Why Boards Have Suddenly Discovered IT
Boards first began paying attention to IT in the years leading up to Y2K, according to Ann Senn, a global leader of CIO Advisory Services at Deloitte Consulting. Y2K remediation was the first major IT project that caused companies concern at the highest levels. Boards wanted to know where they had Y2K risks and what their organizations were doing about it.
It was Y2K that put Northeastern's Weir in touch with Donald Kramer, a Northeastern board member and then-chairman of the audit committee assigned with Y2K oversight. Weir worked closely with Kramer in planning and executing Northeastern's Y2K conversion; to this day, they meet once a year for dinner.
While Y2K turned out to be anticlimactic, boards have had good reason since then to keep tabs on IT, and their oversight has only grown more intense. First, Y2K spurred a great deal of spending that many CEOs and boards ultimately came to view as excessive. Then (in short order) came the US recession, with its focus on cost-cutting; the security concerns sparked by the terrorist attacks of 9/11; and now Sarbanes-Oxley, with its emphasis on internal controls, and the role that IT plays in ensuring the accurate and timely reporting of financial information. The many failures associated with complex IT projects are additional reasons why boards are paying attention to IT, according to University of Washington's Nolan, who has helped set up IT oversight committees at Novell and A&P. Boards would like to avoid the fate of companies such as AT&T Wireless, Nike and Cigna, who were sued by shareholders after highly publicized IT blow-ups.
"These are the kinds of things that can't be swept under the rug if they're mismanaged," Nolan says. "They're directly affecting shareholder value."
How Boards Bone Up on IT
FedEx created its IT oversight committee in 2000 at the behest of CEO Fred Smith. Judy Estrin, a long-time FedEx board member and chair of the committee, says Smith recognized IT's strategic importance to his company and pushed to give IT board-level visibility.
She and FedEx executive vice president and CIO Carter say the committee was also created in part to address the fact that the audit committee couldn't give systems-related questions appropriate attention with all the other financial matters they needed to discuss during their meetings. Carter says Smith's creation of a separate subcommittee devoted to IT was prescient given the fact that audit committees are so focused today on implementing all the governance and control mechanisms for Sarbanes-Oxley. "[Members of the audit committee] really don't have time to dive into all the details of system support issues and opportunities to make systems better," he says.
Not surprisingly, the companies that have created IT oversight committees - FedEx and Procter & Gamble, for example - live and die by IT. They spend boatloads of money on technology, and their CIOs are among the most well-respected in the industry. But separate IT oversight subcommittees are not for every company. (For more information on whether to establish a separate IT oversight committee or to govern through the audit committee, see "Who Does the Watching?"
Many boards that have yet to create separate IT oversight committees are adding outside CIOs to their ranks to help them assess their IT investments and guide their own CIOs. In 2002, CIO (US) identified three non-technology companies that appointed sitting CIOs to their boards of directors. The following year, three times as many non-technology companies elected current and former CIOs to their boards, including department store chain Dillard's, Yankee Candle, Green Mountain Coffee Roasters, Hershey Foods and Mellon Financial.
Alan Rosskamm, chairman and CEO of arts and crafts supply retailer Jo-Ann Stores, recruited Office Depot's CIO, Patricia Morrison, to his company's board in 2003 for her IT experience. "I was hoping to bring someone on the board who was knowledgeable enough about IT to ask the appropriate strategic questions about the application of technology in our business," Rosskamm says.
"Patty was absolutely a perfect fit," he adds.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.