Photograph by Chris Callis |
It wasn’t so very long ago, and it wasn’t in a land very far away, that the professional life of the average chief financial officer was akin to a fairy tale — a fable we might call “Jack and the Bean Counter.” In those days, a company’s chief executive (that would be Jack) could count on steady incremental growth coming from predictable sources. His CFO (that’s the bean counter) helped tally and report the revenues and profits.
As in most folk stories, a big, stomping giant showed up — several, in fact. The Sarbanes-Oxley Act, globalization, and the information technology revolution, to name three behemoths, have changed the face of the modern corporation. Beset by complexity; confronted by disruptive innovations from outside the conventional value chain; challenged by fickle shareholders, national and transnational regulatory bodies, and capital markets in a constant state of upheaval, the contemporary company is no fairy tale. The CEO is no longer a carefree Jack.
And the CFO, needless to say, is no bean counter.
Few business roles have changed as dramatically during the last generation as that of the chief financial officer. The classic model — the CFO as chief accountant and technical expert focused narrowly on the firm’s financial statements and capital structure — has been passé for a decade or more. The CFO has long since operated as more of a business partner with the CEO, closely involved in designing and overseeing strategy, operations, and performance.
Over the last few years, however, the pace of that evolution has accelerated sharply. Firms are eliminating the position of chief operating officer; a study of 300 publicly traded U.S. companies, published by the National Bureau of Economic Research, found that 20 percent abolished the COO position between 1986 and 1999. As more business unit general managers report directly to the chief executive, many of the COO’s managerial duties are being reassigned to the CFO, who also increasingly finds himself or herself a vital part of the corporation’s leadership team, with such a profound combination of staff responsibilities — and even line responsibilities — that the title “chief financial officer” seriously understates the actual position. No longer mere business partners, leading CFOs have become active, innovative, and independent transformation agents.
“When most people think about a chief financial officer, they’re still thinking about your father’s CFO — an accounting role, maybe expanded to tax and treasury,” said David L. Shedlarz, the chief financial officer of Pfizer Inc., one of 17 CFOs of leading global corporations we interviewed for this new, cross-industry study of the evolution of the chief financial officer role. “When you take a look at a CFO’s responsibility today, you also have operations planning and analysis, information technology, strategic planning, and M&A. As a member of the senior management team, you have to be able to take off your technical hat when you walk in the room.
“Chief accountant is very important,” Mr. Shedlarz added. “But you’ve got to be a lot more than a chief accountant as a CFO.”
A Public Voice |
The interviews we conducted during the summer of 2004 with the senior financial officers of Pfizer, FedEx Express, Johnson & Johnson, BASF, Procter & Gamble, Deutsche Telekom, and 11 other U.S. and European companies, have been published in the book CFO Thought Leaders: Advancing the Frontiers of Finance (to order a copy, click here). The conversations revealed that CFOs of leading global corporations spend half or more of their time on activities outside the traditional boundaries of the position. Far from being overwhelmed by Sarbanes-Oxley and the intensifying scrutiny of corporate governance and compliance, they are playing jujitsu with the new regulatory and shareholder attention, using it both to strengthen internal reporting systems and to align them with company strategy.
Indeed, today’s CFOs see themselves as strategic activists. “The growth agenda is of equal or even greater importance” compared with solid cost management, Johnson & Johnson CFO Robert J. Darretta Jr. told us.
Our study shows that, to a large extent, chief financial officers are now viewed by their chief executives as CEOs’ primary aides in driving company-wide transformation efforts. Although this development has occurred over a period of a decade or more, we observed at least eight trends that underscore how profound that evolution has been:
• CFOs are more closely engaged than ever in designing, adapting, and implementing their organizations’ business models. “I am involved in all important operational and strategic group planning decisions,” said Karl-Gerhard Eick, who is both CFO and deputy CEO of Deutsche Telekom, the German telecommunications company.
• With capital markets now as global as companies, CFOs increasingly take lead roles in tying their firms’ business strategies more closely to models of shareholder value. “We have had to spread this culture of how to create value, how to get the best return on assets, throughout the company,” said Renault CFO Thierry Moulonguet, a member of the multinational management team that helped revive the Japanese automaker Nissan.
• To ensure strategic alignment, finance chiefs find themselves serving additionally as “chief metrics officers.” Robert L. Lumpkins, CFO of the food and agriculture giant Cargill, said, “Measurement drives behavior, and we need to know that we’re getting the behavior that we want and that people are focusing on the right things. That’s part of the job of the CFO.”
