CIOs Say Corporate Directors Are Clueless About ITAdded 16th Nov 2012
Even as companies are relying more on technology to come up with innovative business models and fresh ideas for finding new revenue, many boards of directors don't understand enough about IT to keep up. Few CIOs sit on boards and, according to PricewaterhouseCoopers, just 1 percent of directors have any technology background at all. Discussion of IT issues in meetings around the mahogany table can be measured in minutes.
There's a dangerous lack of confidence in the board's digital literacy, revealed in our exclusive survey of 250 IT leaders. Sixty-four percent say the board "doesn't do its homework" about technology matters and 57 percent say directors rely heavily on what they read in the press to evaluate IT strategy. Some 40 percent say board members "don't really care about IT."
The Board Institute, which educates and evaluates directors about corporate governance, finds that just 6 percent of companies have a board-level technology committee, where directors are assigned to focus on the strategic use of IT. Vastly more common are boards that confine IT to the audit committee, where the outlook is not proactive or innovative, but risk-averse: Protect against security threats, comply with regulations and manage the risks of big projects and technology spending.
When it comes to strategic IT, says Susan Shultz, CEO of The Board Institute, " Directors are not informed."
CIOs can change that. In fact, as senior officers with fiduciary duties and as strategists responsible for corporate growth, CIOs must change that. A board that holds a narrow, defensive view of IT leaves the company vulnerable to competition, says Evelyn Follit, a former CIO of Radio Shack who has served on the boards of six companies.
An undereducated board can also stymie innovation, says Helen Cousins, CIO of Lincoln Trust. "If they don't know about technology," she says, "they can't imagine what I'm imagining." (Read more in " Boards Want to Learn About Emerging IT Issues.")
But you have to be smart about making change. Boards are long-established institutions with norms and conventions that date back to the days of the 13 colonies. Each has its own quirks and politics. Understand that the prime duty of a board is to oversee what the executives are doing on behalf of the stockholders. Directors don't want to compare Amazon's cloud to Google's. They want to know whether--and maybe a little bit of how--to use cloud computing to create a more valuable company. CIOs should avoid technical terms but be able to explain technology. Anticipate the directors' questions and artfully lead them to the ones they should be asking.
And listen so you can learn, says Walt Hauck, former CIO of Dun and Bradstreet. Attend dinners and outings when invited, but know that it's not a schmooze-fest. Directors are "very serious and very focused on my business and they expect me to be the same," Hauck says. "This is not casual. It's not coffee."
Don't Get Preempted
Boards are beginning to realize they need to pay more attention to IT. Sixty percent of directors surveyed by PricewaterhouseCoopers say they want to devote more time to IT issues next year. Just 36 percent said so last year. They have general notions about topics they should take on, such as cloud computing, social media and mobility. But they don't know what they don't know, says Don Keller, a partner at PricewaterhouseCoopers' Center for Board Governance. CIOs "should give them a framework to discuss IT," he says.
Boards aren't used to spending much time on technology issues. Traditionally, they've been more concerned with executive compensation, legal exposure, CEO succession planning and financial issues. When a CIO is invited to present to the board, it's usually for 30 minutes each fiscal quarter, according to our survey.
Use your brief time in the board's presence, plus some background research, to assess the weak spots in the board's IT knowledge, Follit advises. Prepare a short briefing paper on a single emerging technology and convene small private gatherings to talk about it, away from the formal board meeting. Some directors can be reluctant to reveal to peers that they don't understand a topic, she says.
At Lincoln Trust, Cousins recently spent time discussing predictive analytics with board members, explaining how it's possible to identify the financial firm's most valuable customers and realign account managers to better serve them. The board is now interested in the lifetime value of a customer, seeing that information as a way to position Lincoln Trust for the future, she says.
If CIOs don't use their precious half-hour effectively, they may get preempted. When directors don't trust themselves or the CIO to evaluate the company's IT situation, they call in an expert. Last year, 26 percent of boards hired outside consultants to help them evaluate major projects or the overall performance of the IT function, according to PricewaterhouseCoopers. That's up from 15 percent the year before.
Responsible directors know that to carry out their duties to the company, they must seek outside help when necessary, says Joseph Grundfest, a professor of law and business at Stanford University and a former commissioner at the Securities and Exchange Commission. "It's common for boards to bring in lawyers or investment bankers for expertise. There's no reason they can't bring in outside [IT] consultants."
