IMPACT OF INFORMATION TEHNOLOGY ON CORPORATE GOVERNANCE AND FINANCIAL REPORTING 1. 0 INTRODUCTION The introduction of the computer and advent of the Internet has changed the way we live in the modern world. This spans across every aspect of human life. Modern innovations have led to the description of the age in which we live as “the Information age”. Information technology and management therefore plays a vital role to the extent that timely access to Information could save a life while improper management of Information could lead to huge problems and losses of opportunities.
In terms of Corporate governance and financial reporting, the financial implications of these losses could be great on corporate entities when quantified in monetary terms and this has led several companies to invest in finding better ways of improving on Information systems. Corporate scandals and failures across the globe including Enron, Worldcom, Daewoo Group (in Korea) and HIH (a major insurance group) in Australia, has raised serious questions about the way public corporations are governed around the world.
This is usually characterized by managers who have been trusted with company control but due to conflicting/self interest, sometimes engage in actions that are profoundly detrimental to the interests of shareholders and other stakeholders. When managerial self-dealings are excessive and left unchecked, they often have serious negative effects on corporate values and the proper functions of capital markets. Around the world there is growing consensus that it is vitally important to strenghten corporate governance to protect the rights of shareholders, curb managerial excesses, and restore confidence in capital markets.
Last year Nigeria witnessed the sacking of Managing Directors of five of Nigeria’s top banks namely Intercontinental Bank Plc, Union Bank, AfriBank, Oceanic Bank and FinBank. This was largely due to issues relating to Corporate governance and ethical code of conduct as most of these directors gave out unsecured loans in excess of Billions of Naira against the stipulated guidelines. According to the Central Bank of Nigeria, the management of the banks were sacked because they acted in a manner that was detrimental to the interest of their depositors and creditors.
The CBN said the banks have liquidity challenges arising from their “huge” exposure to the capital market, petroleum marketing sector, specific large-ticket transactions and consequently “massive” non performing loans. This left one of the five banks “technically insolvent” and the other four undercapitalised. Corporate governance can be defined as the economic, legal and institutional framework in which corporate control and cash flow rights are distributed among shareholders, managers and other stakeholders of the company.
Corporate governance and management has, as its primary objective, the enhancement of corporate profits and shareholder gain. i. e. corporate governance is basically rules and practices put in place within a company to manage information and economic incentive problems inherent in the separation of ownership from control in large enterprises and as dealing with how, and to what extent, the interests of various agents involved in the company are reconciled and what checks and incentives are put in place to ensure that managers maximize the value of the investment made by shareholders.
In Corporate governance, key concepts are Corporate identity, Corporate communication, Corporate image and Corporate reputation. Corporate identity is the reality of the corporation. It is the unique, individual personality of the company that differentiates it from other companies. This is commonly referred to as the Corporate brand. Corporate communication is the aggregate sources, messages and media by which the company conveys its uniqueness or brand to its various audiences. Corporate image and reputation are in the eye of the beholder.
Image is the mental picture that people have of an organisation whereas reputation constitutes a value judgement about the Company’s attributes. Corporate image and reputation are discrete but related concepts. While corporate image is the effigy that people have of a company, corporate reputation on the other hand represents a value judgement that people make about an entity as a whole or one or more of its attributes. Corporate images typically can be fashioned fairly quikly through specific actions and well conceived communication programs, whereas reputations evolve overtime as a result of consistent performance.
Clearly an entity must be concerned about its image and reputation amongst its constituent groups which to a large extent is determened by Corporate governance. In academic parlance, these significant constituent groups are called stakeholders. They are groups that have a stake in a Company. Stakeholders are affected by the actions of the Company and perhaps more importantly, their actions can affect the company. This establishes the central importance of Corporate governance and the principal stakeholders ith which most large firms must be concerned are: i. Customers ii. Distributors and retailers iii. Financial Institutions and analysts iv. Shareholders v. Government regulatory agencies vi. Social action organizations vii. The general public viii. Employees The objective in corporate governance is to manage businesses effectively and to communicate the performance and financial position to the audiences that are important to the firm in a manner that is both positive and accurate.
This process involves fashioning a positive identity and communicating this identity to significant audiences in such a way that they have favourable view of the company. Today, this is achieved through financial reporting and thus a direct relationship can be seen between Corporate governance and financial reporting. A major approach taken to achieve this objective is to have in place mechanisms that are targeted at keeping abuse and fraud in check. These include the duties imposed on directors, the role played by auditors, the establishment of audit committees, and disclosure requirements to name but a few.
Availability of accurate, relevant, and timely information is crucial to establishing and maintaining these mechanisms as well as to ensure their efficacy. Because the availability of information plays such a major role, the increased use of (IT) in information management has made a considerable impact on these corporate governance and management mechanisms. Furthermore, the use of IT to manage information flows and the resulting potential to increase the capacity and efficiency of data storage, processing, and dissemination has altered the significance of information for corporations.
In other words, information is not only an invaluable resource for wealth generation but, in many instances, has itself become an asset. As such, it must be protected through a system of internal controls. Care must be taken to select the most effective and efficient methods of storing, managing, and utilising available information. Where the information stored is proprietary in nature (such as client lists, and trade secrets), there is a need to protect it from being stolen or used unlawfully. Steps must also be taken to guard against its destruction.
Abuse may also arise where information is utilized in a manner that invades the privacy of clients, trading partners, and employees. These issues were important even prior to the IT revolution. However, they have now taken on an additional perspective because of the increased use of IT in information management. This, in turn, has had a direct impact on the duties of directors, the responsibilities of auditors, the interests of investors, and the role of regulators in establishing and maintaining satisfactory corporate governance practices.
