No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Governance

Briefing the Board on Technology Matters

The Conversation in 3 Contexts

by Jim DeLoach
January 30, 2019
in Governance
closeup of hand holding smartphone

On the whole, boards don’t have a great grasp on technology-related risks, and conveying those threats to nontechnical professionals can prove challenging. Protiviti’s Jim DeLoach discusses how to have the conversation in the context of strategy, risk mitigation and impact to the business model.

We often receive feedback from board members that they are not satisfied that they understand the full picture regarding the technology risks their organizations face. Over the years, many directors have identified technology as one of the key areas for improving both the quality and quantity of information received from management. In the digital era, the stakes have most certainly increased; digital capabilities are now a differentiator in the marketplace as many established businesses face the prospect of new “born digital” competitors. Almost no business is immune to the disruptive wave of digital transformation.

Below, we discuss three contexts for conducting technology briefings with the board: strategic, risk and business model. Each of these contexts provides directional insights for the chief information officer (CIO) in organizing his or her delivery and for directors regarding information they should expect to receive. Simply stated, the board needs to understand technology as a critical enterprise asset, and the opportunities and risks associated with this asset must be communicated in a manner that directors can understand.

Within the Context of the Business

The CIO addresses how the business model leverages technology to deliver the products and services the company offers the marketplace, as well as the opportunities and exposures resulting from disruptive change. The business context briefing answers such questions as:

  1. Do we understand developments in potentially disruptive digital technologies at the industry level? Are we sufficiently ahead of the change curve such that we are able to integrate new technologies into our business on a timely basis?
  2. Are emerging technologies being deployed effectively to achieve our business objectives (e.g., achieve customer loyalty, improve quality, compress time, reduce costs and risks and drive innovation – in short, enhance the customer experience)?
  3. Are we positioning the company’s operations to anticipate and proactively drive the innovative change needed to secure sustainable competitive advantage?
  4. What emerging technologies could alter the competitive landscape, customer expectations and strategic supplier and/or distribution channel relationships within the value chain in which we operate? To what extent are our operations and the technologies we deploy exposed to disruptive change and being held captive to events in the foreseeable future?
  5. Are there aspects of our technological capabilities we should be sharing with analysts, shareholders and the street in general in telling and advancing our story, and, if so, are we sharing them? If not, why not?

Within the Context of Executing the Strategy

The CIO articulates how strategic initiatives are driven by critical technologies and how the organization is facilitating the design and implementation of controls over these various technologies to ensure they perform effectively, as well as how strategic objectives are achieved. The strategic execution context briefing answers such questions as:

  1. What technologies are critical to implementing our strategic initiatives and accomplishing our business objectives (e.g., growth, customer fulfillment, profitability enhancement, innovation and process improvement)?
  2. How are we ensuring these technologies are functioning effectively?
  3. How are the CIO organization and the business collaborating to ensure the return on the organization’s investment in these technologies is being realized?
  4. What challenges are we encountering in implementing these technologies in executing the strategy, and what is the effect of these challenges on the success of our strategic initiatives?
  5. Do we have reliable and timely information for decision-making along with the supporting data we need to execute strategic initiatives?

Within the Context of Mitigating Risks

The CIO uses a broader business view to identify specific risks that either may be a result of technology or are mitigated partly through the application of technology. Example questions answered in the risk mitigation context may include:

  1. What are the most significant risks arising from technology, and how do they affect the business, including its reputation and brand image? Have we assessed our tolerance for these risks?
  2. Are we mitigating the critical risks to an acceptable level? How do we know?
  3. What critical business risks are we mitigating using a risk response that relies on an important technology component? Is this technology component performing effectively? How do we know?
  4. Is technical debt limiting our company’s competitiveness?
  5. Are our existing operations and legacy IT systems failing short of performance expectations set by our competitors, especially competitors who are “born digital”?

In summary, the CIO’s objective is to provide a briefing on technology matters that resonates with directors across all three contexts:

  1. The business context: Are we managing disruptive change?
  2. The strategic context: Are we maximizing value contributed and ROI?
  3. The risk mitigation context: Are we managing the business and reputational impact of our risks?

Underlying the above discussion are two timeless principles: (1) business objectives are also technology objectives and (2) technology risks represent business risks. Using these principles, the above contextual perspectives provide insights to CIOs as to how they should communicate with boards and to board members as to the information they should expect from CIOs.

