We live in an era where IT is a crucial contributing factor to the competitiveness of many organizations. Yet empirical evidence seems to indicate that boards of directors are not as involved in IT-related strategic decision-making and control as they should be. That’s why University of Antwerp - Antwerp Management School, CEGEKA, KPMG Belgium, and Samsung Belgium have developed a toolkit which acts as a guidance on how boards can take up their accountability in governing the digital assets. By developing such tools, we hope to contribute to facilitating board members to gradually engage in decision-making and control of digital assets.
STEP 1: Articulate an understanding of the role of IT in your organization
The first step is to understand and determine IT’s role in your business. We have developed a grid with four “IT use modes”. A company has either a high need or a low need of new IT. A high need requires an offensive IT strategy, while a low need requires a defensive strategy. The second axis is the need for reliable IT. Within a defensive strategy, a high need for reliability results in the factory mode, whereas a low need for reliability results in support mode. Within the offensive strategy, a high need for reliability results in a strategic mode, whereas a low need results in a turnaround mode.
It is important to know in which of these sections your company fits. Only then you can go to the next step.
STEP 2: Establish the appropriate governance structures
Next, it is up to the board to ensure that the organizational capabilities are designed in such a way that they can meet these requirements. Depending on the role of IT in the organization, an appropriate governance structure needs to be established.
For organizations in the offensive mode, the board should consider to include the IT-related topic as fixed agenda item. To achieve this, a member with IT-governance expertise should be appointed. Another option is to establish a separate IT Strategy and Oversight Committee at the same level as the board-level audit. This facilitates deliberations on technology.
As IT is less important to your business, it is sufficient to take up the IT oversight role as part of the duties of the audit committee. This results in an adequate focus in the risk aspect, but however results in insufficient attention towards the value and performance aspects of IT.
STEP 3: Give direction and provide oversight by asking critical questions
Once IT governance has reached board level, it is crucial to start asking tough questions and, most important, take actions. We developed the main questions for each of the sections (see image). In asking and answering these questions, a climate of openness and transparency will arise between the board and executive management on IT-related topics. This implies a pivotal role for the CIO.
Interested to read more about this toolkit? Download the toolkit!