The loss of investor confidence — wrought by Enron and WorldCom-like lapses in corporate governance — has ushered in a new era in the history of business. Good corporate governance and ethical business practices are no longer optional niceties — they are becoming the law. With the future of the capital markets — a pillar of the economy — at stake, the need to link sound corporate governance with effective internal control has never been greater. This is compelling corporate India to undertake fundamental changes in the way it runs its business.

One of CII's objectives is to assist corporate India in becoming a global leader — anticipating changes and transforming threats into opportunities. Accordingly, CII has been at the forefront of good corporate governance initiatives in India, having published the Desirable Code of Corporate Governance in 1998. This pioneering and path-breaking effort of CII was carried forward by initiatives of SEBI and the Government.

Role of IT in Corporate Governance
Though corporate governance initiatives, including Article 49 of SEBI, focus on the need to have robust internal controls to ensure integrity of financial reporting, little attention has been paid specifically to the role of information technology (IT) in the financial reporting process. This is unfortunate, given that the integrity of financial reporting is, at most companies, heavily dependent on a well-controlled IT environment.

In today's environment, financial reporting processes are driven by IT systems. Such systems, whether ERP or otherwise, are deeply integrated in the initiation, recording, processing and reporting of financial transactions. As such, they are inextricably linked with the overall financial reporting process.

Further, organisations will have to ensure that their IT security environment (general controls and application controls) provides adequate assurance on the reliability and availability of IT systems to support accurate and timely financial reporting.

Accordingly, there is an urgent need for managing IT risks to support good corporate governance.

Information Risk Management
Indian companies have to gear themselves to meet the increasingly demanding standards of international disclosures and corporate governance, and information security has come to play a pivotal role in getting there.

It no longer suffices for companies to ensure that their IT investment delivers value as a business enabler — the board of directors is liable to ensure that the investment encompasses what it would take to mitigate the risks that may arise from its deployment. Today, information assets need to be protected with the same level of commitment and vigilance that the management devotes to financial supervision and overall enterprise governance. There is an urgent need for BPO-India to be perceived as a 'trusted sourcing destination'.

The ET-CIO 2004 Survey highlighted that 83% of the Indian companies surveyed believed that IT contributed significantly to their business, and over half of this group expressed an extremely high level of satisfaction on their spending on IT security, which was at the top, next only to ERP.

Clearly, IT security is becoming top priority for Indian corporates, and not a moment too soon. Security breaches could be devastating to an enterprise, impacting business operations, corporate reputation, and customer and shareholder trust. The criticality of having the best, in terms of employing people and deploying technology cannot be over emphasised.

CII Information Risk Management Service
CII's Information Risk Management Service will deliver information security advisory, training and consultancy to the Industry.