The purpose of the governing body, or board of directors, is to direct and guide the organization to the right direction.
Corporate governance is to make sure that management is doing its job properly. So the governing body (BoD) must define management’s job – which is embraced in the purpose, objectives, strategy and policy of the organization – and must monitor management’s performance and conformance in order to verify that what was specified is what is actually happening.
Now more CIOs have been empowered to have a seat in the boardroom because IT plays a critical role in strategy, data/IT governance and risk management in the digital era. What it means is that the IT function should be helping the business leaders and BoD to identify and understand the opportunity, implications and constraints arising from the organization’s use of IT and the use of IT that occurs in its ecosystem.
How CIOs should well prepare for such new journey, start with set of Q&As:
1. What is the ultimate purpose of the Board of Directors (BoD)?
The purpose of the governing body, or board of directors, is to direct and control the organization, according to the laws of the jurisdictions in which the organization is domiciled and in which it operates. This purpose is generally known as “corporate governance”. While “corporate governance” can be modeled in general terms, and while certain aspects of corporate governance are heavily regulated in some jurisdictions, there is no standard model for corporate governance because the context for corporate governance includes a wide range of circumstances and capabilities which are subject to constant variability.
So the governing body needs to develop a good sense of the appropriate scope of decisions, and what are pertinent to its role versus what are really the purview of management.
2. What is Governance really?
1) Corporate governance is frequently held to include: Selection, appointment, remuneration and removal of the Chief Executive Officer and possibly other executive roles;
2) Determination of which powers are retained by the governing body and which are delegated to management, along with constraints that may apply;
3) Oversight, supervision, development and mentoring of management, typically at the higher executive levels;
4) Setting the objectives, strategy, and policies of the organization, either directly, or through some levels of delegation to management;
5) Monitoring of the performance and conformance of the organization in respect of the objectives, strategy, and policies, together with monitoring of management in its realization of the required performance and conformance;
6) Stewardship of the organization’s resources, which typically include financial, human, intellectual and physical assets, relationships, and the organization’s business design, systems and capabilities. Stewardship increasingly also extends to the organization’s use of natural and environmental resources as demanded by market pressures and, in some jurisdictions as required by law;
7) Oversight of critical aspects of organizational development and change, including awareness of market developments and pressures, approval of plans, allocation of funding and tracking of outcomes;
8) Ultimate accountability to shareholders and the courts for the performance and conformance of the organization, for the effectiveness of the direction and oversight provided, and for the timeliness and caliber of action taken by the governing body.
3. What is the role for the BoD in strategy (Architectural thinking, Information driven perspective)?
The Board is accountable for strategy and responsible for ensuring that the strategy being followed is appropriate for the organization and the environment(s) within which the organizations operates. The Board does not develop strategy; it delegates that task to Management
- The board is accountable for the 'architecture of the enterprise'. An interesting (missing?) question is: What is the Board's involvement with Enterprise Architecture? Clearly the Board is accountable for the 'architecture of the enterprise' and is responsible for ensuring that the enterprise has an appropriate 'architecture'. What is, could, should their role be. Contribution to the business strategy and business change agenda are the two places where most EA value can be added, and at the earliest stages of the cycle, thereby reducing the investment necessary to realize greater enterprise outcomes and/or earlier realization of enterprise aspirations
- IT is the business catalyst. More often than not, IT directly impact on strategy shaping. The boards may ask information management three questions about strategy.
1) What developments in the capability and use of information technology are critical to strategic future, and how are we responding to them?
2) What demand does strategy create for new information technology-enabled capability, and how will we bring that to reality?
3) What limitations are imposed on strategy by the constraints of the information technology currently used by our organization and in our ecosystem?
4. What role do corporate governance methods and the various functional groups play in overseeing change in the organization?
1) What role(s) do IT (or the various functional groups) play in Governance in general, and in overseeing change in the organization?
While none of the items in governance description explicitly mentions information technology, it must be understood that information and information technology are at the current time the focus of immense market development and pressure and key aspects of organization development and performance throughout the business cycle. IT oversees enterprise-wide information which is life blood in modern businesses. As such, IT plays a significant role in overall business governance, relevant topics are important enough to warrant explicit board attention within the overall framework of resources and governance in general.
2) What are the possible governance methods, techniques, structures, etc.?
Governance methods, techniques, structures, etc. would need to be defined *before* commenting on the role they and various functional groups play.
The "possible governance methods, techniques, structures, etc" is base on the design of management system which generally have a strong process element and the manner in which those management systems mesh with the governance arrangements. In most of the organizations, there are quite clear processes for the interaction between management and the board
5. "Where, when and what" would one expect IT to enter the Board conversation?
Traditionally, “Information governance", a better term might be "information management", is an activity which should happen below the Board and Board Committee level. The Board's involvement might be to review and approve *broad* information management policies. However, the speed of change is accelerating, IT should more proactively participate in big conversation through the right touch point and at the right time.
- IT should enter the board conversation at several points
1) Business Strategy: Because it is a key enabler of future capability and a critical aspect of continuing business activity in most organizations.
2) GRC Management: Because market experience is of unacceptably high risk of negative outcomes for IT-enabled and IT-linked change. IT is prominent in market disruption which can result in major opportunity and major damage.
3) IT oversight: IT projects frequently fail to deliver intended and appropriate business outcomes and IT failures frequently cause a significant negative business impact.
When IT will be on the Board's agenda can have no single answer, it depends on:
(1) The business significance of IT
(2) The size of the investment
(3) The risks involved, and other factors including, every opportunity evolves IT, risk and opportunities are so interweaved.
- What IT should be considered in BoD Agenda:
2) as an integral and increasingly important aspect of ongoing business viability; and
3) as an enabler of, but not the only aspect of, business capability development.
6. The Dilemmas facing IT Leaders in Big Conversation
- Too many people in the corporate governance space are reluctant to ask questions about IT, as IT is newer compared to other functions such as fiancé, IT may face hostile attitude to the notion that information technology makes a difference. A major enabler to a better conversation about IT is for that conversation to be an integral part of the business conversation, with the business leaders positioning and presenting IT as an integral part of the current and future business… which is the reality of most organizations today?
- IT is still being perceived as a supporting function in many organizations. How to refine fresher image of IT? And while this is a responsibility of the IT function, it must also be a responsibility of the overall business leadership because we can't reasonably expect the IT leaders to know everything about everything, or to be the sole source of new ideas!
- The dilemma about the breadth and depth of IT conversation: Because IT is an enabler of current and future capability for both the organization and its ecosystem (the market comprising competitors, suppliers and other agents, regulators and so on) much of the board conversation about IT should be framed in respect of the business activities and the ecosystem. However, because IT is also a clearly identifiable resource with an identifiable framework of important considerations, some aspects of the conversation should be focused on specifics of the technology, as is the case with human resources and other assets.
And what that leads business to is a realization that the real challenge and the real opportunity in improving (corporate) governance of IT are in reworking the management systems for planning, building and running IT so that they are integral aspects of the corporate management systems for planning, building and running the business
7. How best to evaluate the Board's performance in utilizing IT to achieve the business purpose?
Ultimately the board’s performance is reflected in the performance of the organization. However, there are shorter-term perspectives through which one can assess whether the board is effective – because if the board is effective then so too should be management and the activities of the organization. In respect of IT, if the organization is maintaining its appropriate and consciously chosen posture in respect of market leadership, if it is successfully delivering its program of IT-enabled change, and if it is delivering acceptable IT-enabled operational performance, if it always has IT-literate board director to participate in conversation, one can view the board performance as being satisfactory in this regard.