, between the current buyer’s-market conditions and the heightened focus on security in general, there’s never been a better time to exert greater pressure on vendors to write cleaner, more secure code.
But even without that leverage, CIOs are not without recourse. Got a bug problem in your shop? New tools and processes can help you find and eliminate them. There’s really no excuse not to.
Many CIOs see this as a natural part of their job. “Security is really about operational excellence,” says Al Schmidt, vice president of IT and CIO at Arch Chemicals. “That’s what I’m supposed to be doing, right?”
But what about ensuring the accuracy of financial data? Is that also something CIOs are supposed to be doing?
Yes and no. Clearly the CFO and audit committee have a central role to play. But given that most financial systems are complex enterprise beasts, linked into (and drawing data from) other systems, the finance and audit teams can’t go it alone. In most companies, it’s not the CFO who’s going to make systems capable of real-time disclosure of material changes (which, by the way, is something that will need to be done). To find out more about the implications of the Sarbanes-Oxley Act, turn to Page 70.
These current pressures add a few more “bucks” to the long list of things that stop with the CIO. So find out all you can about what’s required and, together with your colleagues (or vendors), develop a plan to meet those new obligations.