Directors must take IT responsibilities on board

Board members need to learn more about IT to fulfil their corporate governance duties.

Board members need to learn more about IT to fulfil their corporate governance duties

All board directors now understand their responsibilities for corporate governance. They can hardly fail to do so following the corporate scandals at Enron, Tyco and other companies that have grabbed the headlines over the past 12 months, and the recent Higgs report into the role of non-executive directors.

But what relevance does IT have to the corporate governance debate?

The answer lies in IT's role: it now underpins or enables virtually every business activity. Thus, after people, IT is probably the most important and costly resource within the majority of enterprises.

Businesses depend totally on their technology-based systems being available and reliable from day to day. IT investments that fail, or that are inappropriate, have led to significant wasted costs and disruption to business. Many enterprises have suffered such losses.

Yet, despite the size of the role it plays in business, IT is one of the least understood topics in enterprise boardrooms.

As Peter Morriss, recently retired as global head of information assurance services at KPMG, once said, "The IT aspect of corporate governance is one of the things that chief executives think they don't have to understand - until it bites them."

And from time to time it does bite them, often in painfully expensive ways.

How, then, can directors take their responsibilities for IT governance seriously and apply them effectively?

This challenge is driving the current focus on educating senior-level directors and managers within enterprises that IT presents not only opportunities but also risks.

These directors and managers need to understand the opportunities and risks involved. At the same time, given the massive expenditure that IT involves, it is equally essential that they attempt to ensure that appropriate value is obtained from IT investments, that shareholder funds are not wasted, and that IT makes its full contribution to corporate long-term sustainable success.

However, because IT governance is still a relatively new concept, most enterprises are still at a relatively early stage in establishing appropriate governance processes. Some have yet to embrace the concept at all. Those enterprises that have established a formal IT governance programme are still in the minority in most countries of the world, although significant progress is being made.

However, one industry has adopted IT governance. Financial services is, perhaps,the first sector to fully embrace the process - a development that is largely due to the sector's total dependence, and inter-dependence, on IT. Other factors are the massive costs to the industry of ITand the regulatory pressures it is subject to.

An interesting definition of ITgovernance is given in the results of research carried out recently by the Center for Information Systems Research at the Sloan School at Massachusetts Institute of Technology. It states that, "IT governance is specifying the decision rights and accountability framework to encourage desirable behaviours in the use of IT. It is not about what decisions get made - that is management - but it is about who makes the decisions and how they are made."

Therefore the process is about oversight and accountability. Directors must understand the implications of, and take responsibility for, their IT investments. To do so, they must understand the subject far better than they do today. So the need for education will increase.

The need for better governance processes and metrics is also clear.

Enterprises must ensure IT contributes significantly and effectively to enhanced and sustainable shareholder value. That is what IT governance sets out to achieve.

Paul Williams is an independent consultant specialising in IT governance and IT project risk management

To hear Paul Williams speak on security governance visit the online conference Infosecurity World Online at

Read more on Business applications