03 Mar The Tech Deficit
You would be hard pressed to find an organisation that doesn’t see technology as a strategic driver. In fact, a PwC survey recently launched at Davos shows widespread concern amongst CEOs that their businesses haven’t done enough to develop the technological capabilities to support strategic objectives. For most businesses it’s critical: it’s either at the core of their product or it’s at the heart of essential processes. IT security matters hugely for even the smallest business: communication, data protection, information…
But, for all its importance, boards often still lack the expertise to ask the right questions. Most acknowledge this gap but find it difficult to overcome. Reasons to delay (or convenient excuses) are easy to find: a limited pool of the right experience to recruit from, or the needs across the multiple threads of “technology” are too wide… Plausible, but not really adequate responses for such a critical aspect of strategy, delivery and risk.
Like all things there’s no easy answer, but here are some suggestions to consider.
Good practices to consider…
Work out where independent oversight is most needed today and over the next few years. What’s planned that will most need it? Are there major IT projects and systems integration envisaged that might be the priority? Is innovation increasingly a critical strategic and competitive driver? Is it about data or design? About process efficiency or product? The area(s) of greatest need will drive the experience requirement.
Things to avoid…
Lumping it all together under the item “IT” oversight. In practice quite different angles fall under this umbrella term, but they can end up being compressed into a single agenda item, usually accompanied by a single long, hard-to-follow slide deck. And then the Board is expected to respond coherently with questions covering a very broad range of issues and implications.
Good practices to consider…
Look across the agenda to surface the tech implications across the whole business, not just focus on the obvious “tech items”. That way you’ll understand better the oversight needs. There will be many angles: strategic, risk management, people, financial, operational performance… And highlight these up-front in the board papers.
Things to avoid…
Failing to recognise the IT implications, drivers or risks across the agenda. Technology will have an impact across many different items on the agenda. So the nature of oversight and focus of questioning will need to vary across the discussions.
Good practices to consider…
Pin down what IT-specific experience you need on the Board, given what’s required from your oversight. What balance do you need around technology strategy and innovation, data management, major project governance, security…? And how is this likely to be impacted by strategic and external changes? Identify clearly how this ties in to your future strategic needs and risk profile. And feed it into your skills analysis and succession planning.
Things to avoid…
Letting “we can’t find the right mix in one person” mean that you end up with no one at all. It probably will be the case that you can’t find the right combination – but that is true of other areas of NED oversight too. Most boards accept that such compromises are necessary in relation to other specialisms – and so they are in the tech space too.
Good practices to consider…
Recognise that the Board – one way or another – needs to be able to ask the right questions and to understand the response. Technology is complicated and full of jargon that can lose the non-specialist. And lose them in a way that would be unacceptable across other areas of board oversight responsibility and risk.
Things to avoid…
Relying too much on the Chief Technology Officer. Boards often tell us ”the CTO is the only one who gets this so they are all we have to go on”. But that’s like an Audit Committee admitting they don’t probe the numbers because no one but the CFO can decipher them. There may be some amongst the NEDs who have experience of big IT projects. But that’s only a part of the picture – and anyway, technology moves so fast that this sort of experience is a rapidly wasting asset.
Good practices to consider…
Recruit a NED with strong tech experience if you possibly can. Their CV may not cover every angle but, if it’s relevant to the priorities, it should be enough.
Things to avoid…
Giving up because “they are too hard to find” even though you know that strategically it matters. This might just have to be the exceptional case where you break the mould and go for someone younger (and score points for age diversity ?). Yes, the usual problem of finding currently-serving executives with the time would have to be overcome, but many organisations welcome the opportunity for their CTO to get broader business and governance experience
Good practices to consider…
Accept that this may be one area where you just need to appoint “a specialist NED”. While they might not naturally contribute across the whole of the Board’s agenda, that can grow with experience. And some can be very good at asking those valuably “naïve” questions.
Things to avoid…
Using the explanation that you don’t want “specialist NEDs” who just sit in their box. That typically won’t hold, as long as you make expectations clear. Experienced technology specialists will most likely have a broad corporate view as they have had to interact with and support many parts of a business. Most will want to work across the topics in any case. And if you’ve surfaced the tech aspects across the agenda, a wider involvement will follow naturally.
Good practices to consider…
If you really cannot recruit a suitably-qualified NED, look at other options – and maybe bring an outside expert in. This can be for a regular committee slot or an occasional item at the Board. This isn’t the ideal solution as the “tech” angle should be a thread across the whole agenda. But it’s a lot better than nothing.
Things to avoid…
Being daunted by the practical difficulties of using an outside expert in this way. Some organisations manage it perfectly well – why shouldn’t yours?
Good practices to consider…
Be honest and objective about how well executive-level governance is working. Is the CEO really in a position to understand what the CTO is doing? Who is able to challenge at the executive level before proposals and updates reach the Board?
Things to avoid…
Relying on executive governance in the same way as in other areas: the controls environment, the checks and balances, the management oversight from senior levels. Are you confident that senior management’s oversight doesn’t suffer from the same challenges as the Board’s? The Board should at least understand where the senior challenge comes from and how well grounded it is.
Good practices to consider…
Look critically at the assurance and control functions. How much relevant tech expertise sits in the 2nd Line of Defence (Risk Management, Compliance…) and in Internal Audit? Are co-sourced specialists being used well? And are the external auditors deploying the right expertise in the right places?
Things to avoid…
Failing to understand the level of technology expertise outside of the IT function, especially across the control and assurance functions. A board has to depend on this so it needs to have a view on how far this reliance is justified. The CEO should share their view. It often needs outside experts to help clarify this.
Good practices to consider…
Ask about how the organisation learns from its problems and those of others. When things go wrong (projects, breaches, disruptions..…) how does the Bboard know that lessons have been learned and implemented? And can management show the Bboard how they have looked at problems elsewhere and asked “could this happen to us?”
Things to avoid…
Ask about how the organisation learns from its problems and those of others. When things go wrong (projects, breaches, disruptions..…) how does the Bboard know that lessons have been learned and implemented? And can management show the Bboard how they have looked at problems elsewhere and asked “could this happen to us?”
Download This Post
To download a PDF of this post, please enter your email address into the form below and we will send it to you straight away.