This term paper aims to review existing literature on the topic and set out the new challenges that directors, auditors, investors, and regulators face in adapting and using IT to enhance standards of corporate governance and fulfilling the requirements of Corporate Financial Reporting. It will deal with providing a brief summary of the basic changes brought about by IT in the areas of data storage and management, the processing of information, and information dissemination.
It shall then go on to discuss and highlight how these changes can impact on the roles of directors, auditors, investors, and regulators in their respective corporate social responsibility functions and point out some specific areas of potential development and change in how financial Information is being reported. 2. 0 LITERATURE REVIEW Accounting as an Information processing system is one of the areas which provided the first application of computers. Prior to the use of computers, accountants had been very much burdened by the time-consuming routine nature of processing and calculation.
As organizations became larger and more complex, accountants had been bewildered by the large quantity of data. The use of the computer introduced faster processing and it was immediately expected to take over such routine processing and calculation. However when the computer was invented it was believed that the “all electronic computing device” would free the accountant from time consuming routine functions and allow such time to be devoted to more productive use – Matz (1946). Blundell (1953) concurred and added that accounting functions such as sales and production analysis would be automated and added to the organization’s egular information. Most of the predictions of Matz and Blundell can however be seen integrated in today’s accounting. New developments in Information technology such as database management technology and the rapid advancements in telecommunications and computers also gave way for broader speculations. An example which illustrates this point is the prediction by the Future Issues Committee of the Amserican Institute Of Certified Public Accountants (AICPA) that in the future databases would let the accountant prepare multiple analyses and comparisons (Abramson,1986).
Another important point to note is that prior to the introduction of computers, accounting functions were isolated from each other and from other functions by way of labour division under manual operations. Not only did this result in much unecessary repetitive work and data but it also led to inconsistent data and necessitated the need for internal control. The computer was seen as powerful and regarded the ideal solution almost immediately when it became available. Jening (1952) visualised an integrated electronic accounting system where all accounting functions would be planned in advance and completely integrated.
Similarly, Young (1954)anticipated that the electronic communication between various parts or functions would tear down the departmental walls which segregated accounting functions and other sections, and allow data to be processed virtually simultaneously. However it should be borne in mind that these speculations were made before computers were used in accounting and when data technology was still beyond the horizon. Literature on the Impact of Information Technology on Corporate Governance shall be reviewed in terms of a) IT and the relationship to corporate governance, b) IT and the risk to the organization, and (c) key attributes of IT that assist organizations in meeting the demand for better governance. There is a significant relationship between IT governance and business knowledge of IT. The individual dimensions of IT unit governance (systems development governance, and requirements governance) are related the overall knowledge of business processes. Increased levels of combined knowledge are significantly related to shared governance.
The resultant interaction that occurs suggests that how these two factors align affects the overall performance of the organization. (Henry, 2004, p. 94) Many organizations are reporting that technology in general exacerbates existing security problems or introduces new vulnerabilities into the organizational structure (Weill, 2004). Even with the potential for increased exposure many organizations are forced to adopt and implement new technologies to maintain a competitive edge and/or keep pace with a growing demand for specific products or services.
This conundrum where IT helps to serve the organization, but also has the potential to introduce serious risks is becoming an area of significant concern to executives, IT practitioners, and those who trust these organizations with private information. This section will review literature regarding how IT has affected the manner in which business is conducted and how IT affects and drives the demand for better corporate governance. This term paper will also analyze these problems and draw supportable conclusions based on the review of existent literature.
The governance of information technology has emerged as a major management challenge facing organizations. IT governance deals with the distribution of decision-making between business and IT units and has primarily been studied at the organizational or the business unit level of analysis. (Henry, 1994, p. 1) The risks associated with the modern commercial organization, specifically IT, are primarily centered on the unauthorized disclosure of private information (Remenyi & Money, 2000).
While the literature has revealed many traditional threats to the organization that are not specifically related to IT (e. g. , new entrants, market dominators, rivalries) the biggest risk with regard to understanding the relationship between corporate and IT governance stems from the dependency on proprietary information for which the organization is responsible (MacMillan & McGrath, 2004). According to the Information Technology Governance Institute (ITGI) IT governance is becoming an evermore prominent discussion topic during senior executive meetings (Hardy, 2004).
The management of risks is a cornerstone of IT governance, ensuring that the strategic objectives of the business are not jeopardized by IT failures. Risks associated with technology issues are increasingly evident on board agendas, as the impact on the business of an IT failure can have devastating consequences. (Hardy, 2004, p. 8) According the CSI/FBI 2005 report, organizations have recently reported an increase in system attacks targeted at proprietary databases. In 2005, 697 businesses from a ariety of industries reported successful system breaches totaling approximately $130 million in lost profit and the resulting litigation. With the recent near loss of private active duty and veteran information occurring at the Department of Veterans Affairs and the reports of fraud stemming from the Enron and MCI corporate scandals, many senior members of the Corporate Governance Taskforce and the National Cyber Security Partnership have proposed a framework for commercial, government, and non-profit associations to integrate information security governance into their governance practices (ITGI, 2006).
The risks associated with IT, as stated previously, tend to focus on how IT is implemented and regard IT constitutes all forms of technology used to create, exchange, store, and process information (Hoffman, 2006). The risks, seemingly to be the result of IT integration into the organizational core, are more correctly associated with the actual information being stored, processed, or transmitted (ITGI, 2006). While many IT and security professional are espousing the organizational benefit derived from IT, other researchers are arguing an opposite stance.
For example, Nicholas Carr, author of Does IT Matter (2004), has become recognized as one of the leading critics of the idea that IT provides strategic advantage. Even though the opponents of connecting IT and strategic value raise specific concerns, many of the opponents acknowledge the significant organizational benefit from effective IT governance and risk management practices. The manifestation of IT governance objectives through detailed process controls (e. g. in the context of project management) is a frequently controversial matter in large scale IT management.
