Information technology is a fast-paced environment, and most directors are playing a game of catch up. In the past, technology was reserved for providers, such as Apple or Microsoft, or Internet leaders, such as Google or Amazon. Today, every business relies on technology through a constantly evolving list of options, such as increasing operations efficiency or social media. As expected, this increased reliance on technology entails a higher risk profile, evidenced in security breaches or system malfunctions. Despite these increased risks, recent studies have found that many boards need to refocus how they view information technology (IT).
NACD and Oliver Wyman’s Global Risk Center recently conducted a study to address the issue of IT risk oversight titled Taming Information Technology Risk. According to the survey, nearly half (47%) of directors are dissatisfied with their board’s ability to provide IT risk oversight. Almost a third of directors believed failure to properly provide IT risk oversight stemmed from insufficient expertise at the board level.
A substantial number of corporate boards feel they have not yet met the level of oversight the topic requires. A recent report from the Deloitte Center for Corporate Governance found that while directors should examine IT projects with the same level of scrutiny as any other major capital expenditure, this is rarely the case. The same report also recommended that boards add “tech-savvy directors” who can provide the board with expert oversight.
While every board member will not be an expert in IT, all directors should be well-versed on the subject and able to discuss IT risk oversight in relation to their company’s strategic planning. In Taming Information Technology Risk, six questions are provided that should be on every board’s agenda:
How do you determine the strategic importance of IT to the business?
How do you evaluate the evolving IT capabilities of competitors that could threaten our industry position?
How do you allocate dollars across the portfolio of IT investments to ensure an efficient risk return?
What trade-offs are you making in managing the IT portfolio?
How are you effectively executing major IT programs?
How do you ensure that a breadth of best practice capabilities and processes are in place to protect the firm from operational and security risks—both now and in the future?
The above six questions provide a foundation of the questions boards should ask regarding technology-related decisions. Directors should also take into consideration the ways technology touches their specific company when scrutinizing IT projects. Also, just asking the right questions will only get boards halfway to the finish line. Understanding what constitutes as an acceptable answer is just as critical.
As a philanthropist, mentor or family member, you probably support and affirm the efforts of many people every day—sustaining people in crisis, shelling out scholarship funds, listening to a brother in need, or applauding tiny grandchildren. Now, NACD is asking you to add a board member or two to your list and make someone’s day by nominating them for the NACD Director of the Year or B. Kenneth West Lifetime Achievement Award.
Don’t think these boardroom leaders won’t thank you. Every person on earth likes recognition for a job well done and appreciates an “attaboy/attagirl” when times are tough. When we are young, we typically receive praise from parents and teachers, and when we join the workforce exceptional performance can be rewarded by “hero-grams” from the boss and a welcome check at bonus time. Then we reach a stage in life when it seems that doling out the pats on the head, the slaps on the back and the big bucks falls to us. And, when you are the chairman of the board, everyone looks to you for validation, celebration and reward. Truly, it can be tough at the top.
The nature of effective board work means that most of it is unseen: the quiet word, the guiding thought and the patient phone calls seeking unity, collaboration and progress. The best in the boardroom spend hundreds of extra hours before board meetings, learning to know the company, the industry and the environment. They sublimate their egos, know when to speak up and when to stay silent, and match their judgment with maturity and integrity. Sure, many of them will have had high-profile and rewarding careers, but the last couple of years have been challenging for directors with high standards and a little love from you can’t hurt. Go on: Bestow the Glow.
To nominate a director you admire for one of the two NACD awards which will be presented at a Gala dinner at the Waldorf Astoria, New York, on Tuesday, November 8, 2011, please fill in the nomination form and supply at least three letters in support of your nominee. You can download the form and check all the details here. Nominations close on May 31 and an independent selection panel will announce the winners in early summer 2011.
The Director of the Year honorees and the D100 honorees will be celebrated at the NACD Directorship Forum, November 8-9, in New York. Register here. You will have an opportunity to nominate directors, executives and governance experts for the D100 later this spring.
NACD Director of the Year Winners 2010
B. Kenneth West Lifetime Achievement Award Honoree
Public Company Director of the Year Award Honoree
Nonprofit Director of the Year Honoree
Curtis J. Crawford, PhD,
Director of ON Semiconductor, E.I. Dupont DeNemours, and ITT Corporation
Director Zebra Technologies, Chairman Emeritus of W.W. Grainger and Director, Principal Financial Group
Managing Director Bain Capital, Co-Chair of Board of New Profit, Board of Dana Farber Cancer Institute, City Year, Horizons for Homeless Children and New Leaders for New Schools
The article emphasized the fact that more than 260 of the largest U.S. companies, including McDonald’s Corp., Gap Inc., GlaxoSmithKline PLC, and Google, Inc. have spoken out against the new rules. Specifically, these companies believe that the reward for reporting directly to the SEC, potentially in excess of $1 million dollars, will discourage whistleblowers from initially reporting through the internal lines of communication mandated by the Sarbanes-Oxley Act.
The article lists several other concerns with the proposed whistleblower rules. Many question whether the already strained SEC will be able to handle the expected flood of new whistleblower complaints. Furthermore, the proposed rules do not provide adequate punitive consequences for false allegations. This potential combination increases the probability that the agency will be unable to identify serious reports amidst piles of superfluous claims.