Following a number of high-profile project train wrecks last year, we ask if there is enough understanding of IT at board level. Clare Coulson spoke to those in the know to get some answers…
“This topic is actually a very timely one,” says Paul Matthews, CEO of the Institute of IT Professionals (IITP), when iStart spoke to him. “A number of things have happened over the last few months that have really brought the awareness of good IT governance and good IT understanding on the board to the fore.”
These “things” include the establishment of the IT Governance Taskforce made up of the IITP, the Institute of Directors, the office of the Privacy Commissioner and Standards New Zealand. “The purpose of the taskforce over the next 12 months is to significantly raise the awareness of IT governance within IT boards of directors,” says Matthews, who believes that as technology has evolved from being a back office support tool to a core strategic asset the thinking around IT at board level has not always kept up.
“A board has an accounting background and a legal background because the purpose of the board is to make sure that the company is not going to go under and that it is adhering to the legislative requirements. But in terms of technology it’s really just in the last 10-15 years that we have seen it move to the front as a strategic enabler to organisations. In short, boards, as a generalisation, haven’t really kept on top of that and caught up,” says Matthews.
The Tech Divide
These days IT is a big part of executing the strategic direction set out by the board of directors, so, as Ralph Chivers, CEO of the Institute of Directors says, “Any board needs to understand at the strategic level both the opportunities and clouds on the horizon that changes to technology introduce.
“It’s not about a specific piece of technology, but about how the business environment is changing and, at the other end, how that influences what a company is providing its customers and how it might provide it better.”
Directors these days should be competent and capable enough to understand IT even if they are not IT professionals or they will not be able to discharge their duty.
There are a number of companies that can be singled out as very good at IT governance, such as Air New Zealand, the big banks, companies in the technology space and small, start-up-phase companies where the board members are perhaps a little younger. But there are also plenty of examples of boards that are struggling.
Phil O’Reilly, CEO, Business New Zealand says part of the problem is that technology is seen as the preserve of the “black T-shirt brigade”.
“Far too often it is seen as being and end unto itself rather than a driver of business success. And those who know quite a bit about the technology are unable to effectively communicate how it will build business success, so often there is a gap in understanding between those who might not be particularly IT literate and those who are.
“As much as anything the difficulties we see at board level will not be because the board members are incompetent or incapable, but more because there is not effective translation between those who know about technology and the members on the board.”
Effective companies don’t treat technology as a separate department but as part of the way they do business and they weave the IT strategy in to the overall business strategy.
“Technologies that allow you to change the game are the ones where there is a very big overlap with strategy. That is where the role of the board comes in to play, that’s where they should be engaging, to the extent that if they don’t have those skills around the table then they need to do something about that,” says Chivers.
Bridging The Gap
Progress has already been made in narrowing the divide between IT functions and the board, especially as younger directors, who have had more dealings with ICT as a core part of the business strategy, come up the ranks. Some companies, such as the aforementioned Air New Zealand and big banks, have already excelled but there is still a long way to go for others. Unfortunately, there are plenty of examples of IT projects, particularly those in the public domain, that have gone horribly wrong despite being very well intentioned, and big IT projects are perceived as being very risky as a result. They have a reputation for gobbling up a huge amount of money, going over budget and not being delivered on time and they ‘fail’ more than they should. Matthews suggests, “Maybe that’s why boards get scared and are running a mile. But in actual fact that’s exactly why boards need to get serious about IT governance. A lot of the time IT projects fail because there’s not good governance and strong project management in place because boards don’t understand what they need to be doing to get it right.”
The most obvious answer may seem to be to get more CIOs around the boardroom table. But Chivers says, “I’m not a big fan of the ‘boards need to understand IT, therefore we need more CIOs on boards’ mentality. To me that’s jumping to a solution without answering the question. That is where I make a distinction between who needs to be at the boardroom table and what the board needs to understand. In some companies it may well be entirely consistent with that company’s business and target market to have a CIO on the board. But that role, as most people are becoming increasingly aware, is a very serious and quite onerous one from time to time. So the people whose knowledge and insights you want to access may or may not be appropriate to sit on the board.”
Accessing the appropriate information on IT initiatives may involve approaching the organisation’s own management team, or specialist external consultants, or it may mean some of the board members educating themselves by extending their reading, taking a course or seeking out good advice from other better qualified directors. “A lot of people are very well practiced at advising boards,” says Chivers, “I’ve often suggested to people that they get a younger person involved because they get how the world is changing.”