The difficulties in achieving a balance between financial transparency and cost-effective data capture in IT financial management (i. e. , to enable chargeback) is a continual topic of discussion in the professional literature and can be seen as a practical limitation to IT governance. IT facilitates the need for better governance as a result of the unique vulnerabilities presented when implemented throughout the organization. Prior to the proliferation of technology most risks were managed within the traditional corporate governance structures (Williams, 2005).
For example, these traditional corporate governance structures included: assurance and control, finance and economics, and contingency planning and disaster recovery (Williams, 2005). As technology began to require more consideration in what was once considered the traditional corporate structure and domain of the senior decision-maker, many executives elected to separate technology and the associated necessary decisions from the senior management body (MacMillan & McGrath, 2004).
As information and information assets become more critical to modern organizations, it became obvious that more governance structures were needed to keep pace with the increased demand brought about by IT. Managing risk and incorporating IT into an existing governance structure is not easy. As a result of this complexity, organizations are adopting new methods of handling risk rather than “risk” itself being an inherent part of IT.
This involves new approaches and mechanisms that are better equipped to deal with the uncertainty that stems from IT and increased organizational dependence upon information and information assets as well as the regulations mandating increased accountability and control. As a result of advancements in technology, organizations today are able to conduct business using a variety of mediums. And while businesses and organizations are able to reach more customers that are geographically separated, the technology that affords this ability does have vulnerabilities unique to the information age (Hoffman, 2006).
According to Arnum (2004) senior management within organizations are responsible for ensuring the security of information assets under their charge. This increase in accountability has encouraged many senior executives to incorporate IT governance practices into the traditional framework of organizational accountability and governance. Corporate governance is, in general, comprised of business processes, policies, and regulations that affect the manner in which a corporation is directed.
Corporate governance also includes the relationships that exist among a corporation’s various stakeholders, partners, shareholders, and organizational specific goals (Hardy, 2005). While the overall goal of corporate governance is to ensure and deal with issues of organizational accountability, direction, and the attainment of goals, another aspect of this form of governance is established to promote economic efficiency and optimization throughout the enterprise. It is this link between corporate governance and the organizational specific goals that begins to illuminate the role IT plays in respect to corporate governance.
The corporate governance structure outlines the procedures for making strategic corporate decisions. In addition to making important organizational decisions, this structure provides a formal process for the establishment, monitoring, and attainment of organizational objectives. Given that corporate IT initiatives are increasingly becoming more expensive when successful, not to mention when they fail, these projects are receiving more scrutiny than in the past. This scrutiny has begun to take the form of formal corporate governance (Carlson, 2004).
CEOs and senior executives are being held responsible, both in the courts and in the eye of the public, for issues relating to waste, fraud, and poor management decisions. As a result senior decision makers are increasingly playing more intimate roles regarding IT initiatives and expenditures. Despite IT being reasonably ubiquitous, it has been reported that IT project failures have significantly increased from 40% of the 1990s to ranges between 55% (Mukherjee ; D’Souza, 2003) and as high as 90% (Connor, 2003; Lindsey & Frolick, 2003; Whiting, 2003).
With more accountability being delivered to the top of the management hierarchy for failed IT projects, many senior executives and other members of management are no longer leaving the responsibility for project funding, performance monitoring, and overall success of the IT initiative to a separate and unaccounted for governance structure (Pfeffer & Sutton, 2006). In fact, the dependency of the modern organization on technology and technology-related initiatives for growth and sustainability has forced many organizations to create better governance structures by folding IT governance into their existing governance framework (ITGI, 2006).
Remenyi and Money (2000) contend that when IT decisions are made in a governance structure established or modified to handle the alignment of organizational and IT objectives, there is an increased measure of success. The U. S. Congress has enacted legislation to compel organizations to create and enforce measures regarding financial accountability and reporting (Sarbanes-Oxley Compliance Journal, 2006). The Sarbanes-Oxley Act of 2002 is a mechanism to formalize and strengthen internal organizational controls and validation processes and to ensure transparency regarding the corporate governance structure.
The Sarbanes-Oxley Act protects investors by improving the accuracy and reliability of corporate disclosures. The Sarbanes-Oxley Act created new standards for corporate accountability, as well as new penalties for acts of wrongdoing. It changes how corporate boards and executives must interact with each other and with corporate auditors. Holding the CEO and CFO accountable for the accuracy of financial statements eliminates the possibility of an individual defending his action with, “I wasn’t aware of financial issues. ” (Serena Software, 2005, p. ) Regarding Sarbanes-Oxley, the role of IT is to provide support for enterprise-wide compliance through enabling proper checks and balances and to ensure that the IT infrastructure is properly documented regarding security and architecture design, application deployment, and change management. “All companies have various levels of IT control, but the processes are often informal, or they lack adequate documentation and evidence. Frequently, the deficiency lies in the consistency and quality of the documentation and evidential matter” (Serena Software, 2005, p. 4).
CEOs need to become aware of and develop a keener sense of the benefits of technology. In addition CEOs must understand the unique vulnerabilities introduced by IT and understand what processes within the formal organization governance structures are available to mitigate the vulnerabilities. CEOs must have a clear understanding of the organization’s mission objective and value proposition, so as to make better governance decisions regarding the alignment of IT initiatives with the objectives of the organization and the specific issues of project initiation, funding, performance monitoring, and ultimate acceptance.
Hardy (2005) asserts The universal need to demonstrate good enterprise governance to shareholders and customers is the driver for increased risk management activities in large organizations. Enterprise risk comes in many varieties, not only financial. Regulators are specifically concerned about operational and systemic risk, within which technology risk and information security issues are prominent. (p. 8) Many organizations, due to the unique attributes of IT management, have implemented separate IT governance mechanisms outside those of the existing corporate governance structure (Weill & Ross, 2004).
