Patrick Jolly did a very good research report about the Corporate Governance & the 3 S's namely, Scandal, Security & Strategy. The boardroom has become a much more accountable place; transparency and meritocracy are the order of the day.His conclusions is that the Corporate Governance Require of Changing Atitude & it must be in build with the Strategy of the Business as the whole.
Now let me Sum-up on the Corporate Culture with 4 main Criterions:-
1. Corporate Governance - Management Style & Control; Audits & Refinements
2. Leadership Quality & Renewal
3. People includes their Ethics; Conducts; Mindset-Attitude
4. Re-Action to Change Timely
There are 2 type of people elements here. That is the Management Leadership & the floor level people. Looking into the issue of IBM turn arround Lou Gestner take almost 3 years to get IBM to clean up & implement his so call New Strategies.
Now looking at Michael Dell, in view of the Internet age & the PC Technology shift, if Dell have not realised that he need to change the Strategies & Tactics in Business , Dell could have suffer the same faith like any other PC corporation. Michael Dell have tap the expertist of external executive to turn the business arround. The Just in Time manufacturing which they learn a lesson from the Japanese Toyota. Looking at any PC company today, they no longer be the Original Product Manufacturer.
In fact, today; they are all system integrator. Be it Dell, Sony, HP...etc. Even at the software business, IBM is still the larges Software corporation in the world interm of revenue. IBM no longer produce every single code within their corporation. like those year's. IBM have utilized the services of their ex-employee's as well as 3rd parties.
On the subject of Leadership Quality. At the present time, it more a Celebrity & Money Position, it is totally a wrong concept after all, the excutive search firm's shall shoulder some of the failure responsibily in recommending the canditdate to be on the position of Top Executive Post such as Chairman, President & CEO. The quality of a leader cannot be overlook at all time, In the dynamic change & rapid chnage environment, How could a leadship to be identified & be a situation leader take lead of the change??
As mentioned in my earlier article, a corporation is just like a living human entity.. it have the 4 Noble Truth of existence that is
Birth
Growth
Decay
Death
Therefore, be it the level of leadership or the floor employee, none can escape the truth of the above. So the only way out is the self renewal & self improvement. As the Gotama Buddha ( Means the Perfect One; The Enlighten One) & Confucius said the same thing:
Everyday I Recollect Myself 5 Times.
All in All talking about
Strategies, Tacties,
Risks & Opportunities
Ethics, Conducts
Mindset- Attitude
All these are just a technical term, without the "People", the Rank's & File's all these are just an illusions.
As the Old saying the citizen are the Heaven of the Ruling Emperor. His fellow citizen then have Food as their Heaven. With the current high Bait system, there is no fairness in the reward & compensation. That is the main cause of dis-array. Looking at Kingston Memory as an example, Kingston Senior management have maintence a reasonable acceptance gap between the top mangement & the their employees, the performance bonus award the return to employees in the more fair level to all in term of their compensation.
As Sun Tze said, "An Emperor Make The Mistake, He Shall Receive the Same Punishment With His Fellow People"!! Which Carly Florina have made the mistake by firing her 2 field Generals, before the board moving in to evade her. As a commander in Chief, if she would have adopt the Sun Tze philosophy, even though she may not be in cordial relationship with her board, I am sure she would leave a very good memory behind for her people after all.
In my paper on Creating An Excellence Philips Corporate Culture in 1989-1990, Although I have gone after Philips disbanded my operations. However, my paper the details of the spirits & soul are still living. These can be realized from its recent renewal of their New Corporate Culture Sologan.
Finally is the Reaction to Change & Change Timely for the Longevity of the Corporation.
Changing attitudes towards corporate Governance
by Patrick Jolly
Scandal, security and strategy. These 3 S's are reshaping the corporate governance landscape today.
One only has to mention the name Enron to describe the first. The seriousness of the issue is indicated by the extent to which government has acted to prevent such scandals occurring in the future. Apart from the reform of existing company laws, the UK, for example, initiated the Higgs review of the role of non-executive directors. And the US has gone further than most, no doubt since the Enron scandal took place on its doorstep: Sarbanes-Oxley is the toughest regulatory intervention since the 1930s.
The boardroom has become a much more accountable place; transparency and meritocracy are the order of the day. Newly introduced principles and guidelines are encouraging directors to take direct responsibility for corporate data. Auditors are being empowered and their independence reinforced.
