By: Sonny Zulhuda
The influences of ICT to the notion of corporate governance can not be more obvious in today’s enterprises that operate in the technological environment. It has led to the development of the concept of the virtual corporation, the virtual investor and the virtual fiduciary; all would affect the interlocking relationships among the different groups (Hee, 2003).
If ICT does come to be used extensively by enterprises in the future, this could have a significant effect on the way companies are managed and on the way in which the interests of the shareholder and the stakeholder are balanced by the corporate governors, its board and directors (Burns, 2001). For the sake of limitation, this paper specifically investigates the implication of ICT on three key components of corporate governance: transparency, internal control and risk management.
ICT and Transparency/Disclosure
The existing corporation law requires that companies should reveal substantial amounts of information on a wide range of issues. For example, Sec. 401-409 of the American Sarbanes-Oxley Act 2002 (‘an Act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws and other purposes’) enumerates companies’ obligations relating to financial disclosures. In Malaysia, section 18 of the Companies Act 1965 requires companies to disclose in their memorandum of association, which is a public document accessible by anyone, information such as objects of the company, its share capital, liability, and personal data of its subscribers. Burns (2001) argues that the information disclosed is primarily designed to enable shareholders to monitor the policies of directors of public companies to ensure that management is pursuing the main foal of their business enterprise. In fact, it is argued here that micro and medium sized enterprises will not benefit from this disclosure rule in a lesser way that the public companies do. There is stronger cause for MMEs to take care when they have to face inquiry from potential investors or creditor. Certainly the compliance with disclosure rules will give incentives for the MMEs in the investors’ mind.
Apart from that, the disclosure rule helps to promote economic and social welfare goals. Burns (2001) opined that by making information on the company’s finance and future plans widely available and by demanding that notices of any developments which may affect the share price be made public as soon as possible, the disclosure rules should help to create a free and open market for shares so that the price of shares corresponds more closely to its actual value.
In this respect, the idea of setting up corporate website and filling it with online disclosure of corporate information matches that objective of disclosure rules. Corporate online presence would also mean a higher level of accountability since the information must be monitored consistently and updated regularly to provide a higher level of accuracy. Online medium will open up the possibility of dialogue with a company’s employees, customers, suppliers and other stakeholders. Thus, Burns (2001) argued that it could provide stakeholders with a new medium to communicate their concerns to the company about the corporate activities. To this, Macmillan lent the support that online disclosure is important to contribute to market transparency, prevent fraud, and improved accountability of the corporation to general public. Conversely, inappropriate corporate practices would be monitored easily and instantaneously. The risk of investors exit is imminent given the reality of a highly competitive demand for investment.
The above observation leads us to an important proposition; that the adoption of ICT for MMEs opens up for them a greater incentive, i.e. the compliance of disclosure rules. Potential investors and customers will certainly love to see more information are available for them from the MMEs. This at the end will ensure transparency and boost confidence, both internally and externally.
ICT and Internal Control
Another fundamental element in the practice of good corporate governance is the establishment of control structure that encompasses external and internal control. While the external control is normally more independent and imposing, it is argued that internal control, once properly established, can deliver a far better result in ensuring the performance of all stakeholders and elements within the company according to their goal and plans. This is because internal control can run simultaneously with the day-to-day activities of the company. In Malaysia, by virtue of the Malaysian Code of Corporate Governance 2000, directors would have to maintain a sound system of internal control to safeguard shareholders’ investment and the company’s assets.
What tends to be overlooked by many is that this ‘internal control’ does not only cover controls of financial aspects, and this is only briefly elaborated by the Code itself. In fact, such internal control has to cover also those aspects of operational control, compliance and risk management. These are among those aspects that pose significant and potential challenges and threats to companies’ assets and business operations.
How such internal control is implemented in the current pretext of e-corporations, i.e. those corporations (and MMEs) that adopt ICT for business administration, operation and products and services – is a new challenge by itself. It is argued in this paper that the use of ICT is tantamount to greater internal control within the business organization. The use of electronic communications enables not only dialogue but also stricter check and balance between the components within the organization. Sophisticated technologies now make it possible to replace paper-based practices into paperless ones such as the use of electronic voting, electronic meeting, electronic lodgment and electronic delivery of documents. The transparency and efficiency that will be resulted are unprecedented and will boost the productivity and hence more internal control. This is another important corporate governance aspect that needs to be taken care by the MMEs if they want to boost the confidence of potential investors and at the same time to impress them.
ICT and Risk Management
Risk is defined as the possibility of loss or injury. The method used to reduce the possibilities of loss or injury is known as risk management (Greenstein & Vasarhelyi, 2002). Risk management is recognized in today’s business world as an integral part of good management practice. In its broadest sense, it entails the systematic application of management policies, procedures and practices to the tasks of identifying, analyzing, assessing, treating and monitoring risk. It must be realized that the risk management practice applies to the organization as a whole, but it equally applies to each position within that organization. In other words, risk management is central to the overall management of an organization, and it occupies a segment of the specific responsibilities of each manager and employee.
In relation with the notion of corporate governance, risk management is treated a very important parameter. For ICT-enhanced MMEs, this means that they would have to consider another type of corporate risks that naturally come along with the informatization and digitization of the enterprises. Among those risks are the threat to integrity, security and confidentiality of information systems and information assets that belong to the MMEs. A slight mistake in this process may cause detriments to the enterprises; ranging from network system failure, lost of informational assets, infringement of trade secret and intellectual property, to the loss of workforce productivity.
This is what was observed by Yeo (1999), that the availability of information that can be accessed, compiled, copied, disseminated and even transferred in nanoseconds indicates that there is always the potential for misuse. There is also the additional risk of corruption and destruction of data through computer viruses and system malfunction. If all these situations are indicative of anything, it would be that the risks faced by the MMEs are becoming far greater. Yeo argued that this has increased the scope of the duties of present day directors as they assumed an additional obligation: to monitor the operations, potential risks and consequences of computer and communication system and procedures; and to increase the quality of monitoring the affairs of the company with online financial information. True, as McGregor-Lowndes (1996) puts it, the placement of all documents, licenses and information however have some drawbacks: the cost of monitoring information, and the risk of corporate information being tampered with.
In relation with the threat to information assets, the American Corporate Governance Task Force in 2004 had come out with a model framework on how to enhance corporate information security in order to strengthen good practices of corporate governance. Under the pressure of stricter homeland security requirements, it was their fundamental belief that the best way to strengthen US information security is to treat it as corporate governance issue that requires the attention of corporate boards and management. This is an effort that represents the seriousness of ICT risks management within the corporate governance framework.
In a more hopeful note, ICT does not only come with the risks, but provides opportunities too. The modern technology continuously develops to serve as a more effective mechanism to safeguard against corporate abuse. It also revolutionizes the way in which traditional duties have been imposed on directors or management, e.g. creating new rules on information security and electronic asset management. The technological infrastructure and online medium can in fact be used as shield and sword. This is the challenges that had to be considered by MMEs and corporations to better execute their risk management activities. Indeed, further attempts are warranted to identify types of those risks and how to deal with them accordingly (Zulhuda, 2004).