IT governance, like corporate governance, requires specific planning and coordination to ensure the correct alignment of organizational and IT goals. More precisely, IT governance mechanisms provide twofold benefits: the main benefit being the assurance that IT and the IT infrastructure are actively supporting the organizational mission and value proposition, and the other benefit is to prevent or mitigate poor design, profligacy, or replication of similar efforts (Weill & Ross, 2004).
According to Kappelman, McKeeman, and Zhang (2006) problems with IT governance and the ultimately resultant disparate governance mechanisms are the result of management’s attempt to piecemeal mechanisms one at a time when specific needs arise. It is this “reactive” process of addressing IT problems independent of a formal governance structure that leads to many failed or partially failed IT initiatives (Kappelman et al. , 2006).
Reacting to IT problems rather than properly planning and accounting for them creates and perpetuates a defensive posture that further complicates corporate and IT governance and further limits the strategic impact resulting from IT. Traditionally, technology has been seen as merely an operational discipline and the IT director as an operational expert. Now that governance is recognized as a strategic business concern, log intelligence is critical for the Chief Information Officer’s new role that spans both the management and technological know-how that governance implies.
To take a proactive approach to designing better governance involving both corporate and IT specific mechanisms, the process must involve senior executives, stakeholders, and technical advisors (Winters, 2002). Many organizations elect to use the existing corporate governance processes as a foundation to begin the planning process. Using the mature governance processes not only serves as a basis to begin the unification of corporate and IT initiatives, but also can serve as a mechanism to determine which, if any, of the existing IT governance mechanisms is effective and should be integrated into the corporate structure.
According to Weill and Ross (2004) those organizations that exhibit effective IT governance have between six and ten integrated and well-functioning governance mechanisms. One goal of any governance redesign should be to assess, improve, and then consolidate the number of mechanisms. Early in the learning cycle, mechanisms may involve large numbers of managers. Typically, as senior managers better understand IT value and the role of IT, a smaller set of managers can represent enterprise needs. (Weill, 2004, p. 2)
Regulation and Organizational Change As previously stated, corporations are increasingly being subjected to more rigorous controls in the form of formal legislated acts. These acts deal with issues such as privacy, data storage and use, financial accountability, and increased internal checks and balances. For example the Sarbanes-Oxley Act of 2002 requires organizations to publicly release data pertaining to the effectiveness of their internal controls as related to financial reporting and independent auditor validation (Wikipedia).
According to the ITGI (2003) it is this type of recent legislation coupled with growing public concern that have led the way in requiring organizations to exhibit stronger internal controls over the use of IT and provide some level of assurance that these controls are adhered to. Going deeper into the issues of internal IT governance and organizational change, Kaplan and Norton (1996) propose the Balanced Scorecard (BSC).
This principle of evaluating an organization based on financial reviews and audits, incorporating customer satisfaction measurements, and determining the degree of innovation is applied to organizational IT processes and has been effective at applying the necessary controls regarding IT governance. According to Van Grembergen (2002) this approach examines IT governance using financial logic and asks three basic questions regarding IT initiatives: How do senior organizational leaders ensure a return of investment? How do senior organizational leaders mitigate poor IT investment decisions?
How do senior organizational leaders exhibit control of the Chief Information Officer and IT infrastructure? Providing detailed responses to these high-level questions enables management to correctly understand and govern IT initiatives. In addition, this approach provides a platform to unify IT and corporate governance. Van Grembergen (2002) defines IT governance as “The organizational capacity to control the formulation and implementation of IT strategy and guide to proper direction for the purpose of achieving competitive advantages for the corporation” (p. ). The unique benefits brought about by IT continue to hasten its adoption into the organizational infrastructure. It is this rapid and continued adoption and the ever-growing dependency of the organization on its informational assets that facilitates the demand for more formalized controls of IT (Van Grembergen & De Haes, 2005). While the integration of technology has facilitated the demand for better corporate governance, IT also provides services and extends existing capabilities to meet the increased demand (Serena Software, 2005).
Many of these capabilities provided by technology such as database applications for storage of governance material, secure remote connectivity for communications and monitoring, auditing applications for ensuring adherence and compliance to standards increase the capability of senior management to make effective decisions regarding IT governance across organizational enterprises that are geographically separated. Planning and managing IT projects requires specific skill sets and supporting technologies.
While there has been an increased demand to fold IT governance into existing corporate governance structures, the need remains for specific processes, unique to IT governance, to facilitate the alignment of organizational objectives and IT initiatives. At the project management level, there are project planning software suites that help to align and allocate resources, determine necessary levels of project funding, establish design and development schedules, track requirements, and manage and track issues relating to supply chain management (SCM) and customer relationship management (CRM).
The technology-based components corresponding to project management help to provide management with near real-time and highly accurate data to determine alignment with predicted funding needs, progress against proposed schedules, and unexpected deviations. Another component of Information governance is focused on risk management and risk mitigation. Technology offers many selections regarding how data assets are valued, as well as how the level of organizational risk is quantified and measured.
Risk management software such as NOWECO and Methodware is rapidly becoming integrated as a foundation for providing senior management with the necessary information to execute a risk management strategy. An additional benefit of this technology is that it allows management to better understand the types of risks present within the organization and use this knowledge to make risk avoidance or risk mitigation decisions. The process by which organizational risk is quantified and measured is complex.
Under normal conditions risk management assumes that the highest valued data assets are protected first, followed by a decreased degree of protection afforded to those that are of lesser value. Managers responsible for determining what data asset receives what degree of protection realize the complexity involved in this type of organizational decision and are relying, with more frequency, on software enabled solutions to make better decisions regarding risk management and IT governance.