Citing and then speaking to the above contexts in a crisp, nontechnical manner can facilitate ongoing CIO/board dialogue. In this regard, the CIO should:

Demonstrate an understanding of the business – Using the appropriate context, drill down to the relevant technology-related objectives, plans for achieving those objectives, organizational capabilities to execute those plans and measures by which to gauge progress. In today’s world, technology can facilitate and expedite business transformation and growth through technological innovation (the business context) but can also destroy reputation if not adequately protected and controlled (the risk mitigation context). Board members should be briefed by CIOs on these interrelated contexts.

Focus on the board’s needs – The board has little interest in the intricacies of how the CIO organization is run and managed. Don’t go there unless requested.

Address business impact and metrics, not just technology impact and metrics – The CIO should provide an end-to-end view and focus on business consequences. For example, consider the following metric: “99 percent of our systems are patched within 10 days.” This metric leaves unaddressed the question as to the sensitivity of the data and/or business consequences of service failure of the other 1 percent of systems.

Target the audience – The CIO needs to understand the purpose of the briefing. Ask the board committee chair for direction, and request insights from people who have presented to the board as to the background and personalities of the various directors.

Keep it pithy – Directors don’t want the whole nine yards. Focus on what they need to know and leave it at that. Share sophisticated knowledge carefully. Identify the message points directors should take away and focus on supporting those points. Allow time for questions.

Be prepared for contingencies – Expect to be asked to rush your briefing if scheduled late in the day. It happens.

Boards need to clarify their expectations of the CIO. What are their needs, what is it they don’t understand, and what technology issues and related business risks concern them the most? More importantly, what context(s) do directors desire the CIO to address when presenting on technology matters? In addition, directors need to be realistic with their expectations of the CIO due to technology being a complex aspect of the business. Therefore, the allotted presentation time should be commensurate with directors’ expectations of the briefing.

Directors instinctively know that the opportunities and risks associated with technology have increased in significance over time. Social business, cloud computing, mobile technologies, powerful differentiating digital capabilities and other developments offer significant opportunities for creating cost-effective business models and enhancing customer experiences. They may also spawn disruptive change, increased privacy and security risks and further exposure to cyberattacks. The fresh challenges presented by these changes create, in effect, a “moving target” for companies to manage. While the velocity of disruptive innovation through emerging technologies is not as immediate as a sudden catastrophic event, its persistence of impact is potentially lethal for those organizations caught on the wrong side of the change curve.

Questions for Executives and Directors

The following are some suggested questions that senior executives and boards of directors may consider, based on the risks inherent in the entity’s operations:

  • Are opportunities presented by technology and the potential to lead and/or respond to disruptive change influencing the strategy-setting process? Or, alternatively, is technology simply viewed more narrowly as a strategic enabler?
  • Does the board devote sufficient time to technology matters, including the related opportunities and risks and the organization’s capabilities and processes in managing those opportunities and risks?
  • Is the board satisfied with the CIO’s periodic communications? If not, has the board conveyed its expectations to the CIO so that future communications are on point?
  • Is the CIO organization effective in supporting the changing needs of the business and monitoring digital innovations, including how new technology can be deployed by competitors to create disruptive change? Does the CIO assist the board in understanding these issues?
  • For significant technology initiatives, does the board understand the underlying assumptions about how each initiative achieves specific strategic goals, as well as how success will be measured? Is there follow-up to ensure that each significant project delivers on promises made?

Tags: Board of DirectorsEmerging Technologies
Previous Post

P2P Lending: Risks and Business Models

Next Post

TRACE: The Oil-for-Food Scheme

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

seeing outside the box

Disrupters See the World Differently — and Act Accordingly

by Jim DeLoach
May 13, 2025

Critical differences in culture, technology adoption and talent strategies determine which organizations shape markets and which scramble to respond

signing deal signature

When the Ink Dries: 6 Critical Post-Transaction Areas That Make or Break M&A Success

by Jim DeLoach
April 14, 2025

Poor follow-up once the deal is closed can cause culture clashes & value erosion

news roundup new

Bang for the Buck: Regulators Pivot to Fewer But Higher-Value Enforcement Actions

by Staff and Wire Reports
April 11, 2025

CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your...

delaware state flags

Inside Delaware ‘Billionaire’s Bill’ [Q&A]

by Jennifer L. Gaskin
March 25, 2025

Controversial changes reshape shareholder rights

Next Post
stacked oil barrels

TRACE: The Oil-for-Food Scheme

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights