Deloitte's interview with seasoned board member Sherry Smith in "The tech-savvy board — A director's perspective" concerning the board's role in technology oversight includes a number of sharable insights that may benefit other companies still grappling with how to practically effect this oversight responsibility.
Among the key takeaways:
- Provide adequate time on the board agendas to discuss and consider technology matters, including how technology is being used to make business decisions both on day-to-day, as well as longer term strategic, matters.
- Directors should challenge management's reports to the board on its consideration of technology, as well as its lack of reporting if management isn't raising these matters to the board.
- The board should ask the same questions on technology that are relevant in other oversight areas, e.g., What resources do we have? Are they adequate? How much are we spending and what are we spending it on? Are they the right areas?
- Directors need to educate themselves on technology as it relates to the company specifically, as general knowledge or knowledge acquired at another company may not apply or suffice.
- Boards should understand the state of the company in the context of its competition and business disruptors.
- If a board committee (whether tech-dedicated or not) supports the board's oversight efforts, the committee's role and responsibilities should be included in its charter. Ms. Smith believes there is no one-size-fits-all structural oversight approach.
Also noteworthy: Ms. Smith (who serves on the boards of Deere & Company, Piper Jaffray, Tuesday Morning, and Realogy Group) opposes legislative efforts to mandate disclosure of whether companies have a technology (cyber) expert and - if not, why not (reported on here), for a number of sound reasons including: (i) "It’s very simplistic and doesn’t do justice to the complexities of technology oversight or the role and responsibilities of boards and committees."; (ii) The term "technology expert" (or similar) escapes a one-size-fits-all definition; (iii) The rapid evolution of technology translates to short-lived "expertise"; and (iv) Board demands are extensive, expansive, and evolving such that director expertise in one area is not sensible.
See also these recent reports: "Rise in Cyber-Expert Directors Focused in Certain Sectors" and "Do Companies Need Digital-Expert Directors? Board Chairs Weigh In," and access additional information & resources on our Cybersecurity/Data Privacy page under Board/Director Oversight and on our Strategy page. This post first appeared in the weekly Society Alert!