Moving On Up
Added to that, Business New Zealand’s O’Reilly says that because the ICT sector evolves so rapidly “the challenge of staying on top and the risk of getting it wrong are significantly heightened compared to, for example, HR practices”. That’s why he believes that more ICT people on boards can only be a good thing. “It’s now much more common in larger companies to have a CIO reporting in to the CEO. We need to recognise the business capability of our senior IT specialists and make sure that they are also trained to be able to act as line managers and eventually CEOs and board members.
“Right now they are seen far too much as being ICT specialists, which is different to being a CEO. We need to create much more of a pipeline for ICT people and they need to make sure that they are training themselves to take over more mainstream roles such as line manager. It’s quite uncommon for CIOs to become CEOs so we need to more actively build up the cohort of ICT professionals who are capable of acting as that bridge, who clearly understand business concepts, can clearly operate a business but at the same time do ICT.”
Giving The Right Signals
Being able to communicate at executive level goes a long way to bridging the knowledge gap. Technology needs to be talked about as a business issue not a technical one, and described in such a way that a board can competently deal with it, much as it would deal with a legal issue without having a legal background. One thing is for sure these days. IT has a much larger influence across an organisation than many of the legal issues that boards tend to grapple with ever will.
O’Reilly says, “We need to be more deliberate about making sure that we build ICT literacy into the executive suites of businesses and then into boards. That means we need to train ICT people and they need to be willing to be trained to do exactly that.” Matthews agrees, saying “Generally IT people are not necessarily the best communicators, they can be quite introverted, partly because of the type of work that they do.”
That said, he also believes that you do not have to be a technologist to be a good CIO. Someone who has come up through the IT ranks and has polished their skills around communication and strategic thinking may have an advantage, but someone with a good grasp of technology, a strategic mind and an ability to gather and communicate information can also succeed very well. The new CIO role is a strategic and not a technical one, and that is where many in IT are failing.
Paving The Way
Good governance around big projects is critical to their success. Chivers says the board must be satisfied that over the lifecycle of a project there is sufficient investment, training and change management on the table to ensure that it is going to be successful.
“That means they should be satisfied that the governance is in order and if they don’t know what good IT governance looks like they should get in advice about that.”
A lot of directors and shareholders who are appointing directors don’t understand the importance of good IT governance, says Matthews, and that is why the IITP and the Institute of Directors have joined together in the past few months with the office of the Privacy Commissioner and Standards New Zealand to create the IT Governance Taskforce that will raise the awareness of its importance.
“The Institute of Directors has a new CEO in Ralph Chivers and he has more of an IT/telco background, so he’s pushing quite heavily for IT governance adoption,” explains Matthews. The Institute of Directors is also incorporating a lot moreIT governance material within its director courses. “Generally speaking, directors, as they start getting involved in larger organisations, do the directors courses through the Institute of Directors and that’s really a way that we [the IT profession] can touch them as well.”
ISO/IEC standards are another way for boards of directors to be able to ensure they have done their due diligence. While the standards are optional, some would argue that if they exist then boards could be called negligent not to use them. The ISO/IEC 38500 is an international standard for corporate governance of information technology. It provides a framework for effective IT governance to assist those at the highest level of organisations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organisations’ use of IT. Unfortunately, Matthews believes that only a very small number of boards actually know that the standard exists let alone implement its framework.
On Track
ICT is a massive enabler and a massive business opportunity but often its benefits get lost in translation. ICT professionals need to work on their strategic understanding and communication skills, while board directors need to work towards having some capacity to understand the big issues between what a good ICT strategy looks like, how it links with business success and the risks inherent in any proposed project.
O’Reilly says, “A board would not be being effective if it spoke about ICT for half an hour in a day-long session and thought it had done its job. No. Every time the board members think of a new strategy, every time they look at a new market or talk about a new investment they must turn their minds to the ICT implications of that, just as today they turn their minds to the financial and legal implications.”
Not to do so is a train wreck waiting to happen.
Signals For Success
Here are some questions that board members should be asking about IT and that senior management should be prepared to answer.
- What is being done to ensure we maintain our competitive advantage?
- What is being done to ensure we improve productivity?
- What investments should we be considering for the future?
- As we look to the future, where are we at with risk?
- Where are we on the basics?
- What should we be looking for in our CIO?
Source: Gartner-Forbes 2012 Board of Directors Survey: IT Can Change the Rules of Competition
This article was originally published in iStart Technology in Business magazine