Information technology is a fast-paced environment, and most directors are playing a game of catch up. In the past, technology was reserved for providers, such as Apple or Microsoft, or Internet leaders, such as Google or Amazon. Today, every business relies on technology through a constantly evolving list of options, such as increasing operations efficiency or social media. As expected, this increased reliance on technology entails a higher risk profile, evidenced in security breaches or system malfunctions. Despite these increased risks, recent studies have found that many boards need to refocus how they view information technology (IT).
NACD and Oliver Wyman’s Global Risk Center recently conducted a study to address the issue of IT risk oversight titled Taming Information Technology Risk. According to the survey, nearly half (47%) of directors are dissatisfied with their board’s ability to provide IT risk oversight. Almost a third of directors believed failure to properly provide IT risk oversight stemmed from insufficient expertise at the board level.
A substantial number of corporate boards feel they have not yet met the level of oversight the topic requires. A recent report from the Deloitte Center for Corporate Governance found that while directors should examine IT projects with the same level of scrutiny as any other major capital expenditure, this is rarely the case. The same report also recommended that boards add “tech-savvy directors” who can provide the board with expert oversight.
While every board member will not be an expert in IT, all directors should be well-versed on the subject and able to discuss IT risk oversight in relation to their company’s strategic planning. In Taming Information Technology Risk, six questions are provided that should be on every board’s agenda:
How do you determine the strategic importance of IT to the business?
How do you evaluate the evolving IT capabilities of competitors that could threaten our industry position?
How do you allocate dollars across the portfolio of IT investments to ensure an efficient risk return?
What trade-offs are you making in managing the IT portfolio?
How are you effectively executing major IT programs?
How do you ensure that a breadth of best practice capabilities and processes are in place to protect the firm from operational and security risks—both now and in the future?
The above six questions provide a foundation of the questions boards should ask regarding technology-related decisions. Directors should also take into consideration the ways technology touches their specific company when scrutinizing IT projects. Also, just asking the right questions will only get boards halfway to the finish line. Understanding what constitutes as an acceptable answer is just as critical.
Fay Feeney is CEO of Risk for Good, an advisory firm providing board chairs and corporate counsel guidance to monitor, govern and leverage the fast-moving landscape of social media, technology and the Internet.
One of my table mates at the NACD Director Professionalism course I recently attended in Deer Valley, UT was Allan C. Golston, president, United States Program of the Bill & Melinda Gates Foundation. It’s amazing who you sit next to at NACD events. Allan swore his learning wasn’t disrupted by my tweeting during class, and shared with me his takeaways from two days with NACD.
“The course was more than ‘rules of the road’; it was also a dialogue around how to think about the fundamentals of being an effective director in the 21st century in a strategic way. Whether it was rethinking what it really means to have an independent mindset, or rethinking what it means to have courage in the boardroom, or rethinking what it means to represent shareholders—I found these types of fundamentals the most useful.”
Allan Golston with Rob Galford, Compensation Chair, Forrester Research and NACD facilitator
I agree. I invested my time and money to have a refresher on fiduciary responsibilities and to pick up some useful tips on how to contribute most effectively in the boardroom and on key committees, but I came away with so much more: insights that have reshaped my thinking about how to lead in governance and examples of great board behaviors that will galvanize my own priorities and performance.
Mike Lorelli, CEO of Water-Jel Technologies, and another high-flying classmate, agreed. “As much learning in two days, as in two years of an MBA program,” he said.
Mike Lorelli at the NACD resource center
The sessions at Director Professionalism are led by active public company directors. I loved hearing Michele Hooper, who sits on the boards of Astra Zeneca, UnitedHealth Group, PPG Industries and Warner Music Group, encourage newbies by saying: “Everyone has a “first” board seat. Today’s most experienced directors had a first board seat.”
She encourages boards to consider qualified candidates without prior director experience, maintaining that, if your board is looking to expand their recruiting to engage more diverse thinking, they will need to refresh their thinking about board composition.
Although the NACD facilitators were great, the really valuable learning often came from other members of the class. “There really weren’t 10 instructors—more like 70 when you count the learning from the 60 peer-level CEO’s and directors,” said Mike Lorelli. Allan Golston agreed.
“The ‘official’ instructors were really strong, but the interplay and dialogue among the group enriched the content and learning well beyond what the official instructors provided.”
Pamela Packard is a private company director who is active in NACD’s New York chapter. She felt that the snowy setting of the Montage Deer Valley Resort provided lots of opportunities for “off the record” candid conversations among directors from diverse backgrounds and experiences. “These discussions complemented the formal sessions.” She also told me “newcomers to corporate governance had the chance to glean the subtleties of different board cultures and communication styles, learning from those of us with more experience.”
Pam really valued the plethora of publications and extra learning resources provided by NACD. “Great reference materials for future use!” she said.
Director Professionalism has a comprehensive list of learning objectives but really these were just the starting point for our class. In the fast moving world of governance, it’s not only what you know, but who in your network can help you keep your knowledge current. Thanks for a great class. I’ll keep on learning with NACD and look forward to becoming a 2011 NACD Governance Fellow.
To sign up for Director Professionalism in Houston TX, San Francisco CA, or Palm Beach FL, please click here
This week, NACD bridged the gap between corporate directors and the investors they represent. In conjunction with Broadridge Financial Solutions, NACD hosted a Virtual Roundtable at the Newseum in Washington, DC, bringing together leaders from the investment community with directors to discuss the disclosures and communication strategies.
Hosted by NACD President and CEO Ken Daly, the Roundtable featured investment community representatives from T. Rowe Price, CalSTRS, and Vanguard Group, Inc. They engaged in dialogue with board members from Forrester Research, Broadridge Financial Solutions, Kimberly-Clark, Legg Mason, SmartPros Ltd., and Assure Holding Corporation. With the intent to inform directors on what investors are looking for in the proxy in the upcoming year, the Roundtable discussion covered compensation, committee reports, and director qualification disclosures.
The investment managers represented at the Roundtable do not take a “check-the-box” approach based on guidance from proxy advisory firms; instead, they choose to complete their own analysis. Notably, these active shareholders emphasized quality over quantity with respect to disclosures in the proxy statement. Simply an increase in the amount of disclosures from companies only makes it more difficult for investors to uncover the valuable information in the proxy. The participating investors further suggested companies should make an effort to provide quality disclosures regarding how executive compensation matches performance, and how incentives are linked to the business strategy, for example.
The participating investors also stressed the improvements that need to be made regarding the new director qualification disclosures resulting from the SEC Proxy Disclosure Enhancement rules. They felt many companies did not fully explain how each director’s skill sets contributed to the company’s business strategy.
Lastly, the investors offered advice to the boardroom on director succession. After directors have analyzed their board’s composition in light of the company’s strategy, they find a larger challenge in recruiting directors to fill the gaps in skill sets. As a solution, Anne Sheehan of CalSTRS suggested that directors should “think of their shareholders as stakeholders.” Long-term investors have the same interests as directors and might be able to offer potential candidates whose skills complement the company’s business strategy and build its long-term value.