• Chief financial officers say their role includes more and more performance management, as they work toward the goal of securing what Robert J. Dellinger, CFO of the telecommunications company Sprint, called the “execution premium” accorded by shareholders to top performers.
• CFOs increasingly are taking line management responsibility in operating businesses. For example, in addition to overseeing the finance organization, Caterpillar Group President Douglas Oberhelman manages the Peoria, Illinois, manufacturer’s diesel engine business.
• The ability to communicate to various internal and external constituencies is now a critical competency for chief financial officers. The CFO “should be half accountant and half strategist and, to an increasing degree, an efficient communicator in both roles,” said Siegfried Luther, finance chief at Bertelsmann AG, the German media firm.
• CFOs are consumed with creating finance organizations stocked with men and women proficient in nontraditional skills, including experience in operations, in addition to traditional finance experience and acumen. “I encourage people within finance to leave the division and work elsewhere in the company,” said Cathy Ross, CFO of FedEx Express, the largest division of Memphis-based FedEx Corporation. “It helps the company, and it broadens the individual.”
• Finally, with senior managers and boards of directors taking a more expansive view of risk, chief financial officers are overseeing the increasingly tight linkage of risk management to the firm’s strategic agenda. “A more appropriate notion of value creation — post-9/11, post-Enron, post-WorldCom, post-Tyco, and so on — starts with the realization that risk matters as much as return does,” said Thomas A. Fanning, the CFO of Southern Company, the U.S.’s second-largest electric utility by market capitalization.
Perhaps the greatest transformation in the CFO role, however, is a transcendent one. As Pfizer’s Mr. Shedlarz put it: “People are asking the CFO, as well as the rest of the management team, to act as change agents.”
New Dynamism
Certainly, the chief financial officer position has grown more pressured in recent years. Well more than 10 percent of Fortune 500 CFOs have left their jobs during each of the past two years, according to the executive search firm Spencer Stuart. While some of that attrition may reflect natural transitions, there is abundant evidence that post-Sarbanes-Oxley stresses have contributed to greater turnover than the position experienced in the past.
In a 2004 survey conducted by CFO magazine, fully 68 percent of finance executives said they had experienced more job pressure during the past two years than before. Sixty-three percent said job stress had negatively affected their health.
But beneath what the New York Times has labeled “a steady drip-drip-drip of corporate announcements of CFO departures” is another story: the rising importance of the role within the hierarchy of the average large company, the improved qualifications of the men and women sought for the position, and the consequently enlarged expectations CEOs and directors have for their chief financial officer.
Consider the case of Nissan. Mr. Moulonguet, currently the chief financial officer of Renault, was a member of the management group that Carlos Ghosn brought to Japan in 1999 to turn around Nissan Motor Company. That turnaround team prescribed and applied shock-therapy treatment that combined strong growth targets and strict cost containment. “When we started the process,” Mr. Moulonguet recalled, “financial discipline was something we implemented overnight.” The revival of Nissan by Renault, which now has a 44.4 percent stake in the Japanese automaker, has become a well-recognized case study in successful change management.
The Explicit Strategist |
Another example of nontraditional CFO activism is FedEx. Following the general business slowdown that began in the U.S. in 2001, FedEx devised a transformation program, called I-Service, to realign business processes and improve profitability and staff efficiency in the U.S. organization. In 2003, the company announced two voluntary incentive programs for eligible U.S. salaried staff and management employees, and took other steps to further reconcile expenses with revenues, such as reducing aircraft orders, consolidating facilities, and limiting hiring and discretionary spending. FedEx Express CFO Ms. Ross said the finance organization was deeply involved. “We’re right in the middle of transformation, and often we are driving it, because we have the tools, the resources, and the mandate to look out beyond the here-and-now,” she said.
As the business environment has begun to improve over the last two years, CFOs’ priorities have shifted. At FedEx, with the I-Service reorganization well under way, Ms. Ross said, “I would identify my role more as managing growth: Where is our next growth opportunity coming from and how do we capitalize on that?”
Board of Leaders |
Clayton Daley, the chief financial officer of Procter & Gamble, has experienced a similar reorientation in his role. “I consciously think of myself as wearing two hats,” he told us. “I am responsible for traditional accounting issues: cash flow, capital, and cost structures. But my role is increasingly linked with strategy and operations.”
