John Boufford, I.S.P., CIPS’ current National Vice President and incoming President for 2006-2007, has a compelling message that needs to be heard. John is writing and speaking on issues crucial to the profession and to businesses. His recent featured article appearing in the Financial Post Magazine is generating much needed discussion so John is blogging the article here. Moreover, John is co-presenting with Kerry Augustine, CIPS Manitoba President at the INFORMATICS conference in May: speaking on "Managing Business Risk through IT Certification." This session demonstrates the value of professional certification and professionalism to businesses.
From: John Boufford I.S.P.
I spoke on Managing Business Risk through IT Certification at a security seminar this week. The audience consisted entirely of certified security professionals. The thrust of my presentation was the need for better IT governance and how CIPS’ programs contribute to more reliable IT processes. From the questions, I think the message resonated with the audience.
This message is similar to my greatly condensed message appearing in the Financial Post supplement to the April 7, 2006 National Post. The Financial Post article appears below.
IT Governance: An Opportunity or Hindrance?
Sarbanes-Oxley (SOX) is having a profound impact on the Information Technology (IT) profession. Senior IT leaders are experiencing an increased concern with IT governance. The Chief Executive Officer (CEO) is calling upon the Chief Information Officer (CIO) to attest to rigour in IT processes and projects before the CEO signs-off on the company financials. Both the CEO and CIO have to work together to understand what the government regulations require and what is necessary to be in compliance with them.
Regulatory compliance demands rigour in IT governance. Sadly, current IT governance practices as implemented in some organizations are not adequate as evident in the software failures that have occurred in the past few years. In a 2005 report, The Hartwell Group identified 20 recent high profile [IT] glitches that:
§ Affected more than 61 million people;
§ Resulted in more than $30 million in financial impacts (plus impacts such as lost business, project delays, loss of reputation, loss of customer privacy, and required additional medical tests); and
§ Had potential life and death impacts.
The effect of SOX and other regulatory compliance requirements will be felt well beyond its immediate sphere of influence. While SOX only applies to publicly traded companies on U.S. stock exchanges, the IT audit community will promulgate the lessons of SOX IT governance well beyond that arena. With so much at stake, will CIOs look for more than technical excellence in their IT recruiting practices?
The days of the narrowly specialized are numbered. IT professionals today require a broad IT knowledge, a variety of business experience, a strong foundation in emerging standards of practice, and a code of ethics that puts the public and employer interests ahead of their own. CIOs and human resources executives will be looking for a way to identify these IT professionals. Fortunately, there is a way.
Canada has a professional IT designation: the Information Systems Professional – I.S.P. designation (in French, Informaticien professionnel agréé - IPA) that identifies IT practitioners who possess the education and experience to practice IT at the professional level. The “I.S.P.” is the only IT designation in Canada that is recognized by law as a self-regulating profession. Currently, legislation exists in the provinces of British Columbia, Alberta, Saskatchewan, Ontario, New Brunswick and Nova Scotia. (Other provinces are working toward legislation.) The I.S.P designation is offered by Canada’s association of IT professionals known as the Canadian Information Processing Society or “CIPS.”
I have been calling on IT leaders to deliver the Information Systems Professional message. They understand the importance of IT professionalism and governance, and how this translates into a more ethical and productive workforce that improves their bottom-line. Quite fittingly, they are moving to adopt the I.S.P. designation in their organizations.
The I.S.P. designation in association with regulatory compliance and IT governance is an opportunity for executives to take a leadership role in further aligning IT with business priorities. For the IT industry and profession, this is a good thing.
Thank you John for sharing your thoughts and Financial Post article with the audience…
Stephen Ibaraki, I.S.P.