I’ve had the privilege of serving as a director on several public-company boards for the past 15 years. Audit committees are, of course, very important and we’ve all seen compensation committees grow increasingly important. But no board I’ve heard of has a technology committee. I think it’s time, and not just for technology companies.

Timothy-Chou_ColumnistServices represent 85 percent of the U.S. economy. If you see retail, financial-services and health-care companies as being in the business of delivering personal and relevant information to customers, partners and suppliers, you probably understand that technology is no longer a back-room function. It is the business. At least, few would debate that with regard to modern consumer companies like Amazon, Facebook, Google and Netflix.

Directors themselves understand the crucial role of technology. Back in 2011, the National Association of Corporate Directors (NACD) released a report based on a survey of 204 board members entitled “Taming Information Technology Risk: A New Framework for Boards of Directors.” While opinions differed on the degree of importance IT would have for the future of the companies they governed, more than 99 percent of survey participants believed IT would have a significant impact on their companies in the next five years. More than one-third expected IT to improve operational efficiencies, while 30 percent believed it would provide a competitive advantage for their company in the next five years. Nineteen percent had even higher expectations: They believed IT would transform their company.

So what would the charter of a technology committee be? I propose three broad areas. First, it would be charged with conducting a technology audit. Are your compute and storage platforms, the foundation of any information systems, state of the art? Or are you using 10-year-old hardware and unsupported software? Further, are your software developers able to develop and deliver new applications in a day, a month or a year?

Second, as compensation committees do, you’d want to benchmark what your company spends and how you spend it against other comparable companies. If Barnes & Noble and Blockbuster had made such comparisons to Amazon and Netflix, respectively, maybe they wouldn’t have been so blindsided. Already the large consumer Internet companies have a server-to-employee ratio that’s nearly 100 times that of most other Fortune 500 companies. Should you be surprised?

Third, as audit committees do, you’d want to make sure the right processes are in place. Innovative technology increasingly is being delivered as a cloud service, which means the key security, availability, performance and change-management processes are as important as order-to-cash financial processes. As we depend more and more on information systems, how will the board provide oversight so as to ensure the secure and reliable delivery of information to customers, partners and suppliers?

If you believe it’s time to start this discussion, feel free to email me, comment on this article, or share it via LinkedIn, Twitter or email with others. For everyone who serves on a public-company board, providing oversight on technology is going to be just as important an aspect of acting on behalf of shareholders as is managing financial reporting and compensation.

Timothy Chou teaches cloud computing at Stanford University. He is the former president of Oracle on Demand and the author of Cloud: Seven Clear Business Models.

, , , ,

9 responses to “It’s Time for Boards to Have Technology Committees”

  1. I’ve been a CIO at firms that used IT to improve processes, to build new products, and even to transform the company. So I’ve been on the front lines, so to speak.

    I’m a Board member as well.

    The geek in me would love to see that level of Board interest and involvement…but when I look at the current state of Board member awareness and domain expertise it sure seems like a leap.

  2. I’d love to see more board-level tech committees. Just a few among the Fortune 500 have them and their missions differ. Directors are clamoring for more technology information and seem to feel that summoning the CIO to present once per quarter isn’t giving them what they need. Dive in, I say!

  3. I agree in principle, if not in the methodology.
    Sadly, most organizations that perceive IT only as an operational tool keep IT out of the boardroom – to their competitive and security peril. If, however, IT is seen as a key strategic plank involving significant organizational investment, board oversight becomes vital. I think, however, that a board can also gain the expertise it needs via a Technology Advisory Committee. In this way the board can invite cutting-edge knowledge/information specific to it’s needs without requiring the directors to become significantly more IT-knowledgable themselves.

  4. The discussion related to technology is interesting.

    Are there some companies that have listed ALL the units of their organization and based on that listing have then identified the extent and nature of how that unit can efficiently use technology. Each item should be classified as either appropriate for technology or only effective if the work related is NOT technology. (In the process of analysis, activity that is essentially of NO value can be set aside and reviewed for revision, etc.

    Regards Mary Ellen

  5. Maybe it’s helpful if technology is viewed as broadly as possible in the context of the board. It’s an operational tool and a strategic, competitive tool. It may be an important part of the company’s business. But it’s tied into data protection, security (data, cybercrime, BYOD) etc. and is an important element in risk management–it raises risks and provides solutions. It allows for efficiencies and important redundancies. It feeds into systems for compliance monitoring (and I’m talking regulatory compliance broadly, not just financial/securities requirements). All of this means that the board needs to be involved; the technology assists the oversight role and, in turn, the board must maintain oversight over technology (broadly speaking) to keep that information and linkages current and in working order.

  6. I am not as senior as most of the people who have commented here, but this is what I have observed:
    1. Most BOD members are not tech savvy enough to perform this function comfortably; instead, starting with technology governance body comprised of key VPs + CIO + few BOD members might be a good first step.
    2. This approach would be more palatable for organizations where CIOs report to CEOs and therefore, IT is considered a strategic enabler rather than an operational liability. Otherwise, raising IT’s strategic profile through structural changes would be a pre-requisite.
    3. Having the best in class IT infrastructure, processes, and supporting budget without understanding the context might not be beneficial. Instead a simpler approach might be to work from business strategy backwards to capabilities to IT benchmarks and pain points. Otherwise, we might have a lot of targeted interventions that won’t add up to a strategically aligned holistic IT solution.

  7. From big 4/6 perspective, this makes perfect sense since consulting provides a more volatile yet high revenue stream vs. auditing that provides stable but conservative revenue stream. A lot of factors are contributing to this phenomenon including disconnect between audit procedures and organizational value creation, lack of comprehensive risk management approach in typical SOX audits, shifting risk appetite of organizations, rising global competition, and current phase of business cycle. The solution to this problem might be complex; but what if all of this is good for the audit industry in the long run since there will be some reverse innovation from consulting to auditing improving the overall approach and process of risk management

  8. Please disregard my latest comment, it was meant for another article on the website. Apologies for the inconvenience.

  9. Technology Committees are about the 6th most common committe for Boards of Directors (after Audit, Compensation, Nominating/Corporate Governance, Strategic Planning and Finance) at all types of companies. About 11% of the Fortune 100 companies have a technology committe. About 5% of the smaller companies have this committee. Most boards do not necessarily have the direct expertise to address the issues, but they have the ability to hire consultants and call on employees to provide technology solutions and the duty to provide the company with the appropraite direction for technology advances. The risks facing companies of all types have forward thinkers addressing the issue with this type of committee. I see that IT companies like Hewlett Packard, EBay and Apple have a technology committee, but also energy (Schlumberger), chemical (Dow, Monsanto and Sigma Aldrich), Financial Services (Morgan Stanley and CitiGroup), pharma (Eli Lilly, Pfiser and Bristol/Myers) , retail (Nordstom and DSW) and consumer goods (Proctor & Gamble) to name a few taking the lead on this critical issue. Some of these companies have had a technology committee for almost 20 years!

Leave a Reply

Your email address will not be published. Required fields are marked *