Value Creators
In years past, most CFOs of large companies completed a successful transition from being stewards of value preservation to being business partners in value creation. Today, the increasingly determined focus on creating shareholder value is yet another prompt that encourages a chief financial officer to elevate his or her identity from reporter to executor.
Construction and mining equipment manufacturer Caterpillar initiated a new style of management reporting last year. Called Transparent Financial Reporting, it aligns the company’s internal management reporting system closely with shareholders’ returns. “It’s much more ‘live’ in terms of what’s actually happening as a shareholder would see it,” said Mr. Oberhelman, the group president of Caterpillar with oversight of the finance operation.
Another Caterpillar initiative matches the objectives and financial rewards of each of the company’s business units with shareholder value creation. One of the goals at Caterpillar, whose industry and business have always been cyclical, has been to remain profitable at the bottom of the cycle, and “attractively profitable” at the top. From now on, the goal is to ensure that the next cycle’s bottom is higher than the last one’s. By ensuring that the internal reporting and the business units’ common goals correspond to the shareholders’ rewards, said Mr. Oberhelman, “We have a real running chance to better our game all the way through.”
Rock the Boat |
Procter & Gamble uses a model of shareholder value called Total Shareholder Return (TSR) as a strategic tool and as a method for evaluating management performance and calculating bonus payments. The performance model has become institutionalized, said Mr. Daley. “You could walk into any general manager’s office in this company and ask somebody about TSR and they could tell you what it is and how they think about it,” he said. Mr. Daley credited this focus on shareholder value as a major reason that capital spending as a percentage of sales has declined at P&G from 6 percent to 4 percent. “I never thought I’d live long enough to see this company’s capital spending go below 4 percent of sales,” said Mr. Daley, who joined Procter & Gamble in 1974. “TSR has been an enabler to get the line management focused not just on the income statement, but on the balance sheet and operating cash.”
CFOs uniformly rank talent identification and organizational development as two of their top agenda areas. Mr. Darretta, CFO at Johnson & Johnson, for example, considers “people development” his No. 1 focus. J&J’s businesses in consumer products, pharmaceuticals, and medical devices and diagnostics include more than 200 operating companies, each with its own chief financial officer. Mr. Darretta himself and Johnson & Johnson as an organization put enormous time and effort into the process of selecting these individuals, beginning with college recruitment.
Business Influence |
New hires at J&J go through a two-year finance leadership program, culminating in an elaborate, formal process intended to identify future CFOs. Among the attributes sought are a focus on customers, understanding of the marketplace, an aptitude for teamwork, innovativeness, and the ability to be a positive change agent. “What we do over the course of their career development is to make sure it’s the business first, the finance function second,” said Mr. Darretta.
Other CFOs also expressed a preference — in many cases, an insistence — that up-and-coming finance executives spend time working with their companies’ business operating units. Kurt Bock, CFO of BASF, the world’s largest chemical company, based in Ludwigshafen, Germany, noted that it’s not enough for a senior executive to have expertise in a specific field such as finance.
“At some point, you have to try to broaden people,” said Dr. Bock. “That development process helps us identify our future leaders. Who is capable of becoming an entrepreneurial managing director, and who will be successful leading a business-enabling function? That’s the way we develop people in finance. After five, six years in a staff function, we try to move them out into a completely different area of responsibility, very often including an international appointment.”
Evolving Risks
Risk management is looming ever larger on most companies’ — and most CFOs’ — agendas. Certainly, the Sarbanes-Oxley legislation in the United States, which strengthened regulatory oversight of compliance, control, and governance programs, and increased the need for strict attention to P&L, balance sheet, and capital structure, has contributed to risk management’s higher profile.
“If you talk to a CFO of a publicly traded company who doesn’t have Sarbanes-Oxley as one of their top five agenda items, there’s either a problem or they’re about to go private,” said Dianne Neal, chief financial officer of Reynolds American Inc., the company formed in July 2004 by the combination of R.J. Reynolds Tobacco Company and the U.S. operations of Brown & Williamson Tobacco Corporation.
Yet overwhelmingly, the CFOs to whom we spoke said that Sarbanes-Oxley (SOX, in finance-speak) has been a less important factor in the evolution of the definition and control of risk than has the pace of change, driven by globalization and technology.
