Tensions lately have been at an all-time high in Boardrooms regarding the rapid progress in new technologies and the unknown impacts it can have on a businesses’ future performance, profitability, confidentiality of data or even continuity. The fumbling from the risks of information technology has increased, especially in traditional Boards that include members who are unacquainted with this territory and don’t appreciate the extent to which their firms depend on “information assets”. Even more so, they seem to be oblivious of the importance of information technology in shaping the strategies of their companies and the risks which could disturb their business due to system failures or security breaches. This lack of awareness often leads to a slowdown or negligence in making fateful and even existential decisions. There are many examples of global companies who did not realize the stimulus of technological developments on their businesses and their future; their hesitancy led to massive losses, shares falling and even bankruptcy.
The importance of IT governance:
Still in many Western and Eastern countries, Boards do not give special importance to the subject of IT governance, due to their unfamiliarity with the topic. Board members often lack the basic knowledge necessary to ask key questions about technology risks and around the impact of high-tech changes on the business itself. Traditionally, this responsibility is left to the information technology executives, who define the course of action according to their whims. Therefore, the lack of control over IT activities by the Board is treacherous as it could expose the organization to the same risks resulting from incompetent assets or financial management. Several global companies have understood the IT threats and risks and have created special Board committees to monitor and oversee the Information technology’s activities. The IT governance team worked closely with the audit and governance committees. Subsequently, IT governance committees were recognized and became a major and auxiliary in carving strategic decisions and monitoring company’s IT performance. Involving IT governance at Board level led these companies to gaining competitive advantages in their markets i.e.: Procter & Gamble, Vodafone, Wall Mart, and Federal Express.
The Role of an IT Governance Committee
The Boards, who decide to oversee the activities and the impact of information technology on their businesses need to form an IT governance committee. It begins by recruiting independent directors or specialists, whose main role is the preparation of the committee’s charter and its relationship with other Board committees.
After its formation the committee’s main task is to understand the IT road map of the executive management and its impact on the company’s business in the foreseeable terms. What should distinguish the work of a competent committee is its ability to bridge the knowledge and communication gaps between the executive management and the Board of Directors. Accordingly, the role of the committee is pivotal since it will help the executives to avoid digging into
technical details and technological terms but to focus on the opportunities available and draw a broader picture of their IT strategy and its impact on the business growth and success.
The committee’s role is also to review the cyber security measures implemented by the company and engage specialists to assess the vulnerability of the firm vis- à-vis cyber threats. A Gulf flavored GDPR will be applied soon in United Arab Emirates which will force most companies to review their IT and cyber security measures in order to comply with the state rules and regulations concerning user
data protection.
In addition to the above tasks, IT governance committee’s further role is to challenge the IT projects proposed by executive management and its efficacy and necessity; to assess the success of projects implemented and its contribution to the business’s progress; to inquire the adoption of certain technologies which might not benefit the firm or could be a waste of time and money.
The IT governance committee is as important as the audit committee. Its role helps to balance the current business and future needs; ensure the seriousness and feasibility of investments in IT projects; ensure the protection of “digital assets” and “business continuity”. The relationship between these two committees should be close; for IT matters can affect economic and regulatory
issues, IT governance committees are geared to understand the fundamental dynamics governing changes in technology and its ability to transform the company’s economic outlook.