Is it time to consider an IT for the non-IT director course in the same way we have a Finance for the non-finance directors course? When I did the Institute Of Directors’ Diploma in Company Direction course in the UK this was certainly part of the syllabus, however, it wasn’t that long ago that senior executives and directors would openly boast as to their ineptitude with IT, and it is within this corporate culture that many of the current executives and directors have been groomed.
The key IT governance points for directors, I believe, are risk and board performance. On the risk issue, directors carry heavy personal penalties for failing to adequately manage risk, up to and including imprisonment for serious breaches. Given that many companies today face a ‘failure of IT equals a failure of business equation’ the risk issue cannot be underplayed. This has both operational and strategic dimensions in so far as inappropriate disaster recovery capability can lead to a business being unable to conduct its business and I have personally witnessed a number of successful businesses that have folded when an ‘event’ has occurred. The strategic failures are more difficult to quantify but equally many examples abound of how a new entrant to an existing stable market has used a technology enabled new business model to disrupt and ultimately drive out existing encumbent players. These are both issues that must be diligently and routinely probed by the directors albeit probably through the auspices of the board risk subcommittee, and I personally support that the CIO/head of IT for the organization should regularly attend the risk subcommittee.
The risk issue plays directly to the second issue of board performance and the debate about the benefits of diversity. Many directors still have a legal or financial qualification as the ‘usual’ prerequisite to being appointed. However, notwithstanding the point that many IT people fail to understand the business context, in an IT is from Mars and The business is from Venus context, there is certainly a growing recognition of the essential need for some of the directors to have deep IT understanding in order that the operational executive can be appropriately held to account in the same way directors would routinely probe the validity of the company’s financial statements. There was an excellent article in the AFR last year that looked at the record amounts of money being invested in IT programmes in the big four banks and the experience and background of the directors of the respective organizations, which left the journalist asking the question as to whether shareholders interest were appropriately being managed given the potential inability of the director’s to sufficiently probe the effective performance of the largest capital expenditure programmes in those organizations.
So I see this issue as one of education I.e. firstly how to convince current boards that new members must be sought with this specific IT capability, and secondly how do you convinced IT people to get the broader skills required that they can be a competent director as opposed to a technical consultant. In both instances I see a role for professional bodies such as AICD and the ACS to potentially collaborate on this.