I continue my review of The Handbook of Board Governance: A Comprehensive Guide for Public, Private, and Not-for-Profit Board Member. With the current post, I provide comments on Part 6 of the book, Governance of Information Technology. See prior introductory comments and those on Part 1, Part 2, Part 3, Part 4 and Part 5. As I have indicated before, The Handbook of Board Governance will soon be the most popular collection of articles of current interest in the field of corporate governance, if it isn’t already. Rank 8 at Amazon within the entire field (fluctuates daily).
The Handbook of Board Governance: Information Technology and Cybersecurity Governance in a Digital World
Bob Zukis points out that information technology (IT) governance includes not only cybersecurity, but oversight of value creation through IT. Too many boards don’t have the skills or experience to provide adequate oversight. Almost all are playing catch up. IT’s disruptive effects:
- Effectiveness and efficiency improves over time, often dramatically
- Leverage, making it easier to invent or produce new products
- Transaction or engagement costs dramatically lowered.
Consumers are gaining power and are better informed than ever before by companies that invite their customers to do some of the work. Think Amazon reviews and how they influence your buying choices.
Predictive and real-trim analytics increasingly drive outcomes and the unpredictable and uncontrollable nature of third-party exposure also creates a very different and complicated governance and management challenge… one in six IT projects was a black swan with a cost overrun of 200 percent, on average, and a schedule overrun of almost 70 percent.
The pressure is increasing for directors with IT skills and/or establishing a board level IT committee. Zukis goes on to review several frameworks, including ISO, King, COBIT and others, as well as addressing the growing threat of cyber risk. Incidents totaled 117,000 a day several years ago. Still, only 25% of boards appear to be getting involved in reviewing security and privacy threats.
The Handbook of Board Governance: The Board’s Role in the Governance of Enterprise Information Technology (GEIT)
If you weren’t convinced of the importance of IT and GEIT by the end of the last chapter, Elizabeth Valentine, Steven De Haes and Greg Timbrell will set you on your heels. Less than 20% of corporate boards are confident in their GEIT ability and their is a skill shortage at the top. “GEIT seeks to facilitate data-driven decision making and minimize risk throughout the enterprise.
One study cited found that firms with “demonstrated IT maturity” consistently outperformed peer financially by 9%, profitability by 26% and 12% greater market valuation. The chapter includes a good analysis of the debacle at Target, save areas of IT-related risk, three barriers to effective GEIT, current oversight practices, reporting to the market and investors, role of audits, COBITS framework, and board accountabilities.
I suspect many boards are still not far from square one. The authors outline practical steps to get started.
As capability grows, market leaders will use innovative digital strategies to both further develop and protect the value created, and develop the capability to transform their organization rapidly.
If your company isn’t moving ahead in this area, it will soon be overwhelmed. IT literacy on the board is becoming a must.