Surprising and disturbing IT-related news crossed my Twitter feed last night: a well-known CIO is being sued for alleged fraud by his former firm. Allegations are that this senior executive received kickbacks from vendors that he helped connect to the company where he served as CIO and vice president.
My purpose here isn’t to comment on this individual case; it’s now in the courts, information is still sketchy about the details, and I feel that people are entitled to a presumption of innocence while the various legal actions run their course. As Forbes columnist Ben Kepes wrote, though, this is “one for the ‘we knew these things happened but tried not to know about it’ department.”
So let’s broaden the topic to the overall issue of CIO ethics and integrity, particularly with respect to financial matters. As I’ve written before, the head of technology for many companies (certainly all the firms I’ve worked for) stands at the rudder of a very large portion of the overall “spend” for that company. IT infrastructure and systems spending, taken broadly, is often the second-highest category, after salaries, for total annual outlay for a company. The responsibility involved for the senior IT executive cannot be overstated.
Often when I’ve come into a new CTO/CIO position, I’ve discovered, over the course of the natural “archaeology” that one performs in such a situation, highly questionable business deals cut by my predecessors with outside vendors. I’ve raised my eyebrows and, yes, even occasionally shouted a bit at the incomprehensibility of various vendor arrangements I’ve inherited.
A combination of Occam’s razor and Hanlon’s razor have usually steered me away from concluding that there were dastardly motives behind these deals, but I can’t deny that sometimes I’ve wondered, given the dollars at stake:
- The $100 million deal with a big-5 consulting firm, placing the consulting firm’s own partners completely in charge of all staffing decisions, with no oversight;
- The software seats purchased for products never installed and never even contemplated for use, with maintenance paid year after year;
Face it: an incredible amount of money is at stake in IT-related matters in most companies. The details behind any specific deal are unfortunately often thorny and arcane, yet they are absolutely vital to a full understanding of the deal. In other words, it can be extremely hard for a non-specialist to vault in and assess what’s real and what isn’t in terms of the match between a given need and purchased solution. It’s a ripe ground for shenanigans, to be sure, and it’s all too easy for a company to shrug and say “this person is a trusted senior employee” and will do the right thing.
I try to remember, of course, most people really are honest, on both sides of the table. Most vendors wouldn’t dream of broaching the kinds of deals that are being described in this current case: even putting aside the issue of core integrity, the risks of such a proposal backfiring on every individual involved and permanently damaging their reputation just can’t be worth it, for anyone.
Equally, I remind myself that I’ve never been approached, as a technology executive, to do anything akin to what the executive in the current case is accused of. That sort of deal has never come up, even obliquely. It may be that I successfully exude whatever aura/attitude is necessary to make vendors realize that there would be no point in even trying (I certainly like to think that’s the case), but I’d prefer instead to ascribe it to people’s core honesty.
But what happens when a less-than-full-integrity executive encounters a firm with similarly low ethics: a situation where greed can evoke various sorts of bad behavior? The problem here is that there are few approaches and practices in place at many companies that would prevent and/or detect these blatant conflicts of interest.
Here are some common-sense, fairly obvious measures for any company:
- Pair your head technology executive with your head legal officer for any substantive deal.
- Put checks and balances in place throughout the organization that will make sure that no one individual is alone responsible for any deal or any specific vendor relationship.
- Google “executive code of conduct”. Establish one based on the models you find. Ensure that it’s signed by anyone in a position of fiduciary responsibility.
- Familiarize everyone in the company with that code of conduct and with the expectation that it will be followed to the letter. Create a culture where any action designed to line an individual’s pockets as a result of their corporate role is not just unacceptable, but actually unimaginable, unthinkable.
- See the part in that code of conduct about avoiding even any appearance of impropriety? Hammer that point home with your entire employee base.
- Model good behavior, from the CEO on down. How many days a week do you have lunch with a vendor? Play golf? Etc.
- Work on avoiding the “rubber stamp syndrome” that I’ve written about before. Scrutinize all currently operative deals regularly, in other words.
- And finally, although this may sound harsh: if there’s a breach of the code of conduct, go after it, full-bore: this means a solid and transparent investigation of the circumstances, employee dismissal if confirmed, law suits, filing of criminal charges where appropriate. Show that there are consequences.
Nothing about the above seems remotely controversial. These sorts of breaches can perhaps more easily happen in smaller companies with less stringent governance mechanisms, yet we hear about them in large and established companies as well. It would seem that companies aren’t doing the basics, in many cases.
I hesitate to “blame the victim” in any crime of this nature, however, and I know nothing about the degree to which the company experiencing the fraud in the current case in the news did or did not implement any of these suggestions. These points are certainly not a foolproof recipe to avoid all possibility of misdeeds, but they’re a strong start. Get started.