Recent Wall Street Journal blog posts are highlighting the board-level attention technology and material risks, such as cyber security, are garnering. In her March 27th WSJ blog, “Corporate Boards and CIOs are Seeing a Lot More of Each Other,” Kim Nash points out that boards are waking up to the scary realities of technology risks to companies that they oversee. Boards are asking CIOs for less jargon/more plain language explanation of material risks, strategy and resource needs around technology within the organization. In some cases, technology committees are being formed at the board level to put these risks front and center. This is an interesting new trend in corporate governance. However, a mere 5% of public companies now have technology committees on their boards, as cited by Nash. Has your organization formed a technology committee at the board level?
Nash goes on to cite recent research from the National Association of Corporate Directors (NACD) that indicates 40% of boards do not feel they receive adequate disclosure about technology within the organization. Hmmm, ‘you can’t manage what you can’t measure’ comes to mind when thinking about risks posed by technology. In order for board governance to be possible, let alone effective, they need to have relevant, timely and meaningful information about how, where and why technology is used, descriptions of the controls and monitoring systems in place, an understanding of how the people and processes fit with the technology, and a risk assessment of the gaps and vulnerabilities surrounding technology.
Nash authored another blog the day prior, “Morgan Stanley Pushes Emerging Area of Tech Governance,” in which she points out an interesting paradigm – although only a small number of boards currently have technology committees tasked with oversight of technology risks, most companies today rely heavily on business models that use a wide variety of technologies for advanced analytics, CRM, ERP, ERM, sales management, accounting and finance, reporting and the list goes on and on. Seems to me that there are significant potential gaps and vulnerabilities to the typical business today due to the commonplace use of technology. Yet most companies do not seem to equate those risks with good corporate governance at the top ranks.
And it gets worse. As my recent IMA TechTalk Blog post on developing a data governance strategy points out, most organizations are also lacking plans in this area as well.
So technology permeates most companies. There are potential risks associated with those technologies. Data and information are the lifeblood of business today and a critical asset. Companies generally lack data governance strategies. And boards are at the earliest stages of recognizing these weaknesses. Sounds like a potential for disaster to me.
Where does the CFO sit in all of this? At the very least, the CFO has an opportunity to become a key figure in helping the organization to develop an effective data governance strategy as well as help educate and inform the board about possible risks associated with technology. In fact, I think the CFO has the potential to take on a great role beyond finance and accounting, as pointed out in my earlier IMA TechTalk Blog, “Rise of a Hybrid in the C-suite: the CFTO?.” This is not to say that the CIO has no role – this is a chance to foster greater collaboration within the C-suite itself and start to plant the seeds of a culture of integrated thinking that can trickle down to the rest of the organization as well as up to the board.
#CIO #NACD #IT #materialrisk #materiality #vulnerability #tech #integratedthinking #corporatedirector #process #oversight #board #director #risk #datagovernance #CFTO #TechTalk #governance