Thus, this literature review has illuminated several salient points regarding how IT drives the demand for better corporate governance, while at this same time providing mechanisms, processes and tools that help to meet the increased demand. IT is no longer regarded as a section of the organization that can freely exist outside the traditional corporate governance structures. The recent and increasingly frequent attempts to gain unauthorized access to private or proprietary information has forced relevant authority to create and pass legislation that specifically addresses the governance of these areas within the organization.
CEOs and other members of senior management realize the need to enforce stricter controls regarding the funding, planning, and management of IT initiatives. IT integration, use, and maintenance is expensive; therefore in order to be properly accountable to the shareholder, stakeholder, and correctly aligned with the goals of the organization, all aspects of IT initiatives including planning, funding, performance monitoring, and overall success are being incorporated into existing corporate governance structures.
Once incorporated, experts are able to inform senior management, using formal communication processes, regarding the alignment of the IT initiative with the overall organizational objectives and what, if any strategic value will result. The responsibility and accountability of the CEO to the organizational constituents, the increased dependency of the organization on its data assets, along with the increased tenacity and frequency of successful hackers have culminated in the demand for better corporate and IT governance. IT helps to provide for the increased demand for better governance by roviding management with the ability to manage remote sections of the organization, make better decisions regarding risk management and risk mitigation, quantify and measure specific organizational risk, determine appropriate allocation of resources and funding, and ensure regulatory compliance regarding financial reporting, consumer privacy, and the use of private information. 3. 0 IMPACT OF INFORMATION TECHNOLOGY ON CORPORATE GOVERNANCE Good governance is something that effective organisations in both public and private sectors strive for.
Corporate governance was defined by the Cadbury Committee as: ‘The system by which an organisation is directed and controlled, at its most senior levels, in order to achieve its objectives and meet the necessary standards of accountability and probity. ‘ (Cadbury Report, 1992. ) It is clear from this definition that corporate governance is not solely about introducing systems of control, it is fundamentally linked to directing the organisation in order to achieve objectives.
This is critical to the success of the organisation and is a central part of the role of the board. 1. Changes in Information Management The manner in which information is stored, processed, and disseminated has undergone significant changes over the last decade or so. This has been the direct result of advances made in computer technology. Documents may now be electronically prepared, filed, sorted, stored, and archived without leaving the comfort of one’s chair.
Furthermore, data can be managed with a precision and efficiency not possible under the previous manual system of data management. Computers are able to sort and group data and perform complex calculations at a rate and with a degree of accuracy never before possible, which means that customer lists and preferences, information about competitors, financial, and performance indicators may be generated in a matter of seconds. In addition, the advent of e-mail and the internet has made it possible to disseminate this information almost instantaneously.
More sophisticated hardware at lower prices, the increased user-friendliness of software, and higher computer literacy in many developed countries have all contributed to an increased use by corporations of computer information systems. Furthermore, the use of IT to manage information flows and the resulting potential to increase the capacity and efficiency of data storage, processing, and dissemination has altered the significance of information for corporations.
In other words, information is not only an invaluable resource for wealth generation but, in many instances, has itself become an asset. As such, it must be protected through a system of internal controls. Care must be taken to select the most effective and efficient methods of storing, managing, and utilising available information. Where the information stored is proprietary in nature (such as client lists, and trade secrets), there is a need to protect it from being stolen or used unlawfully. Steps must also be taken to guard against its destruction.
Abuse may also arise where information is utilized in a manner that invades the privacy of clients, trading partners, and employees. These issues were important even prior to the IT revolution. However, they have now taken on an additional perspective because of the increased use of IT in information management. This, in turn, has had a direct impact on the duties of directors, the responsibilities of auditors, the interests of investors, and the role of regulators in establishing and maintaining satisfactory corporate governance practices. . Directors Duties In this day and age, it is difficult to imagine any major corporation that does not rely in one way or another on computers for its information needs and this has forced corporate management to place much emphasis on IT related investments such as computer hardware, software, and personnel. However, expenses of this nature must be justifiable and in the long run must result in revenue generation for the company. To make effective decisions, directors need information to be passed on to them accurately and speedily.
Thus, the potential IT offers in terms of efficient and effective information management should not be ignored by the prudent director. Nevertheless, this growing dependence on IT has raised several issues that those self-same directors should consider in the performance of their duties. 3. Duty of Care While it is extremely tempting to jump onto the bandwagon, directors must first understand the benefits and pitfalls of using IT to store information. One can hardly dispute that it is much easier to compile and generate nformation stored in a computer. The manual compilation and monitoring of data changes used to take a considerable amount of time and effort for large companies, but may now be accomplished by a few clicks of a mouse. Copying and transporting such information no longer requires reams of paper but may be done using a single floppy disk, and e-mail facilities ensure it is just as easy to disseminate this information to hundreds more people. There are however, corresponding risks and disadvantages associated with managing electronic information.
First, the increased ease of compiling, copying, and transferring information means that information may in turn be easily misused or stolen. Questions of system security for the purpose of maintaining secrecy and confidentiality dominate many discussions in the IT field. Second, aside from being physically destroyed, information stored in computers may be corrupted because of computer viruses, or accidentally deleted, or become irretrievable due to system problems.
Finally, computers are increasingly being used to perform more critical functions. From the factory assembly line to the launching and control of satellites, growing dependence is being placed on the information systems installed to discharge a corporation’s operations. Consequently, any computer error or system breakdown may prove extremely costly to the company. It is therefore important for managers to be clear about the risks associated with IT.
Indeed, directors have a duty to ensure such risks are minimized by introducing the proper checks and procedures. Back-up systems and safety devices must also be introduced to ensure that, should a system failure occur, the company will not suffer significant losses. While there have been numerous suits against directors for failing to monitor the financial position of companies adequately, a similar focus on directors failure to monitor IT systems and procedures has yet to arise.