Cargill, for example, has long had a reputation for sophisticated risk management. “This is a core capability of Cargill,” said Mr. Lumpkins. “It’s a part of the mind-set of the company.” But the changing nature of the Minneapolis-based food and agriculture firm’s business, especially its rapid international growth, is compelling managers to think about risk in a wider context. Although Cargill has been a global business for decades, in just the past few years vast new areas in Eastern Europe and Asia that were once fenced off to U.S. companies have opened up. Today Cargill is operating in Romania, the Ukraine, and China, and further geographical expansion is envisioned. Increasing globalization, Mr. Lumpkins said, has brought with it increased attention to both risk assessment and compliance issues.
Continuous Improvement |
Cargill created an independent risk management function in 1999 in the wake of the Russian debt defaults, and its scope has increased since then, as has investment in risk assessment technology. The company now has a group of analysts and former traders who report to the treasurer, separate committees dealing specifically with commodity and financial risks, and a global risk management oversight function.
For other companies, managing risk is a central component in delivering shareholder value. Mr. Fanning, the CFO of Southern Company, which provides electricity throughout the southeastern United States, pointed out that a traditional way to look at shareholder value creation “would center on delivering net income, earnings per share, or return on equity.” But in the energy industry, whose colossal risks range from the uncertain future of nuclear power to the effects of potential environmental regulations, risk and return cannot easily be divorced.
“In 2003, we saw all kinds of indications that interest rates were going to go up,” said Mr. Fanning, to illustrate Southern Company’s risk management process at work. “That is generally a bad signal for utility stocks, which tend to be yield-oriented investments.” Southern Company acted quickly, prefinancing five years’ worth of equity, taking the company’s equity ratio from 38 percent to 41 percent by the end of the year, and reducing short-term debt from more than 10 percent of debt capital to about 5 percent. At the same time, Southern Company increased the average life of the long-term securities it sold, from eight years in 2002 to 23 years in 2004.
Nearly all the CFOs with whom we spoke felt similarly about the challenges of keeping pace with the increased complexity that accompanies growth. And they pointed out, as well, that technological advances have contributed to complexity even as they have revolutionized information technology and business processes.
At Pfizer, for example, revenues have more than tripled and the head count has more than doubled over the last five years, because of a combination of core growth and acquisitions. The result, said Mr. Shedlarz, has been “an exponential increase in complexity.”
Evolution of Risk |
The rapid advances in information technology for business processes present a quandary for CFOs, said Caterpillar’s Mr. Oberhelman. “That to me is the part of the accounting and financial operations function that really is our single biggest challenge,” he said. “How do I make sure we get good management reporting back to our divisions to give them all the tools they need to take advantage of all the things they can take advantage of today? Few companies can take advantage of all the technology that’s available today without significant cost and change. How do we balance that?”
Raising the Bar
It should be clear that the bar has been raised substantially for the CFO. But although the challenges are large, the potential rewards are even more substantial, for individuals and for their organization. In an environment in which investors demand sustainable growth, precise forecasts, and earnings reliability, executives who can help their companies achieve these goals quickly become valued players. The old CFO model simply won’t do in this era. Only the transformational CFO can meet the requirements of the modern corporation.
Fortunately, the CFO is well positioned to play this more dynamic role. As the interviews in this book make clear, the traditional tasks give the chief financial officer a unique vantage point from which to address the new challenges. A view of the organization from 30,000 feet above ground provides the CFO with an enterprise-wide perspective; indeed, good chief financial officers seem to have an innate ability to understand what makes each business in the portfolio tick. In addition, the CFO’s traditional responsibilities in accounting and compliance give a tremendous amount of independence and objectivity to the position.
The CFO has only one core constituency: the shareholder. This fact, combined with the trusting relationships CFOs develop with senior business executives, allows the CFO to move seamlessly into a more transformational role. That role, we discovered, is no fairy tale, but the new reality for chief financial officers around the world.
Vol. 7, October 1, 2004
By Sally Chan, CMA, ACIS, PADM
RBC Financial Group
Two control frameworks have been widely adopted by public companies subject to the requirements of the U.S. Sarbanes-Oxley Act of 2002: the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control — Integrated Framework, released in 1992, and the IT Governance Institute's Control Objectives for Information and Related Technology (CobiT). Although the U.S. Securities and Exchange Commission (SEC) suggests that public companies consider the control components of COSO when seeking Sarbanes-Oxley compliance, neither the SEC nor the U.S. Public Company Accounting Oversight Board has openly endorsed a specific information technology control framework. Interestingly, as companies subject to the act's requirements get closer to first-year certification, more practical questions are being raised about the relationship and alignment between the COSO internal control framework and CobiT objectives.
