Elizabeth Valentine finds it fascinating, even incongruous, how research from industry bodies and corporations consistently rate technology as a ‘mission critical’ priority for up to 90 per cent of company directors and senior executives. Yet fewer than 20 per cent of these boards feature technology literate people.
For Valentine, managing director of consultancy firm Enterprise Governance, this gap can prove fatal for organisations across private sector and government.
Boards not only need to know about how business technologies provide insights leading to new revenue sources, or lowering operational costs. It is also about understanding the risks technologies pose as more organisations adopt digital platforms.
These can range from a security breach that brings down a brand, to a smart startup using technologies to make inroads into the organisation’s commercial space.
Valentine is on a mission to fill the knowledge gap and has coined the phrase ‘EBTG’ – enterprise business technology governance – as the imperative.
“Boards set the tone for the organisation’s digital future and culture,” says Valentine, who is completing a doctorate in information technology at Queensland University of Technology and is a guest lecturer in its MBA program.
“They need EBTG competency to spur innovation and more strategic use of IT, and to ask the right questions of the executive team.
“It is not about information technology anymore. It is all about all of those technologies on the ‘third platform’ (IDC’s term for the rise of cloud, social, mobile and big data technologies) that either connect to the external environment, or relate to the architecture and infrastructure inside the organisation.”
Valentine, who was a CEO for 10 years, shares a personal experience when she sat on the board of an organisation. “I was a lone voice raising technology related issues,” she said.
“I would receive one of two responses. One was, ‘Oh, there she goes again’; the other was that technology wasn’t the business of the board, it was the business of the IT department.”
Valentine pursued the issue with this board as she could foresee a serious risk for the organisation when it needed to make a particular technology investment.
“I was ignored and the rest is history. In fact, the risk came to be and while it’s nice to feel vindicated, I suggest this situation could be more common at board level if the quality of debate even occurs,” she claimed.
“Too many boards continue to delegate accountability for technology to management, and do so at their peril.”
Mark Baker has been a member of the New Zealand Institute of Directors since 2009 and is actively engaged with boards across sectors. He noted how important it is for boards to discern the risks and opportunities technology presents.
“Many leading companies in their field five years ago have lost that position or are no longer in business,” he said. “Technology has enabled startups to compete and disrupt the existing industry structure.”
Baker heads the board for United Logistics and is on the advisory board of two other technology companies. He is also member of the board of trustees of the Our Lady of Sacred Heart in Auckland, helping teachers with their technology strategies.
Elizabeth Valentine, Enterprise Governance
Too many boards continue to delegate accountability for technology to management and do so at their peril
Potentially, CIOs can operate as coaches to the board and are also “great candidates” for future directorships because they work across the business, and have knowledge of people and technology, he said.
But it is not enough to be a good CIO. “You have got to build credibility first,” said Baker, who has held CIO and chief operating officer roles and is now principal at MIH Consulting.
“You cannot go from being CIO to a director of even a medium-sized company unless you own [the company].”
For CIOs wanting to take this career path, Baker suggests becoming a trustee in a not-for-profit or a school. “You have to have good engagement skills to work well with a not-for-profit,” he claimed.
“If you can work well with a not-for-profit on governance, that means you are going to work better with a commercial board.”
The goal, Baker said, is to understand what governance is when you do not have control. “How do I manage governance obligations here? What really matters and what doesn’t? How important is technology versus human capability or financial security to achieving our strategies?” he asked.
Figure out a pathway to build experience, he advises, because networks are important as a director, and influence matters a lot when you are on a board.
“Boards operate best when they can have robust debate to drive consensus and strategic alignment - but they need to do so in a collegial manner.”
“That is why engagement is so important,” Baker said. “You can’t be an expert in your field, and want to be the expert on the board table. You have to have stakeholder management [skills] and leverage the collective expertise to deliver the best result. It’s about influence as opposed to directing.”
Getting an unfair advantage
Gartner analysts, Dave Aron and Jorge Lopez, suggest every business should have a digital non-executive member on its supervisory board, as well as all significant groups and decision-making bodies.
These digitally savvy board participants provide an “unfair” advantage to organisations as digitalisation continues to grow, they stated in the recent report, Digital-Savvy Nonexecutive Advisors at All Levels of Your Business.
“Digital-savvy non-executives are neither magic bullets nor the whole answer to the digital question,” they write.
“They can, however, help significantly in terms of pushing the boundaries of your company or public sector agency's thinking by tempering overenthusiasm with a dash of reality, and challenging overly conservative digital inertia with authority.”
