Straighten Up and Fly Right: IT Risk Governance for Non-Techie Directors
Jet Blue Director Virginia Gambale heard the news about the airline’s fed-up flight attendant—the one who exited the plane via the emergency slide, cursing passengers as he touched down on the tarmac—well before some of the company’s senior executives. Social media savvy Virginia uses a web tool to track all mention of companies on whose boards she sits, and as soon as someone tweeted news of the incident, she was on it.
Virginia, a former CIO with Merrill Lynch and Bankers Trust, shared the story at NACD’s Director Professionalism®—The Master Class, held this week in Clearwater, FL. She was one of a number of dedicated NACD members honing her board leadership skills and using peer expertise to identify and explore innovative solutions to persistent and emerging challenges.
Virginia urged her peers with non-IT backgrounds to become more involved in oversight of the company’s technology strategy. “Ask questions,” she said. “If people tell you that deadlines are being missed, that delivery of services isn’t possible, or that it’s just too complicated to get something done, then you don’t have the right strategy and you may need to change your CIO. Ask the CIO to talk about allocation of resources and find out how the dollars are spent between maintenance and innovation. You can make the same judgments as you would on any other area of the business.”
“Ask ‘What is our model for technology leadership?’” advises Virginia, and ask to be walked through the governance model and strategy for partners and communications with customers. “Read the company culture: Is IT a partner or service provider? How closely integrated is it with your lines of business? What, why and where are you outsourcing, and what effect is that having on your risk? Virtual roads and highways need to be maintained, but you can outsource a lot of this and pay only for what you use,” she said.
Virginia urges boards to make sure they have at least one person charged with asking these and other questions. “It can be helpful to have a technology and operations
sub-committee sitting under audit or risk,” she recommends, especially if the company needs to find a new CIO. Failing this, the board should consider hiring an outside consultant.
“Security breaches, brand tarnish, information leaks or, at worst, a death can do your company real harm,” said the director who joined the Jet Blue board around the time of the Valentine’s Day “Ice Incident.” And, she added, “You can’t risk disintermediation—the business boneyard is filled with companies where the strategists at board and C-suite level failed to ask the right questions and fooled themselves for too long.”
“Today, every man, woman and child has access to instant information,” she reminded the group. “Use social media intelligently—it can supply you with useful information about what your customers think. And remember, if a mind created it, a mind can break it. Be mindful of the need for ongoing vigilance and sound practice in information security.”
Other directors sharing their expertise with peers attending NACD’s Master Class included Office Depot Compensation Rear Admiral (Retired) Chairman Marty Evans, Winn Dixie Director Charlie Garcia, who discussed the implications of America’s growing Hispanic population for board composition, and Major General (Retired) Hawthorne “Peet” Proctor, who spoke about the characteristics of exemplary board leadership.
To learn more about NACD’s Director Professionalism-The Master Class in 2011, click here. Already attended the Master Class? Contact fellowships@NACDonline.org to find out how you can become a 2011 NACD Board Leadership Fellow.