This issue of BoardroomDirect® from PwC highlights results from the Carbon Disclosure Project and what the results mean for directors.
Many company directors and their chief information officers (CIOs) are struggling to understand each other's information technology needs. Directors are often challenged by IT’s complexity and related technical language. CIOs aren't always sure which information the board wants or how to simplify the discussion.
The majority of directors acknowledge investing in and leveraging IT for competitive advantage is a top priority for the future success of their company. IT is also an area that creates significant risks that need to be effectively mitigated. The CIO can play an integral part in helping directors sleep better at night by developing responsible and strategic IT investments and providing the board with regular updates.
So while directors understand the importance IT plays in business strategy and risk management, some may not be grasping the importance of the CIO relationship.
"Many boards should be asking, 'Why isn't my CIO my wingman?'" said Virginia Gambale, a former CIO who is now a director with JetBlue and two other companies. "For many companies and their boards that are trying to have a better relationship with customers and business partners, there is a technological element. So you have to wonder why the person who can give you the idea generation is not sitting there with you."
Carolyn Chin, chair and CEO of Health Wellness Solutions and a director with two other companies, reiterated the importance of the CIO to boards. She and Gambale sat on a panel on CIO optimization during the National Association of Corporate Directors (NACD) Board Leadership Conference in October.
"You can't think about a strategic change without including the CIO," Chin said. "They play an important part in the information flow processes that allow informed directors to ask educated questions."
Two recent research publications refer to the importance of the relationship between the CIO and the board in IT oversight.
The Gartner-Forbes 2012 Board of Directors Survey: Stay in Balance describes the desire for companies to increase IT spending over the next two years even during uncertain economic times. A recent book by PwC (Directors & IT -- What Works BestTM) provides a framework for directors to oversee IT. Both address the important role the CIO plays in helping boards understand IT risks and opportunities.
The Gartner-Forbes survey found that 86% of directors worldwide believe IT's strategic contribution to business will increase by 2014, with 18% saying the increase will be significant. Overall, IT was tied with sales as top investment priorities for boards. The survey also found a lot of exuberance for IT driving business and giving companies a competitive advantage. Sixty-six percent of directors agreed with the statement, "We start with people first, and IT provides the tools they need to compete." And half agreed with the statement, "In our industry, we see IT as a way to change the rules of competition."
In Directors & IT -- What Works BestTM, PwC defines an "IT confidence gap" for board members as situations where directors want to better comprehend risks and opportunities related to IT, but they don't have an adequate understanding or the tools to be effective in their IT oversight role.
The PwC book describes various approaches to director and CIO communications. It cites the 2012 PwC Annual Corporate Directors Survey result that only 18% of boards are communicating with the CIO at every formal board meeting and that 14% aren't communicating at all. This may be contributing to the IT confidence gap along with several other factors:
Don Keller, a partner in PwC's Center for Board Governance who was the chief architect of the Directors & IT book, and a panel of experts at the NACD Board Leadership Conference all emphasized the importance of the CIO using appropriate IT oversight metrics to report to the board. Keller also pointed out that directors and CIOs have to prioritize the IT issues most relevant to the company.
"There are a lot of areas to consider, including data security, mobile computing, data privacy, social media, streamlining business processes with digital means, and cloud services," Keller said. "But not all of them may be equally important to a particular company."
Keller was referring to the third step in the six-step PwC IT Oversight Framework. The framework is a process boards can use to provide a structured approach for IT oversight, including oversight practices to facilitate those all-important discussions with the CIO. Those steps include:
Such a framework can only work if a board is committed to understanding the role IT plays in the company and the opportunities and risks that are most relevant.
The IT oversight process should be continuous and provide the board with adequate information for effective monitoring.