UNDERLYING CONCEPTS AND CONTROL OBJECTIVES
COSO internal control framework states that internal control is a process — established by an entity's board of directors, management, and other personnel — designed to provide reasonable assurance regarding the achievement of stated objectives. CobiT approaches IT control by looking at information — not just financial information — that is needed to support business requirements and the associated IT resources and processes.
COSO control objectives cover effectiveness, efficiency of operations, reliable financial reporting, and compliance with laws and regulations. Its primary role is fiduciary. On the other hand, while the IT Governance Institute — which is affiliated with the Information Systems Audit and Control Association — acknowledges and makes explicit reference to COSO's fiduciary role, it extends CobiT's role to cover quality and security requirements in seven overlapping categories: effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability of information. These categories form the foundation of CobiT's 34 control objectives within its four domains: planning and organization, acquisition and implementation, delivery and support, and monitoring.
COSO and CobiT cater to different audiences. While COSO's target audience is management at large, CobiT is intended for management, users, and auditors (mostly IT auditors). Both COSO and CobiT view control as an entitywide process, but CobiT specifically focuses on IT controls. This distinction in effect defines and determines to a large extent the scope of each control framework.
Because of these differences, auditors should not expect a one-to-one relationship between the five COSO control components and the four CobiT objective domains. The purpose of the following high-level mapping is to give auditors a COSO point of reference when discussing the role of technology in the assessment of internal controls for financial reporting. Auditors can then select the relevant CobiT control objectives for Sarbanes-Oxley under the four domains when mapped to the COSO internal control framework.
AN ALTERNATIVE MAP
Below is an alternative view of the COSO-CobiT mapping depicted in the IT Governance Institute's document IT Control Objectives for Sarbanes-Oxley [PDF], which was released earlier this year. That document presents the relationships between COSO, CobiT, and Sarbanes-Oxley Sections 302 and 404 as horizontal layers of a three-dimensional cube. In reality, the nature and extent of this tripartite relationship is neither equal nor direct — processes take place in a continuum. Mapping CobiT to COSO's internal control framework can only capture a high concentration of the associated processes.
COSO Internal Control Components | CobiT Domains With sample control objectives relevant to Sarbanes-Oxley. |
1. Control Environment |
Planning and Organization (PO):
|
2. Risk Assessment
|
Planning and Organization (PO):
|
3. Control Activities |
Acquisition and Implementation (AI):
Delivery and Support (DS):
|
4. Information and Communication
|
Planning and Organization (PO):
|
5. Monitoring |
Monitoring (M):
|
The fact that CobiT does not map 100 percent to COSO should not deter auditors from using these existing frameworks alongside each other. Organizations can treat these frameworks as essential reference material and as a sound basis for formulating their own integrated and customized control framework for Sarbanes-Oxley.
COSO ERM AND COBIT
With the recent release of the COSO Enterprise Risk Management (ERM) — Integrated Framework, which identifies interrelationships between risk and risk management, organizations and auditors should consider whether it is warranted to map CobiT to COSO ERM, as well. COSO ERM takes a broader view of risk that the risk-assessment component contained in the COSO internal control framework. In CobiT, risk assessment is a process — not a distinct and separate domain — therefore, it may be more appropriate to compare COSO ERM to the IT Governance Institute's Board Briefing on IT Governance. Regardless of the outcome of any comparison, COSO ERM is expected to further expand auditors' focus towards disciplined risk management. As a result, auditors should critically assess whether COSO and CobiT provide sufficient risk coverage as stand-alone control frameworks for the 21st century auditor.
Even before the final COSO ERM recommendations were published, there was already an increased sensitivity and a growing trend towards addressing risk issues upfront as a condition precedent to control issues at both the entity and activity levels. After all, controls are risk-driven, so understanding risk is a prerequisite to the appreciation and application of control. Understanding the risks in an organization's business environment makes control design more effective and reduces the effort required to remedy control deficiencies in both manual and automated environments. From a Sarbanes-Oxley perspective, the highly publicized significant deficiencies and material weaknesses in internal control reported by external auditors at many companies have added yet another challenging dimension to financial reporting and a new meaning to reputational and compliance risks, according to Compliance Week. There are already emerging views that suggest building ERM on the foundation laid by Sarbanes-Oxley.
