Does CIO Stand for 'Compliance Information Officer'?In this fifth installment of our series, we look at how new compliance requirements have affected the job.
"In the 90s, I mostly worried about putting in large strategic systems," said Zoccoli, CIO of LifeCare Management Services, which operates a chain of acute care hospitals. "We were the change agent for the company, so there was a tremendous amount of innovation and fewer controls."
"More and more these days I'm called in almost as a consultant about whether our electronic information is SOX- or HIPAA-compliant," Zoccoli said. "Not a day goes by when that doesn't happen, so I feel a lot more like a compliance guy and less like an innovator."
And this, most CIOs agree, isn't likely to change, given the current political and world situation.
"That's the climate we're in right now," said Mike McClaskey, CIO of Perot Systems. "Complaining would be like standing on a ship in the ocean and complaining about the waves that are coming in. The reality, though, is that this isn't just a one-year phenomenon."
All this emphasis on regulatory compliance has also had the unintended consequence of changing the types of people becoming CIOs.
"You don't see very many people who ran data centers becoming CIOs any more," McClaskey said. "You also have to have run a business unit. The idea that we are all died-in-the-wool 'techies' isn't the case any more"
More specifically, a strong financial background is required because so many of the regulations, most notably SOX, require a solid knowledge of financial records.
"I'm an MBA and a CPA, so I know the issues cold, stuff like all the internal audit controls," said Jim Harding, CIO of Henry Schein, a distributor of health care services. "But if you don't have that foundation, Sarbanes-Oxley could be a scary thing."