As companies continue to rely on IT, it is envisaged that the scope of a director’s duty of care vis-a-vis the use of IT, its risks and consequences, will soon be a common feature in the courts because just as a director’s ability to assess and handle the financial aspects of a company’s business has become a matter of immense importance, company directors should attain a correspondingly greater understanding of IT processes and be able to appreciate the risks involved in its use. 4. Determination and span of Control As ownership of corporate wealth becomes increasingly dispersed, control and ownership also diverges.
In addition, control of the corporations that generate and distribute this wealth is also beginning to lie in fewer hands. This results in the need to monitor the activities of those in control to ensure that they act, not in their own interests, but for the benefit of the owners of the company (ie the general body of shareholders). In order to do this, one must first be able to determine who controls the company and how this control is achieved. It is also necessary to monitor their interests in other companies to keep an eye on potential conflicts of interests.
It is therefore important to be able to trace and track ownership of interests in corporations. Many individuals and families today maintain control over large conglomerates through pyramiding. This involves the use of multiple layers of companies whereby those on the upper levels hold a majority or controlling stake in companies on the lower levels. Through such devices, parties can legally control companies at the lowest levels while actually owning only a fraction of their shares. Being able to trace ownership is necessary to hold controllers accountable to other interest holders of the company.
It is also vital for the purposes of determining shadow directorships and breaches of fiduciary obligations (eg where it is alleged that directors are or have acted in conflict of interest). Accurate tracking of changes in ownership is also essential because it assists not only in alerting investors to shifts in the balance of power of companies but it also helps to guard against insider trading. In addition, management may use such information to alert themselves to any possible hostile take-over attempts. Company law provides the mechanisms for tracing and tracking ownership through the maintenance of registers.
Companies are required to maintain a register of shareholders and, where listed, are required to maintain a register of substantial shareholders. A register of directors interests is also kept to make available information about the various interests directors may have in the company. While this does assist in pinpointing the major controllers of a company, the task is made doubly difficult when one attempts to trace the ownership of large groups of companies or where there is a high degree of cross share-holdings. These difficulties will be compounded by the fact that one will have to seek such nformation from a variety of offices thereby making the process tedious and time-consuming. 5. Company Affairs and Operation Changes in the way information is managed will inevitably result in changes in the way that information is collated and presented. Computer systems may be set up to capture information at the point of transaction and transmit it directly to a centralized database for storage and processing. Bar code devices, electronic data interchanges, and internet transactions are increasingly being used by companies in their business processes.
In addition, the availability of computer programmes that can automatically generate relevant financial information and compute key ratios instantaneously enables a closer monitoring of a company’s financial position. In a properly designed system, directors can access financial information on-line from literally anywhere. Because technology enables directors to achieve a higher standard of care and diligence, it therefore follows that the absence or unavailability of information will become less acceptable excuses for directors who fail to detect discrepancies in financial statements.
More specifically, directors are now in a better position to determine the company’s degree of solvency to guard against insolvent or wrongful trading. Likewise, rescue operations may be initiated earlier for the benefit of the company . Another implication of advances in this field is the potential effect on the proposition that directors are not required to give continuous attention to the conduct of the company’s affairs.
The time taken for a director to collect, digest, collate, and analyze information decades ago and in particular in 1925 when the proposition was first propounded is vastly different to the time taken to do the same jobs using today’s technology. Today board meetings may be conducted by video conferencing; information can be faxed, e-mailed, or otherwise electronically transmitted. Similarly, the internet may be used to give directors access to relevant information regardless of where they are. Charts may be prepared and altered to simulate changes, and presented almost instantaneously.
Because of these increased capabilities, directors may achieve an acceptable degree of continuous supervision without spending an excessive amount of time in the office. It will therefore be much more difficult for directors to justify non-attendance at meetings and a completely hands-off approach to corporate affairs. 6. Disclosure One of the key controls associated with good corporate governance and management practice is the prompt and accurate disclosure of information. There has been a growing realization that corporate reporting is likely to shift from being regulation-led to being market and stakeholder led.
The availability of new and more efficient methods of managing information has an impact on this too. Improvements in information management brought about by IT make the collecting and collating of information a much speedier process. This has enabled quicker disclosure, thus reducing the time gap between the time management receives the information and the time it is disclosed to the public. In recent years, there has also been a growing trend for companies to contact and communicate directly with their shareholders instead of going through brokers.
The ability to provide up-to date information directly to shareholders through the internet will empower investors to inquire into specific areas of the company’s operations. At the same time, it provides the company with the means to explain investment decisions and policies directly to shareholders as and when these take place, potentially leading to improved governance and accountability. Another profound effect of the IT revolution concerns the breaking down of geographical boundaries. This pushes countries to review national laws and regulations and may even force companies to meet global standards of disclosure and performance.
Generally speaking, the effect of these developments will probably be to hasten a review of the disclosure policies and practices of stock exchanges and companies throughout the world. The use of IT in information management therefore sets the scene for the introduction of higher standards of disclosure. Giving investors access to relevant information as frequently and quickly as possible permits them to make better-informed decisions and allows them to voice their views on corporate performance more effectively.
There is nothing, in fact, to stop companies from adopting a disclosure policy that provides financial information other than just their annual reports (such as monthly balance sheets and profit and loss accounts), or any other relevant information, over the internet. The use of real time technology can even provide information on transactions as and when they take place. The argument that the cost of such an exercise would be disproportionate to the benefits no longer holds water.
