IT governance gets the board's attention

A small number of companies, including Novell and Federal Express, have elevated responsibility for IT governance to their boards of directors in an attempt to ensure that they have high-level oversight of technology investments.

Novell established its board-level IT oversight committee in January, and Richard Nolan, an outside director who chairs the committee, said he expected other companies to take similar steps as executives start to examine the legal risks that IT investments pose under the financial reporting requirements of the Sarbanes-Oxley Act. 

"This is an area where boards of directors will be named in stockholder suits," said Nolan, a management professor at the University of Washington Business School in Seattle.

Novell's oversight committee, which includes four other directors from outside the company, monitors major projects and decisions about the company's technology architecture. Nolan said its duties include working with senior IT executives and addressing questions such as whether Novell is getting adequate returns from its technology investments. 

Having directors oversee IT activities "is an enforcing function", Nolan said. "This can shine a light on issues." 

FedEx created an IT oversight committee four years ago which includes board members.

Like Novell's committee, the one at FedEx oversees major IT-related projects and architecture decisions and advises both the senior IT management team and other board members on technology issues. 

Over the past few years, many large companies have created IT steering committees to help prioritise funding for high-cost projects. But most of those committees are made up of business unit leaders and department heads, and they do not include board-level participation beyond senior executives such as chief executive officers and chief financial officers. 

For example, KeySpan established an IT governance board early last year, according to Frank La Rocca, co-chief information officer at the natural gas distributor, electric utility and energy services firm.

The panel, which meets monthly to scrutinise IT investments, includes KeySpan's chief financial officer and chief strategy officer, as well as several executive vice-presidents and business unit heads. No external directors are members at this point, La Rocca added. 

Board-level IT governance and oversight committees are just beginning to emerge, said Tom Pohlmann, an analyst at Forrester Research. 

"There are many cases where the chief information officer presents to the board of directors once or twice a year," he said. "But overall, this is not a trend that I'm observing." 

Steve Bandrowczak, chief information officers at DHL International, said he is unsure whether IT governance at the board level will be widely adopted. DHL itself has yet to move in that direction, he said. 

"Most company board meetings have little time to cover IT strategy," Bandrowczak said. "That's not to say board meetings don't discuss major business initiatives that require a major IT project. But the two go hand in hand." 

Thomas Hoffman writes for Computerworld