Last of three parts
TO top it all, compliance with Republic Act (RA) 8792 or the “e-Commerce Act” is a management issue and using technology to comply with RA 8792 needs information technology (IT) governance intervention. It is all about the leadership tandem of the agency head and the chief information officer (CIO), coupled with proper planning, organizing and controlling. To quote former Commission on Elections (Comelec) acting chairman Rex Borra in an interview in 2013, “Automation is management din ‘yan, eh! Only that it is technical!” Former Comelec commissioner Gus Lagman, being a technical person himself, recommended that the filing and monitoring of election cases should be automated; it facilitates the job of the commissioners, he said. Again, this is a management concern while the technology part is just a tool!
Former Bureau of Internal Revenue (BIR) deputy commissioner Lilia Guillermo, the CIO then, stated in an interview in 2013 that “institutional ang rendering of IT services…Government needs help in the institutionalization of e-services!” What she stressed was that it was all about electronic services for the convenience of taxpayers. And this is really the ultimate goal of the e-Commerce Act, convenience to the agency’s customers; that is, transact anywhere/anytime and get the services of the concerned agency promptly. The BIR’s tax computerization program from 1994 onwards was successfully implemented through the coherent tandem of various appointed BIR commissioners and CIOs. When RA 8792 was enacted in 2000, the BIR was ready to comply with the e-Commerce Act as most of its business processes were already automated. Change management was uncomplicated and seamless. Asked about the sustainability of planned IT projects, Guillermo said, “Oo kasi nga sa amin may CIO! Kasi dito, ako ‘yon, di ba? Alam ko kung ano ang dapat i-sustain.” The BIR’s readiness was the result of its maturity level on the use of IT. It was precisely an outcome of its IT governance practices.
On the other hand, there was no action done on the part of Comelec to comply with RA 8792 as neither their agency’s strategic plan nor information systems strategic plan (ISSP) was ever implemented. The Comelec tried to re-engineer its functions and processes with its Operation Merit (Operation Modernization and Electoral Reforms with Integrity and Transparency) from 2006 to 2010 but it never materialized. Further, the Comelec strategic plan from 2011 to 2016 (Comstrat 1116) was supported by the ISSP through the efforts of Lagman in 2011, but these were left hanging when he was not confirmed in 2012. Former Comelec chairman Sixto Brillantes Jr. even commented why the plans didn’t take off: “We are doing away with the Comstrat 1116 because we do not have the budget to do it.” But considering the implementation of the 2010 and 2013 elections, and the succeeding national and local elections till 2019, the Comelec spent billions of pesos for PCOS (Precinct Count Optical Scan) machines, yet, they didn’t even comply with the Automated Election System (AES) law, or RA 9369. All these non-compliances were manifestations of poor organizational commitment and lack of IT governance.
As defined beforehand, IT governance refers to the strategic alignment of IT with business to achieve maximum value through the development and maintenance of effective control, accountability, performance supervision and risk management. With our two cases analyzed, BIR was very successful in achieving its strategic plans vis IT governance practice, especially in handling those electronic systems accessible at bir.gov.ph like electronic filing and payment system. Our citizenry and those revenue-generating companies have benefited from its usage for almost two decades now. On the other hand, although Comelec’s Modex, Merit and Comstrat 1116 are considered clear signs of good intentions, nonetheless, these plans were not implemented due to absence of IT governance. Come to think of it, part of Comstrat was Lagman’s proposed Comelec’s automated monitoring of cases to facilitate the decision-making routine job of the Comelec en banc. It was a brilliant idea but was not given a chance.
It is now obvious that IT governance plays a very important role in the realization of the combined agency’s strategic plan and ISSP. Hence, it has a positive causal effect on compliance with RA 8792. But that is only true for those government offices with organizational commitment — having a decisive leader backed up by a proactive CIO. Further, it has been observed that one major reason for non-compliance is the lack of penal provisions if the law is not adhered to. For RA 8792, there are no penal provisions if a government office failed to comply with it! While the only penal provisions in RA 8792 are stipulated in Section 33 — hacking, piracy and violations of the Consumer Act.
Likewise, there are no penal provisions if the AES Law is not complied with. Unlike with RA 10173, or the “Data Privacy Act,” all government offices and private companies have been hurrying up to comply until 2020 because the penalties are harsh for non-compliance — maximum fine of P5 million and jail time of six years. In addition, the Department of the Interior and Local Government, acting on a directive of President Duterte, scored the local government units (LGUs) low, medium and high in clearing up roads of obstructions after the deadline of 60 days; thus, show-cause orders will be received by mayors who failed to comply.
In summary, IT governance is an important element in complying with pertinent laws, directives, and circular orders that require implementation of IT projects.
Coming up with penalties and scoring, say for RA 8792, may be helpful to facilitate compliance. And to answer whether IT governance is reality or not in government offices, it is already a reality for those offices like BIR. In fact, even before the pronouncement of President Duterte in his fourth State of the Nation Address, some of the government agencies have already been providing prompt services since decades ago. But for the rest, they just need to follow the directive of our President: “I reiterate my government. My directive to the government and instrumentalities, including the LGUs and the government corporations…simplify.”