Table of Contents
I sit on a number of boards, including public, private, and not-for-profit, and I can assure you every one is different, however the debate around IT is common to all, and revolves around the question: 'How do we get a grip on this critical corporate asset that has become an integral part of most businesses and government agencies?'
The consequences of project and operational failure can bring a company to its knees, yet in the boardroom we often feel like powerless onlookers rather than informed participants.
We are spending an ever-increasing amount of money on IT and the size of the loss gets bigger every time an IT investment goes wrong. In addition, the demands of privacy legislation and compliance surrounding IT and information security are becoming more and more complex.
The incidence of IT failure continues to grow. Some incidents have had high profile, but many failures in small to medium enterprises cause equal damage with little publicity. However, as a result, we find the attention of regulatory bodies and shareholders clearly focused on what goes on behind Boardroom doors and on the accountabilities of business, audit and finance.
Most board would agree that IT should now be on the agenda, the question is once it is on the agenda, what do we do with it?
For the most part, boards get to understand that a project has problems or is completely off the rails when the damage has been done.
Why? Did the board know about the project? Did we understand the risks? Did we have sufficient information? If we had information, did we understand it?
Today I would like to talk from a boardroom perspective about:
the relationship between the board and the project;
IT governance and how it applies to projects; and
how Boards can realistically get reasonable oversight of IT and know that the company is getting the planned return on investment and risk is being managed.
First, I think it is important that we start with a common view of the boardroom. A board meets formally between six and twelve times a year. Meetings are scheduled to deal with a wide range of corporate governance tasks which range through setting and monitoring strategic direction, monitoring operational performance, financial management, regulatory and compliance issues, shareholder and analyst expectation, compliance with regulatory bodies, internal and external audit, risk management, international reporting standards, Sarbanes Oxley [1] … the list goes on.
The board has a lot on its plate, so projects that come to the board tend not to get a lot of air time once approved
Most big spend projects come to the board for approval and are normally accompanied by a well thought out presentation outlining strategic fit, costs and benefits. After long and considered debate the project will most likely be approved, with the board indicating the need for progress reports against budget and plan. Reporting at regular intervals commences and here is where the frustration starts, reports go from ‘on time on budget to ‘slippage with good reason’.