Information technology and the board of directors.

Ever since the Y2K scare, boards have grown increasingly nervous about corporate dependence on information technology. Since then, computer crashes, denial of service attacks, competitive pressures, and the need to automate compliance with government regulations have heightened board sensitivity to IT risk. Unfortunately, most boards remain largely in the dark when it comes to IT spending and strategy, despite the fact that corporate information assets can account for more than 50% of capital spending. A lack of board oversight for IT activities is dangerous, the authors say. It puts firms at risk in the same way that failing to audit their books would. Companies that have established board-level IT governance committees are better able to control IT project costs and carve out competitive advantage. But there is no one-size-fits-all model for board supervision of a company's IT operations. The correct approach depends on what strategic "mode" a company is in whether its operations are extremely dependent on IT or not, and whether or not it relies heavily on keeping up with the latest technologies. This article spells out the conditions under which boards need to change their level of involvement in IT decisions, explaining how members can recognize their firms' IT risks and decide whether they should pursue more aggressive IT governance. The authors delineate what an IT governance committee should look like in terms of charter, membership, duties, and overall agenda. They also offer recommendations for developing IT policies that take into account an organization's operational and strategic needs and suggest what to do when those needs change. Given the dizzying pace of change in the world of IT, boards can't afford to ignore the state of their IT systems and capabilities. Appropriate board governance can go a long way toward helping a company avoid unnecessary risk and improve its competitive position.