Columns

Risk and respect

To paraphrase Rodney Dangerfield, IT is not getting much respect these days. While data from the Meta Group shows IT salaries holding steady, more than 70% of the companies the firm surveyed pointed to problems of low morale and burnout. And while figures from Gartner Inc. show IT budgets now recovering after a two-year decline, the upturn will barely reach 4%.

Admittedly, the IT department is not the only organization ravaged by the recession. But given the fair share of excesses when the money was still good, IT has provided a great whipping boy, as exemplified by the recent “IT doesn’t matter” essay in the Harvard Business Review.

A recent seminar conducted for the financial industry by the Robert Francis Group opened our eyes to the notion that, in an era of increased regulatory scrutiny, IT may serve as the first line of corporate defense. The group also pointed out risk factors for which IT and software development groups are responsible.

Risk management is a hot topic on Wall Street, where the impact of new laws, such as the Sarbanes-Oxley Act, are imposing requirements for financial disclosure. If you’re wondering what risk management has to do with compliance, just ask any former employee of Arthur Andersen.

Given that virtually all relevant, financial-necessary data is probably squirreled away in some database or program, you can bet that IT staffs across most of the corporate world are on the hot seat.

The Robert Francis Group lists several major risk categories. In a post-September 11 world, event-based risk was the obvious headliner. With hot recovery more critical than ever (and for financial companies, required by law), having your signature on a contract for a hot backup site three blocks away isn’t always a career-enhancing move.

Although software professionals are not typically involved in hot site decisions, they play core roles in managing other risk exposures. The first category, security, impacts how apps are designed and protected. Beyond virus protection and enterprise policies for software deployment and data access, the mechanism for managing access is often a joint function of management tools and app architecture. Component-based approaches that decouple business logic from presentation and data, plus well-integrated directory support, may become essential to support the highly granular access control that might be required by internal groups and government regulation. It will become even more essential as enterprise apps embrace services-oriented architectures.

Furthermore, as CEOs are required to be more accountable for the 10K statements that they sign, there will be more scrutiny than ever on the issue of data quality and integrity. One of the major impacts of the new spate of regulations, according to Craig Stanley, research director at Gartner Inc.’s Enterprise Storage Management Practice, is that companies will store more data.

Other factors impact competitive risk. For example, the capabilities of the firm’s app portfolio can dictate the ease or speed with which it can enter new businesses, form new partnerships, and ensure the clarity and quality of its data.

In turn, the availability of professional talent or the health of a vendor becomes another risk factor. Choosing technologies or vendors has become akin to making stock market investments. Just ask any company with an old Fortran program requiring updating, or one that bought tools from LogicWorks, whose products lost market momentum after being acquired by Platinum and Computer Associates. And, of course, just ask any PeopleSoft customer today.

The same logic applies to your choice of platforms. If your company recently decided to migrate its Unix apps to Linux platforms, the emergence of SCO’s intellectual property theft lawsuits complicate the task of making an investment protection case before the CFO.

IT may not draw more respect, but with the growing attention to regulatory compliance, IT folks -- and software firms, in particular -- may command more scrutiny than many have been accustomed to.

About the Author

Tony Baer is principal with onStrategies, a New York-based consulting firm, and editor of Computer Finance, a monthly journal on IT economics. He can be reached via e-mail at [email protected].