Board should be active in IT oversight

01/01/2012

Published on IT Business Edge.com at http://www.itbusinessedge.com/blogs/tve/?p=271

20 February 2008

As I’ve blogged before, many folks think that a company’s commitment to IT needs to start at the very top — with its board of directors.

Yet a Deloitte survey published last spring found that IT isn’t exactly top-of-mind for most boards. Just 14 percent of board members told Deloitte they were “completely and actively involved” in board strategy. Researcher Steve Andriole discovered a similar trend in his own survey.

A more recent survey conducted by the UK’s IT Governance consulting firm reinforces those earlier findings. According to a Computerworld UK article, most IT employees felt their boards had a poor understanding of IT issues.

Less than 7 percent of respondents, for example, said their boards understood the potential business risks associated with IT. More than 57 percent said their boards also did not understand the impact of legacy IT systems on the business.

Despite this, fewer than half of the companies surveyed used governance frameworks like the Control Objectives for Information and Related Technology (COBIT). Of course, there are challenges in implementing such frameworks, including staff shortages, as I blogged earlier this week.

Alan Calder, the CEO of IT Governance, advises companies to establish an IT oversight committee as a sub-committee of the larger board. Singing off on new IT projects and/or killing under-performing projects should be among its responsibilities.

I highlighted a somewhat similar approach in a blog from April. It calls for appointing three groups: a business/IT council, an advisory committee and a group that includes business-process managers and different departments within IT. One of their key tasks should be overseeing the adoption of an appropriate governance framework.

PROTECT YOUR
BUSINESS
THIS WINTER