Many companies already have in place computerized accounting systems capable of providing such information which may even be customized to suit the needs of the relevant stakeholder. Reporting may be done on a continuous basis rather than periodically. The potential that IT affords may well change the process and purpose of corporate reporting into a new and ever-evolving creature. 7. Changes in Auditing function The role of an auditor in corporate governance is essentially to provide an independent opinion on the integrity of the financial information provided by management to a company’s owners.
Because information is now being stored differently, auditors must adapt to these changes to properly perform their roles. It is necessary to control and audit the use of computers in capturing and storing information for a variety of reasons. These include the costs associated with data loss, misinformation, and computer error highlighted earlier, and the potentially costly consequences that may follow such errors. The changes in the storage and use of data have resulted in the need for auditors to perform audits on the computer systems installed for this purpose.
It is necessary to ensure that information, as an asset, is properly safeguarded. Data must be properly captured and be complete and accurate. One must also ensure that the computer system employed is both effective and efficient in the management of data. For example, under the International Standards on Auditing (ISA) 15, auditors must consider how a computer information systems (CIS) environment will affect their audit. This is necessary because a CIS environment may have an impact on the procedures that auditors should adopt to obtain a sufficient understanding of the accounting and internal control mechanisms of the company.
It will also have implications on the risk assessment considerations that auditors should consider and the design and performance of audit tests. 8. Centralisation of Operations With the increased efficiency with which information may be managed, a similar system of central data management may be implemented as regards other aspects of corporate operations. Thus, information pertaining to transactions involving directors, related party transactions, preferences etc may all be tracked and traced. Likewise, a company’s financial performance may also be tracked and made readily available.
This would complement the disclosure regime suggested in the earlier part of this paper. Such a system, if implemented, would make the regulatory authority a one-stop shop for all corporate information for investors, financiers, creditors, financial analysts and advisors, as well as the company itself. It would also place the regulators in a better stead to conduct inspections and investigations into the affairs of companies where called for. It is also possible for regulators in different jurisdictions to share information, thus setting the stage for trans-border regulatory systems.
Problems of Information Technology in Corporate Governance There are significant hurdles to the implementation of Corporate Governance with latest advancement of Information Technology. 1. Cost implicaton First, there is the question of cost. The potential beneficiaries of improved corporate governance standards are the companies themselves, those who have an interest in the performance of the company. One must weigh the economic and social cost of setting up such a network and at the same time, determine how this price tag should be borne by the various interested parties.
However, as IT continues to get gradually cheaper and more companies embrace its use, cost will doubtless become less of a concern. 2. Standardiztion of Information Technology protocols Second, all parties must agree on the appropriate IT protocols and standards to adopt. Over the years, individual companies may have developed their own standards according to their specific internal IT needs. 3. Network Security Risks There is also the issue of exposing companies to security risks whilst participating in an open information network.
However, much has been done in terms of the design of tools and systems to minimize the incidence of computer hacking and interference with data. These include computer programs designed to protect web sites and to detect unauthorized interference with or entry into designated computer information systems, and legislation imposing severe penalties for such unlawful action. This concern is also likely to weigh less on the minds of IT users as knowledge of these new technologies becomes more widespread and users understand the extent to which security risks may be controlled. 4. Loss of Privacy
Finally, an issue attracting much debate relates to fears of loss of privacy. Exactly how much information should be provided? Will the availability of information increase vulnerability to takeovers or unnecessarily expose companies’ weaknesses to competitors? How does one achieve a balance between protecting public investors and preserving the privacy of major shareholders and individual directors? While there have been calls for developing markets to move towards a more disclosure based regime, these concerns must be addressed in any attempt to encourage or compel companies to support and adhere to such a regime. . 0 FINANCIAL REPORTING Financial statements have been created on paper for hundreds of years and its objective is to provide information about the financial position, performance and changes in financial position of an enterprise that is useful to a wide range of users in making economic decisions. Financial statements should be understandable, relevant, reliable and comparable. Financial statements are intended to be understandable by readers who have “a reasonable knowledge of business and economic activities and accounting and who are willing to study the information diligently.
Financial statements may be used by users for different purposes: However growth of the Web has seen more and more financial statements created in an electronic form which is exchangable over the Web. Common forms of electronic financial statements are PDF and HTML. Although these types of electronic financial statements have their drawbacks in that it still takes a human to read the information in order to reuse the information contained in a financial statement, it has entirely revolutionised the way financial Information is being communicated and transmitted. More recently a market riven global standard, XBRL (Extensible Business Reporting Language), which can be used for creating financial statements in a structured and computer readable format, has become more popular as a format for creating financial statements. Many regulators around the world such as the U. S. Securities and Exchange Commission have mandated XBRL for the submission of financial information. The UN/CEFACT created, with respect to Generally Accepted Accounting Principles, (GAAP), internal or external financial reporting XML messages to be used between enterprises and their partners, such as private interested parties (e. . bank) and public collecting bodies (e. g. taxation autorities). Many regulators use such messages to collect financial and economic information. Information technology (IT) has created significant benefits for Financial Reporting. IT networks and computer systems have shortened the lead time needed by accountants to prepare and present financial information to management and stakeholders. Not only has IT shortened the lead time required to present financial information, but it also has improved the overall efficiency and accuracy of the information.
Electronic data recording and management The most significant impact IT has made on accounting is the ability of companies to develop and use computerized systems to track and record financial transactions. Paper ledgers, manual spreadsheets and hand-written financial statements have all been translated into computer systems that can quickly present individual transactions into financial reports. Most of the popular accounting systems can also be tailored to specific industries or companies.
This allows companies to create individual reports quickly and easily for management decision making. Additionally, changes can be made relatively easy to reflect any economic changes in business operations. Improved Accuracy Most computerized accounting systems have internal check and balance measures to ensure that all transactions and accounts are properly balanced before financial statements are prepared. Computerized systems will also not allow journal entries to be out of balance when posting, ensuring that individual transactions are properly recorded.