But for the CIO at that company, Follit contends, it's a bad sign. A board that brings in a consultant is dissatisfied with the CIO's ability to explain how IT decisions affect, and are affected by, corporate strategy, she says. In the intimate and intense setting of a board meeting, a keep-the-lights-on kind of CIO can't disguise that limitation with a veneer of business lingo. Follit runs an executive coaching business and sits on the board of TECO Energy. "Some CIOs can't maneuver in this new world, where they have to know an awful lot about business."
Beware the Politics
Boards can be slow to change. For example, although boards may see that business strategy intertwines with IT, there's been no widespread shift in the traits companies want in directors. Just 30 percent of directors surveyed by PricewaterhouseCoopers find IT expertise a "very important" attribute in new directors, and 31 percent are not seeking technology experience at all. They rank five other kinds of knowledge as more important, including industry and financial experience, and international business backgrounds.
Directors can arrive with unhelpful biases, says Jim Noble, senior vice president of IT at Talisman Energy, an $8.3 billion oil company. Perhaps they once suffered through a bad experience with SAP or Oracle enterprise software and automatically criticize a similar project. "They'll say, 'We did it at my company and it was a disaster,'" he says. "The number of times I've heard that!"
Truly stifling, however, was Noble's experience with the board of a large global consumer products company. As CIO, he would attend board meetings and events and afterward receive an email or a phone call from a certain director offering suggestions or asking questions. The director's comments were astute; he was a successful entrepreneur in the telecommunications industry.
When the CEO found out, he sent an email to Noble and the rest of the 10-member senior team saying that communications with board members must go through him, Noble recalls. "He felt he was being end-run," he says. "The structure of the company was very hierarchical. To reach down a couple of levels was seen as rather odd."
But Noble experienced the opposite when he was CIO of what was then AOL Time Warner. The co-CEOs at the time, Steve Case and Gerald Levin, encouraged senior leaders to interact with the board--and then some. Netscape's founder, wunderkind Marc Andreessen, was brought in as CTO and the company created a technology advisory group that included media and IT vendor hotshots. "The board and executives knew that old business models weren't sustainable and were open to a lot of ideas," he says. "That's the best board atmosphere I've seen."
What You'll Face
Some boards want to hear more about technology, but some don't. Fourteen percent of directors in PricewaterhouseCoopers' study never meet formally with the CIO. What a board wants from a CIO depends on what's going on at the company. Patti Reilly-White, CIO of Darden Restaurants, usually presents to her board about once a year and attends dinners and retreats. But she anticipates seeing the board more often for the next couple of years as Darden invests $200 million to build and implement a new technology platform. The $8 billion company, which owns Olive Garden, Red Lobster and six other chains, plans to unify IT across its brands and install mobile ordering and other services at its restaurants.
Given the size of the investment, Darden's chairman and CEO, Clarence Otis, "provides input and guidance" about this critical project, which is intended to leapfrog competitors, Reilly-White says. Otis, who sits on Verizon's board, "has the vision and is driving what we should be going after," she says.
Expect to meet with the board more often when there's a crisis or corporate transformation going on. American Airlines is trying to right itself after filing for Chapter 11 bankruptcy protection last year. Maya Leibman has attended the board's monthly meetings since being appointed CIO of the $24 billion airline in January. Leibman has presented to the directors three times, twice on information security and once on the replacement of a key system.
American Airlines director Stephen Bennett, former CEO of Intuit, asks salient questions, she says, such as about the kind of testing her IT group conducted on the new software. "Many on the board are tech-savvy," she says, "but he has insights that others don't."
Having a technology expert on the board sharpens a CIO's business wits and usually makes for an intellectually strenuous meeting, says Hauck, formerly at Dun and Bradstreet. The $1.8 billion company's board includes Austin Adams, former CIO of JPMorgan Chase, Bank One and First Union, plus a former Hewlett-Packard executive. Naomi Seligman, founder of The Research Board, an influential CIO think tank, retired from the board last year.
Dun and Bradstreet is one of relatively few companies with a board-level technology committee. There are only 12 in the Fortune 100. Establishing a technology committee signals that the board is ambitious about IT, says Estelle Metayer, founder and president of Competia, a competitive intelligence consultancy.
Financial services firms, where IT and business are nearly indistinguishable, are more likely to have such committees than companies in other industries. Other forward-thinkers with board-level tech committees include FedEx, Pfizer, Procter & Gamble and Wal-Mart. Metayer predicts that more companies will join in because IT is pervasive but also because directors are taking a larger role in assessing corporate health as well as in shaping strategy. These duties require directors to be conversant in IT issues, she says. "If your board is stacked with retired CEOs, lawyers and auditors, they're probably not questioning technology strategy well," she says. "When technology is [covered by] the audit committee, it's being overseen, but no one's gaining foresight."
