A user-friendly board guide for effective information technology oversight

Overseeing a company's information technology activities is a significant challenge for directors. The pace of change in this area is rapid, the subject matter is complicated, and the highly technical language used to describe emerging technologies and evolving risks makes this a challenging area. And many companies are relying more and more on technology to get ahead, often prompting substantial changes in how they operate. All of these factors can make the board’s IT oversight responsibility appear harder than it is.

The “IT confidence gap”

Our research, which included surveying 860 public company directors, indicates many board members are uncomfortable with overseeing their company's IT. Although many directors want to better comprehend the risks and opportunities related to IT, they sometimes don't have an adequate understanding of the subject to be truly effective in their oversight roles. In addition, boards often lack a well-defined process that satisfies their needs in this area. On the whole, this confluence of factors creates an “IT confidence gap” for many board members.

IT Oversight Framework

What can the board do to bridge the “IT confidence gap?” Structured frameworks for IT professionals and management already exist; however, they are not designed with the board's oversight role in mind. To fill this void, PwC developed Directors and IT―What Works Best: A user-friendly board guide for effective information technology oversight, which introduces our IT Oversight Framework, to help boards figure out “what works best” to oversee IT at their companies.

The IT Oversight Framework is a six-step process that:

  • provides a structured approach for boards to help with their oversight responsibilities,
  • offers flexibility for customization based on the company's specific circumstances,
  • includes leading oversight practices to facilitate discussions with the CIO, company management, or outside consultants, and
  • may help identify IT issues that may not currently be on management's or the board's radar.