Boards of directors urgently need to get to grips with IT – potentially the most profitable yet also one of the most costly of all a company’s departments
According to research carried out within financial services group ING, IT-enabled business change investments can deliver significantly greater value than almost any other type of corporate investment. At the same time, though, IT costs come second only to people costs in corporate spending.
A recent IT Governance Institute global survey also shows that while 95% of companies believe the successful deployment of IT is vital to long-term business success, almost 50% rarely or never discuss IT at board-level. The same survey reveals that 66% of chief executives cannot describe the IT governance processes within their companies.
Sadly, some CIOs seem happy with ignorance at the top as they think it lets them operate without too much interference. Fortunately they are a shrinking minority, with CIOs increasingly viewing proper engagement with an informed and questioning board as essential to the alignment of IT and business strategies.
IT has become a highly significant (and expensive) corporate resource and enabler. Most businesses are totally dependent on IT to achieve their business goals and grow stakeholder value. The responsibility for ensuring that IT delivers value and that its associated risks are properly managed rests with the board.
With almost complete agreement on the importance of IT to business success, why then does there continue to be such a lack of informed engagement and understanding at board level?
A chairman of a major organisation once told me, “The only thing I understand about IT within my company is how much it costs.” In fact, he was wrong. He didn’t know the cost. “Smoke and mirrors” management accounting made it almost impossible to understand the full cost. But if you don’t know what it costs, how can you hope to understand whether it is delivering value? This is where a positive approach to IT governance will help.
IT governance presents many challenges for board members. They must be aware of the role and impact of IT on the enterprise, define constraints within which IT staff should operate, measure performance, understand risk and obtain assurance. A proper IT governance structure and appropriate metrics to demonstrate how well IT is performing are essential to IT governance.
IT governance can never be effective unless the board is able to ask the right questions and understand the answers. This requires a level of knowledge that many boards do not possess, particularly if there is no direct CIO representation on the board. Therefore there is a need to ensure that board members and senior business managers are educated about the risks associated with IT and how business value can be created from it. Equally, there is a need to ensure that IT managers fully understand the business, its prime value drivers and risks, and the marketplace within which it operates.
In highly IT-dependent businesses, the CIO should have a place on the board, either as a full or ex officio member, participating in all key business discussions and decision making. At the very least, the CIO should report directly to a board member who has a proper understanding of IT.
Business strategy is set by the board. As there is an absolute requirement for direct alignment between business and IT strategies, the only way to ensure that alignment is for the IT function to participate directly in, and contribute directly to, board-level strategy discussions. IT planning needs to be properly embedded in the strategic business planning process, so it can, among other things, keep track at the earliest opportunity of potential merger, acquisition, and divestment activity that could have implications for IT.
To discharge their IT governance responsibilities fully, boards need a reporting process that provides them regularly with all relevant key operational, risk management and financial performance indicators in a readily digestible form. Techniques such as IT dashboards and balanced scorecards can be useful ways of achieving this.
A key area of board-level responsibility is the governance and oversight of the IT-related business investment portfolio. Many companies invest heavily in IT-related business change projects, and the board must ensure these projects create rather than destroy value.
Boards must also understand that outsourcing does not discharge them of governance responsibilities. If anything, it increases them as it is all about corporate reliance on essential services that are outside their direct control.
Given the lack of relevant IT knowledge and experience on most boards, it is surprising that more do not recruit a non-executive with such knowledge. In the same way that non-executive directors are called on to chair audit committees or compensation committees, there can be significant benefit in non-execs chairing, for example, an IT strategy committee.
Yet a recent Ernst & Young survey of IT knowledge among non-executives states, “This is an area where few, if any, of our sample would have personal expertise to bring to bear.” Worrying indeed.
To help, the IT Governance Institute has published an updated version of its board briefing on how to implement appropriate IT governance processes and metrics. The document is available for free download.
Download board briefing on IT governance: www.itgi.org
Paul Williams is an independent consultant specialising in IT governance and a past international president of the IT Governance Institute