Among other tasks that Dun and Bradstreet's technology committee performs is keeping tabs on MaxCV, a $160 million transformation project started in 2010 to create a real-time "data supply chain" with Web applications and interfaces.
But the committee and the full board wanted to know much more about Hauck's work than project-management reports can reveal. They delved into his approach to staffing and his views on business. Directors also looked for evidence that he collaborated well with peers, especially the heads of sales and of product development. Hauck says that when he attributed some of his own success to those colleagues, for example, and when employees of one group take jobs in either of the two others, he was able to show the board that he could cultivate healthy relationships.
Adams, in particular, drilled Hauck on talent, not wanting IT to be caught short of staff during a future merger, for example. "He says, 'I need you to have five guys as good as you. If you don't, then you're not doing your job as a leader for this company.'"
A board firing on all cylinders will challenge you--not necessarily because directors doubt your knowledge (though they may), but because they want to test your thinking, Noble says. But a CIO shouldn't feel threatened by a grilling from directors, he says. "They keep you real. They keep you connected with the marketplace."
Besides, a CIO should be used to that dynamic by now. The position reports to a CEO, COO or CFO and usually has various steering committees guiding decisions and plans, he says. "The IT function isn't autonomous by any means."
The Internal Consultant
To be in its best fighting form, a corporate board may well need a technology committee and deep engagement with the CIO, says Metayer, the competitive intelligence consultant. Some companies, such as Dun and Bradstreet, are already there. Others remain calcified in old ways. Most are somewhere in the middle.
One $5.5 billion healthcare company has no technology committee on its board, but the board calls on the CIO often to make presentations or answer ad hoc requests, says the CIO, who asked not to be quoted. The board has asked for her views on topics such as new industry partnerships and startups, the company's competition and what it needs to stay strong into the future.
That the board consults the CIO about such core issues shows that both it and the IT leader are enlightened, Metayer says. "I don't know any company not struggling with some technology issue. Diversity of thought at the board level is an important way to approach those struggles."
Read more about cio role in CIO's CIO Role Drilldown.
India's Essar Group has finally sold its operation in east Africa to Kenya's Safaricom and Airtel Kenya for $100 million after years of running the operation at a loss.
With smartphones and tablets increasingly at risk from malware, researchers from North Carolina State University have devised a new and potentially better way to detect it on Android devices.
Automation, virtualization, cloud computing -- these technology trends are transforming the data center and enabling companies to lower costs, increase flexibility and improve reliability. However, these shifts require IT, and their outsourcing providers, to rethink traditional strategies.
The first Cebit trade show in the post-Snowden era will focus on security, showing off locally developed bug-proof phones and messaging systems, as well as the ability to protect mobile devices using smartcards.
CIOs who haven't moved their companies from Windows XP by now ought to be fired, some people think, but those who haven't and are still on the job have options for saving their bacon.
The U.S. National Security Agency (NSA) has turned the European Union into a tapping "bazaar" in order to spy on as many EU citizens as possible, NSA leaker Edward Snowden said.
A phenomenal idea that reveals the damage traditional toys have had on our children and facilities how we can encourage our girls to take up careers in science, technology, engineering and mathematics.
A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware.
Malware often does strange things, but this one -- which looked like Skype installed on a corporate domain controller -- was most "peculiar," says Jim Butterworth, a security expert at ManTech International, whose security subsidiary HBGary recently found the custom-designed remote-access Trojan on a customer's network.
Microsoft will deliver five security updates to customers next week, two tagged as "critical," including one that will quash the open vulnerability in Internet Explorer that hackers have been exploiting since January.
Having lots of Wi-Fi networks packed into a condominium or apartment building can hurt everyone's wireless performance, but Stanford University researchers say they've found a way to turn crowding into an advantage.
Organizations can now add machine-generated data to their palate of information sources that can be aggregated and analyzed, thanks to a new connector jointly developed by Tableau Software, a provider of business intelligence software, and Splunk, which sells a log-file search engine.
The Tor network is in danger of being swamped by criminals abusing its anonymity to hide an underworld of parasitic botnets, malicious command and control and ‘darknet' markets, according to research from Kaspersky Lab.
Rogue adverts that use social engineering to persuade users to install malware have displaced porn as the leading method of attack on mobile devices, according to a report from security firm Blue Coat.
A convoluted web of applications is stunting the digital transformation of the world's biggest international organisations.