Strong tech governance in the boardroom is a must
Strong tech governance in the boardroom is a must

The era of getting by without technology expertise represented in the boardroom has passed.

With IT and business interwoven so tightly in today's digital economy, board members and other top

executives cannot separate themselves from the governance of technology and the oversight of areas

such as cyber-security and risk management.

In ISACA's newly released Better Tech Governance is Better for Business research, establishing a clearer

connection between business goals and IT goals was overwhelmingly the top priority that respondents

identified senior leadership should pursue to achieve stronger business outcomes. That becomes a

much smoother proposition when at least one board member – and ideally several – have expertise in

the governance of technology.

Finding board members with that level of tech savvy is not always easy, but organisations can tap into

professional associations and other industry resources to attract executives who have the backgrounds

to demonstrate leadership in ensuring that the organization is effectively leveraging technology. As part

of an organisational commitment to governing technology, board members should be frequently

updated on topics such as cyber-security and risk management. High-profile security incidents that are

prominent in the news cycle – this year, alone, WannaCry, Petya and Equifax certainly qualify – can be

utilised to refresh board members' knowledge and sensitise them to the changing risk landscape.

Not all board members need to be coders or cyber-security gurus, but they do need to know the right

questions to ask to make sure the people who have those direct responsibilities are executing

effectively, and the technology chops to challenge them when appropriate. Board members with limited

technology backgrounds can take advantage of resources from relevant organisations, so in the US that would

include the National Association of Corporate Directors (NACD), which provides a helpful set of primers for those 

at the executive level.

Whether it is an organisation devoting extra time to recruiting tech-savvy board members or current

board members doing their homework to better understand the enterprise technology landscape,

prioritising tech-savvy leadership often is the differentiator between thriving and failing in today's digital


This plays out on a variety of fronts. Organisations with tech-savvy leadership are well-positioned to

pursue the strategic investments in equipment, training and other resources needed to successfully

innovate. In organisations lacking that governance leadership, IT is driving investment decisions and

buying toys that may not fit with the overarching business strategy. An IT investment strategy needs to

be in collaboration with and in support of the organisation's enterprise goals. Conversely, business

leaders should not completely drive technology investment decisions without input from the

organisation's technology and security experts.

Not only does strong governance of technology lead to smarter investments, it helps organisations

operate more nimbly. Nine in 10 respondents in ISACA's Better Tech Governance is Better for Business

research indicated that better governance of technology leads to greater business agility. These days,

that ability to demonstrate agility, without taking governance shortcuts, is critically important, given the

market pressures that the fast-moving technology landscape places on organisations.

This all underscores how valuable it has become to be able to draw upon technology expertise in the

boardroom. Regardless of size, industry or geographic region, all enterprises must compete in a digital

economy driven by technology. Increasingly, the biggest decisions enterprises face are heavily tied to

leveraging technology. When it comes time to make those decisions, there is no substitute for having

the board leadership to confidently address the challenges and seize the opportunities.

Contributed by Theresa Grafenstine, CISA, CGEIT, CRISC, CPA, CISSP, CIA, CGMA, CGAP, chair of ISACA's Board of Directors and managing director, Deloitte Advisory (Arlington, Va.)

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.