Accuracy is also improved by limiting the number of accountants that have access to financial information. Less access by accountants ensures that financial information is adjusted only by qualified supervisors. Increased Functionality Computerized accounting systems have also improved the functionality of accounting departments by increasing the timeliness of accounting information. By improving the timeliness of financial information, accountants can prepare reports and operations analyses that give management an accurate picture of current operations.
The number of financial reports has also been improved by computerized systems; cash flow statements, departmental profit and loss, and market share reports are now more accessible with computerized systems. Faster Processing Computerized accounting systems allow accountants to process a higher volume of financial information and process it quickly through the accounting system. Quicker processing times for individual transactions has also lessened the amount of time needed to close out each accounting period.
Month- or year-end closing periods can be especially taxing on accounting departments, resulting in longer hours and higher labor expense. Shortening this time period aids companies in cost control, which increases overall company efficiency. Improved External Reporting Reports issued to outside investors and stakeholders have been improved by computerized accounting systems. Improved reporting allows investors to determine if a company is a good investment for growth opportunities and has the potential to be a high-value company.
Companies can utilize these investors for equity financing, which they use for expanding business operations. The Cadbury Committee Report The Cadbury Code is the unofficial name for the first Code of Best Practice on corporate governance, published in 1992. The other codes were produced by the Greenbury and Hampel Committees, and together they form what is known as the Combined Code on Good Governance. The codes lay down rules which the London Stock Exchange requires companies to follow, relating to the conduct of directors, directors’ remuneration, relations with shareholders, and accountability and audit.
Essentially, they are designed to make sure that companies are run in an honest and competent way, and to ensure that shareholders are given reliable and adequate information. The codes were developed by Sir George Adrian Hayhurst Cadbury (born 1929) who is a former British Olympic rower and Chairman of Cadbury and Cadbury Schweppes for 24 years. He has been a pioneer in raising the awareness and stimulating the debate on corporate governance and produced the Cadbury Code, a code of best practice which served as a basis for reform of corporate governance around the world.
According to the Cadbury code of best pratcices, the following were outlined with regards to Financial reporting and Information disclosure 1. It is the Board’s duty to present balanced and understandable assessment of the company’s position. 2. The board should ensure that an objective and professional relationship is maintained with the auditors. 3. The board should establish an audit committee of at least three non-executives with written terms of reference which deal clearly with its authority and duties. 4.
The directors should explain their responsibility for preparing the accounts next to a statement by the auditors about their reporting responsibilities. 5. The directors should report on the effectiveness of the company’s system of internal control. 6. The directors should report that the business is a going concern, with supporting assumptions or qualifications as necessary. 5. 0 CONCLUSION The increased dependence on IT for our information needs is leading us down a path of no return. Undoubtedly, new technology has given life to new business opportunities.
Increased access to information has placed more power in the hands of those parties responsible for the various corporate governance mechanisms of companies. But with power comes responsibility. Scandals have also caused a rapid decline in investor confidence, caused the government to “over-legislate, over–regulate, and over-prosecute,” in most cases yielding little or no result. High standards of corporate governance can only be achieved if parties are able and willing to actively fulfill their respective roles in achieving such standards.
No doubt, advances in IT will continue to alter the significance of information both as a business tool and as an asset and these changes will continually be reflected in the way financial Information is reported. Consequently, corporate governance mechanisms that involve the protection and generation of information must adapt to these changes. As highlighted in this paper, this will have an impact on the role of corporate directors, auditors, investors, and regulators.
It is therefore imperative that these parties familiarize themselves with potential IT applications in their respective corporate governance roles as well as the emerging legal issues and problems that are likely to arise. Companies should therefore continually adopt and develop good Corporate governance structures by availing themselves of available technology. IT can therefore be used as a tool for enhancing good corporate governance and improving transparency by influencing Information disclosure and the process by which financial Information is being prepared in the business world. 6. 0 REFERENCES Arnum, P. V. (2004).
Information technology insights: Cyber security ushers IT into corporate governance practices. Chemical Market Reporter, 265(17), 17-18. Aytes, K. , ;Connolly, T. (2004). Computer security and risky computing practices: A rational choice perspective. Journal of Organizational and End User Computing, 16(3), 22. Bridging the gap between IT and corporate governance (2006) [Electronic version]. Sarbanes-Oxley Compliance Journal. Retrieved October 30, 2006, from http://www. s-ox. com/news/detai l. cfm articleID=1949. Canback, S. (1998). The logic of management consulting. Journal of Management Consulting, 10(2), 3-11. Carlson, L.
W. (September October 2004). Using technology foresight to create business value. Research Technology Management. Carlson, S. (2004). A hard eye on what IT buys [Electronic version]. Chronicle of Higher Education, 50(36), A35-A36. Carr, N. G. (2004). Does IT matter? : Information technology and the corrosion of competitive advantage. Boston: Harvard Business School Press. Clevenson, A. , Guimaraes, T. , ; Yoon, Y. (1998). Exploring expert system success factors for business process reengineering. Journal of Engineering and Technology Management, 15, 179-199. Colwill, C. , Todd, M. , Fielder, G. , ; Natanson, C. 2001). Information assurance. BT Technology Journal, 19(3), 107. Connor, D. (2003). Report: Data warehouse failures commonplace. Network World, 20(3), 24. Corey, D. , Trimmer K. , (2004). Information assurance and security. Journal of Organizational and End User Computing, 16(3), 1. CSI/FBI. (2005). Computer crime and security survey. Retrieved October 20, 2006, from http://www. cpppe. umd. edu/Books tore/Documents/2005CSISurvey. p df. Ezingeard, J. , McFaden, E. , ; Birchall, D. (2005). A model of information assurance