USE COBIT SELECTIVELY
Because Sarbanes-Oxley Section 404 is strictly focused on internal controls over financial reporting, any user of CobiT must first determine the relevance of a significant IT process or IT-dependent process by assessing its primary contribution to internal controls over financial reporting rather than to the broad spectrum of IT control processes encompassed by CobiT. One way to ensure that IT is properly anchored to a significant account, business process, or major class of transaction is to critically question the role of IT in risk mitigation and in enhancing the integrity of financial reporting and financial-statement assertions. IT auditors have a new opportunity to add value by evaluating the design and operating effectiveness of automated application controls end-to-end in addressing fraud, yet this scope is not explicit in CobiT.
It is important that auditors select relevant IT control objectives from CobiT when defining their Sarbanes-Oxley scope. IT's unique contribution centers around its ability to enhance the integrity, security, and availability of financial information within those identified business processes, as well as the safeguarding of assets — especially information assets.
For internal auditors, COSO is the primary Sarbanes-Oxley reference and CobiT a secondary resource, but for IT auditors, understanding COSO is only the beginning. IT auditors should start with COSO and selectively adapt CobiT for Sarbanes-Oxley without excluding other established IT control models such as the ISO/IEC 17799 Code of Practice for Information Security Management, established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). For a broader overview of IT guidance, readers can refer to the IT Governance Institute's research paper CobiT Mapping – Overview of International IT Guidance [PDF], which maps several commonly used IT standards and guidance against the CobiT framework. That publication maps the COSO internal control framework from the vantage point of CobiT in the pre-Sarbanes-Oxley environment.
FOR MORE INFORMATION
Committee of Sponsoring Organizations of the Treadway Commission (COSO), www.coso.org
IT Governance Institute, www.itgi.org
The findings, interpretations, and opinions expressed in the published materials are those of the author of the work only.
Information
Nation:
Seven Keys to Information Management Compliance
Randolph A. Kahn, ESQ. and Barclay T. Blair
AIIM International
Available March 1, 2004
Paperback
Approx. 300 pp.
Click
here to purchase Information Nation.
Read Information Nation's
introduction.
Go to the Information Nation table
of contents.
Send Randy and Barclay feedback
on Information Nation here.
Praise for Information Nation
Book Overview
Information Management has entered a
new era. An era shaped by headline-grabbing business failures and
scandals where information destruction and mismanagement played
a starring role. An era defined by tough new laws and regulations
that threaten to send executives to jail for information mismanagement.
An era where organizations are struggling to control and leverage
an ever-expanding body of business information, while reducing the
bottom line.
How can organizations respond to this new era in a manner that will
promote and protect their business and legal needs? How does the
mantra of corporate accountability and transparency translate to
the real world of tight budgets, fast-paced technological change,
and a constantly-shifting shifting legal and business landscape?
Table of Contents
Forward by Jay Cohen, ESQ. ...xi
Preface by John F. Mancini ...xv
Introduction: Welcome to a New Era of Information Management...1
PART 1 Laying the Foundations of Information
Management Compliance...7
Chapter 1 Why Information Management Matters...9
Chapter 2 Building the Foundation: Defining Records...17
Chapter 3 An Overview of Records Management...31
Chapter 4 Information Management Compliance (IMC)...43
Chapter 5 Achieving IMC: Introduction to the Seven Keys ...57
Chapter 6 Sarbanes-Oxley and IMC...65
PART 2 Seven Keys to Information Management Compliance ...75
Key 1 Good Policies and Procedures...77
Chapter 7 The Purpose of Policies and Procedures...79
Chapter 8 Making Good Policies and Procedures...89
Chapter 9 Information Management Policy Issues...103
Key 2 Executive-Level Program Responsibility...125
Chapter 10 Executive Leadership, Sine Qua Non ...127
Chapter 11 What Executive Responsibility Means ...141
Chapter 12 IT Leadership ...147
Key 3 Proper Delegation of Program
Roles and Components ...163
Chapter 13 Create an Organizational Structure to Support IMC ...165
Chapter 14 A Sample Information Management Organizational Structure...175
Key 4 Program Communication and Training...185
Chapter 15 Essential Elements of Information Management
Communication and Training...187
Key 5 Auditing and Monitoring to
Measure Program Compliance...201
Chapter 16 Use Auditing and Monitoring to Measure IMC ...203
Key 6 Effective and Consistent Program
Enforcement...219
Chapter 17 Addressing Employee Policy Violations...221
Chapter 18 Using Technology to Enforce Policy...23
Key 7 Continuous Program Improvement...239
Chapter 19 The Ongoing Work of...241
Conclusion...259
Notes...261
Index..271
Industry Resources...281
About the Authors...301