When it comes to Information Security, a series of increasingly alarming online threats have moved the issue from being the preserve of the IT department alone right up to the level of the board. Viruses, spam, spyware, phishing and hacks constitute a massive group of 'inbound' concerns, all of which have the potential to impact negatively on the bottom line.
Remote internet access and the proliferation of wireless devices are changing the way we look at Information Security. Allied to this is the question of outbound threats. Research from different sources shows that around 80 percent of outbound breaches, or confidential data loss, originates within the organization and are carried out by an employee. They may be malign but are more commonly a result of human error – hitting the 'send' button on an email by mistake, for example. A recent survey ranked confidential information leakage as the major content issue facing corporations, after spam.
All in all, the Department of Trade and Industry's 2004 Information Security Breaches Survey puts the price of these threats at several billion pounds: the average cost of an incident is £120,000, though the risk is also that a single event might have calamitous consequences. Hence the reason that security is a concern that the board must address. It is a question of governance because maintaining control of security has a direct bearing upon shareholder confidence, brand value and the bottom line.
Many companies have adopted a head-in-the-sand approach, treating network traffic as a 'no go' area for fear of what might be revealed, but this is no longer a viable option and is likely to offer no defence in a court of law. In fact making a conscious decision to 'do nothing' to protect company resources, including employees, is a very dangerous strategy in the current climate.
Security needs to be thought of as an operational risk. The first step towards successful security management is identifying the risk and then controlling and mitigating it. Technology plays a key part in this process but senior management must be in charge of the process; governance is required to provide and implement the business-wide view.
And hence, thirdly, governance is a matter of business strategy. The threats are not trivial. Governance must be built into the overall strategic framework of the business since an error of governance might even lead to the failure of the business. Moreover, the regulatory responses to Enron and the like are aimed at nothing less than a change of culture.
A prime example of the links between strategy and security is the attitude that businesses display towards mobile working. The practice has become increasingly popular over recent years because of the greater degree of flexibility that it offers to the extent that many organizations now advocate mobile working to a significant proportion of their workforce. However, businesses that encourage the practice are not doing enough to protect themselves against the additional threats that mobile working can present.
Worryingly, my company's own research recently found that 60 percent of UK businesses have no plans to implement content filtering for mobile workers. Of greater concern still is the fact that only 20 percent consider the risk sufficiently important to warrant the immediate implementation of content filtering when introducing the practice to the organization. However, security is the backbone of governance and, as such, evolving operational issues like the adoption of mobile working must be incorporated into strategies in a timely manner.
Even where organizations have made the link between security and governance, in many cases it is through a feeling of pressure. In order to adopt and run an effective approach, businesses can adopt an ongoing, three-tiered approach to security based around the principles of policies, education and technology.
Policy - Clearly outline what the company resources can and cannot be used for. Update the existing Acceptable Usage Policy (AUP) to ensure that operational changes, such as mobile working, are covered as they become relevant to the business.
Education - train employees to understand the potential threats posed to both themselves and the wider organization. Clarify the appropriate behaviour that can be used to avoid such instances from occurring and how to deal with them when they do.
Technology - ensure that the appropriate technology is used to enforce the terms and conditions of the AUP and act as a safety net against policy breaches.
In isolation, none of the above measures alone are enough to solve the problem but by integrating them together any organization will ensure that risk is mitigated to the greatest possible extent.
Corporate governance is no longer to be thought of as an extra – a hurdle to leap at the end of the financial year (or when the inspector calls). Good corporate governance needs to become an ingrained process, supported by both policies and Information Security. In order not to just pay lip service, it's advised to consider governance and compliance issues in line with the refinement of frameworks and in terms of the implementation of best practice, of which policy development, educational programmes and technology implementation are all key components. In short, governance requires a change of attitude and must be built into the strategy of the business as a whole.
SurfControl are exhibiting at Infosecurity Europe 2005 which is Europe's number one information Security Event. Now in its 10th anniversary year, Infosecurity Europe continues to provide an unrivalled education programme, new products & services, over 250 exhibitors and 10,000 visitors from every segment of the industry. Held on the 26th – 28th April 2005 in the Grand Hall, Olympia, this is a must attend event for all IT professionals involved in Information Security. www.infosec.co.uk
The author is President EMEA & APAC, SurfControl
SC Magazine
No comments:
Post a Comment