Does CIO Stand for ‘Compliance Information Officer’?

Like most technology executives, Zeke Zoccoli acknowledges his job is much different now than it was in the good old days of, say, the late ’90s.

“In the 90s, I mostly worried about putting in large strategic systems,” said Zoccoli, CIO of LifeCare Management Services, which operates a chain of acute care hospitals. “We were the change agent for the company, so there was a tremendous amount of innovation and fewer controls.”

Now, however, CIOs like Zoccoli are spending an ever-increasing amount of time dealing with regulations such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley (GLB), which all have provisions dealing with the privacy, security, integrity and accountability of financial, health and other business records and information.

“More and more these days I’m called in almost as a consultant about whether our electronic information is SOX- or HIPAA-compliant,” Zoccoli said. “Not a day goes by when that doesn’t happen, so I feel a lot more like a compliance guy and less like an innovator.”

And this, most CIOs agree, isn’t likely to change, given the current political and world situation.

“That’s the climate we’re in right now,” said Mike McClaskey, CIO of Perot Systems. “Complaining would be like standing on a ship in the ocean and complaining about the waves that are coming in. The reality, though, is that this isn’t just a one-year phenomenon.”

Different Skills

All this emphasis on regulatory compliance has also had the unintended consequence of changing the types of people becoming CIOs.

“You don’t see very many people who ran data centers becoming CIOs any more,” McClaskey said. “You also have to have run a business unit. The idea that we are all died-in-the-wool ‘techies’ isn’t the case any more”

More specifically, a strong financial background is required because so many of the regulations, most notably SOX, require a solid knowledge of financial records.

“I’m an MBA and a CPA, so I know the issues cold, stuff like all the internal audit controls,” said Jim Harding, CIO of Henry Schein, a distributor of health care services. “But if you don’t have that foundation, Sarbanes-Oxley could be a scary thing.”