The need for non-executive digital directors will not last forever, as the goal is for every business leader to become a digital leader. But for the next 10 years or so, they will be invaluable.
The ICT community has had several proponents advocating for business technology leaders and their executive colleagues to increasingly work together to improve technology competency at a board level. Among these are independent business consultant, Robin Johansen, and Maxsys principal, Murray Wills.
Johansen believes the issue is better highlighted now in corporate boards compared to five years ago, when he was CIO at Beca Group and met with the Institute of Directors on the issue. Wills agrees, noting how the institute recently issued a director’s brief for members on technology governance.
The rise of advisory boards will likewise open the door for CIOs to become advisers or mentors to the board on technology issues without having all the skills that a director needs, says Johansen.
So how can business technology executives prepare for these roles?
“If you are looking for directorship, a not-for-profit is a safe place to start,” advises John Holley, regional operations director at Jericho Digital Communications and a director for ChildFund New Zealand, part of a global organisation helping children in developing countries.
“They need a broad range of experience in corporate governance. ICT is fundamental, therefore CIOs can add real value. Because of their knowledge, they can also help [these organisations] save an incredible amount of money.”
There is a personal benefit for helping the sector as well. “A lot of organisations talk about social capital and how they can contribute to New Zealand,” Holley says, and this is one way business technology leaders can help.
Shane Martin, previously a CIO at large real estate groups Mirvac and Stockland, was a non-executive director at ASX-listed technology company CommSecure between 2001 and 2004.
He served on CommSecure board during his time at law firm Phillips Fox (now DLA Piper) as a way to “get some extra-curricular work,” as he described it.
“At Phillips Fox, I was involved in providing advice ‘pro bono’ to a couple of boards [at companies] that were clients of the law firm. Then I had an opportunity to join CommSecure,” he said.
Martin provided the CommSecure board with valuable input around how to take the technology services company out into the market and have the conversations with CIOs and business executives they needed to reach.
“Their strategy at the time was a little disjointed so there was a need to take a step back and purely focus on what the core business of the organisation was going to be.”
But Martin and his board colleagues had to deal with a hostile takeover bid from Perth-based dot com corporate raider, Farooq Khan.
“The share price of CommSecure that the time was trading less than we had cash in the bank so it was a takeover target,” Martin recalled.
“I didn’t expect to be joining an organisation and spend the first five or six months getting embroiled in investment banking type issues associated with whether or a not a takeover bid was a good thing for the shareholders,” Martin said.
Khan was eventually warded off by a “white knight” investor, enabling the board to focus on the business strategy, he said.
Martin recalls his director fee being “quite modest” and CommSecure’s chairman expressing his disappointment that he couldn’t pay board members a higher fee.
“The time was probably way more than some of the directors on the bigger listed companies have to put in – we had all sorts of meetings going on at all sorts of times over a period of months,” he said.
“So it’s important not to underestimate the amount of time that a “small cap” company requires of its directors.”
Martin added smaller company with external boards “very much expect you to bring a strong opinion to the table” and be prepared to debate that approach with the leadership team and other directors.
He said he was able to do that on the strategy side but less so on the takeover issues.
“I have extensive involvement with takeovers, mergers and acquisitions elsewhere in my career but not as a director,” he said.
Martin left CommSecure in January 2004 due to a conflict of interest when he took up the role of general manager at IT services firm EDS (prior to its acquisition by HP). CommSecure was de-listed and liquidated in 2009.
So would he serve on a board again? “Absolutely,” he said. “My leaning would be more towards a company that is in another sector another than technology because that’s where value can truly be added by folks with the experience that I’ve had.”
Martin said leadership teams get excited about cloud computing and mobile apps and many senior people believe IT is quite simple “because they have an app on their smartphone.”
“But they don’t necessarily have an appreciation of the risk their company might be taking on,” he said.
This particularly important in areas such as reporting and managing data breaches and how an organisation undertakes penetration testing. Martin said it’s important that company directors get the right advice.
“I’m not just talking about the white hat hackers sitting in the dark room somewhere trying to find an open port. I am talking about the social engineering aspect where they might have someone walk up to reception, masquerade or tailgate some way into the building and all of a sudden they are on the premises,” he said.
“I’m not sure how many boards are asking the questions as to whether or not they are undertaking that level of scrutiny around security of their systems.”
Martin agrees that the board makeup in many corporate organisations across Australia doesn’t reflect their dependence on technology and the risk associated with IT.
Next up: Being an all-rounder
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.