The era of getting by without technology expertise represented in the boardroom has passed.
With IT and business interwoven so tightly in today's digital economy, board members and other top
executives cannot separate themselves from the governance of technology and the oversight of areas
such as cyber-security and risk management.
In ISACA's newly released Better Tech Governance is Better for Business research, establishing a clearer
connection between business goals and IT goals was overwhelmingly the top priority that respondents
identified senior leadership should pursue to achieve stronger business outcomes. That becomes a
much smoother proposition when at least one board member – and ideally several – have expertise in
the governance of technology.
Finding board members with that level of tech savvy is not always easy, but organisations can tap into
professional associations and other industry resources to attract executives who have the backgrounds
to demonstrate leadership in ensuring that the organization is effectively leveraging technology. As part
of an organisational commitment to governing technology, board members should be frequently
updated on topics such as cyber-security and risk management. High-profile security incidents that are
prominent in the news cycle – this year, alone, WannaCry, Petya and Equifax certainly qualify – can be
utilised to refresh board members' knowledge and sensitise them to the changing risk landscape.
Not all board members need to be coders or cyber-security gurus, but they do need to know the right
questions to ask to make sure the people who have those direct responsibilities are executing
effectively, and the technology chops to challenge them when appropriate. Board members with limited
technology backgrounds can take advantage of resources from relevant organisations, so in the US that would
include the National Association of Corporate Directors (NACD), which provides a helpful set of primers for those
at the executive level.
Whether it is an organisation devoting extra time to recruiting tech-savvy board members or current
board members doing their homework to better understand the enterprise technology landscape,
prioritising tech-savvy leadership often is the differentiator between thriving and failing in today's digital
This plays out on a variety of fronts. Organisations with tech-savvy leadership are well-positioned to
pursue the strategic investments in equipment, training and other resources needed to successfully
innovate. In organisations lacking that governance leadership, IT is driving investment decisions and
buying toys that may not fit with the overarching business strategy. An IT investment strategy needs to
be in collaboration with and in support of the organisation's enterprise goals. Conversely, business
leaders should not completely drive technology investment decisions without input from the
organisation's technology and security experts.
Not only does strong governance of technology lead to smarter investments, it helps organisations
operate more nimbly. Nine in 10 respondents in ISACA's Better Tech Governance is Better for Business
research indicated that better governance of technology leads to greater business agility. These days,
that ability to demonstrate agility, without taking governance shortcuts, is critically important, given the
market pressures that the fast-moving technology landscape places on organisations.
This all underscores how valuable it has become to be able to draw upon technology expertise in the
boardroom. Regardless of size, industry or geographic region, all enterprises must compete in a digital
economy driven by technology. Increasingly, the biggest decisions enterprises face are heavily tied to
leveraging technology. When it comes time to make those decisions, there is no substitute for having
the board leadership to confidently address the challenges and seize the opportunities.
Contributed by Theresa Grafenstine, CISA, CGEIT, CRISC, CPA, CISSP, CIA, CGMA, CGAP, chair of ISACA's Board of Directors and managing director, Deloitte Advisory (Arlington, Va.)
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.