Is It Necessary for Boards to Have an Audit of Technology?

Photo of author

What do the following companies have in common: FedEx, Pfizer, Wachovia, 3Com, Mellon Financial, Shurgard Storage, Sempra Energy, and Procter & Gamble? Which board committee is present in only 10% of publicly traded corporations but is responsible for a 6.5 percent return increase for those companies? Which of the following is the single most expensive line item in the budget, after salaries and manufacturing equipment?

The technological decisions that are made will outlive the management team that is now making those decisions. Although the present rate of technological advancement means that decisions about business technology are frequent and have far-reaching implications, the ramifications of such decisions, whether positive or negative, will remain with the company for a considerable amount of time. Typically, the information technology (IT) group makes technology choices on its own, without any input or scrutiny from senior management. This is because senior management has chosen not to participate. It is necessary for the Board of Directors of a company to have a process that allows them to evaluate and direct the choices that are made about technology if they are to fulfill their responsibility of using sound business judgment when making important decisions.

The craze for enterprise resource planning (ERP) in the middle of the 1990s is a more contemporary instance that demonstrates how this kind of control may have been useful. At the time, several businesses were spending tens of millions of dollars (and occasionally even hundreds of millions) on enterprise resource planning (ERP) systems from SAP and Oracle. In many cases, these acquisitions were rationalized by executives in the finance, human resources, or operations departments who actively advocated for their purchase as a means of keeping up with their competitors, who were also installing such systems. CIOs and other line executives frequently do not give the issue of how to successfully migrate to these extremely complex systems any attention. In many cases, the alignment of corporate resources and the management of organizational change brought about by these new systems were neglected, which led to an emergency situation. There was a waste of many billions of dollars on the purchase of systems that either should not have been purchased at all or were purchased before the client firms were ready for them.

Without computers and the software that makes them functional, there is certainly no way that a successful medium-sized or large-sized business can be conducted in the modern world. Technology is also one of the single greatest capital and operational line items for business spending, outside of personnel and manufacturing equipment. This is due to the fact that technology is always evolving and becoming more affordable. Both of these things suggest that technology projects should be overseen by some kind of board.

Is it possible for the Board of Directors to continue delegating all responsibility for these crucial decisions to the current management team? Studies have shown that less than half of significant choices involving technology really deliver on their promises; conversely, it might take years to fix or replace mistakes caused by poor judgments. Because more than half of the technology expenditures are not producing the expected advantages in company performance, boards of directors are increasingly getting engaged in the decision-making process regarding technology. It is shocking to learn that only 10% of publicly traded companies have audit committees on their boards of directors for their information technology departments. Still, these companies have a clear advantage over their competitors, which shows up as an annual return that is 6.5% higher than that of their competitors.

The manner in which technology is being given is undergoing tectonic transformations at the moment, which the Board of Directors has to comprehend. Consolidation in the IT business not only reduces strategic flexibility by making it harder for management to take into account many competing options, but it also creates a dependence on only a few primary providers, which could be risky.

The capacity to react to or even foresee the influence of external circumstances is one of the most valuable assets that may be possessed by a thriving and long-lasting organization. For a variety of reasons, technology has evolved into a factor that inhibits the agility of organizations:

The fundamental legacy systems have hardened. The IT infrastructure has not been able to keep up with the rapid rate of business transformation. An inflexible IT design causes a large percentage of IT expenses to be allocated toward the maintenance of current systems while insufficient funds are allocated toward the development of new capabilities. The capacity of a company to continue to be competitive in the long run is hindered by operational decisions made in the short term.

Traditional boards do not have the expertise necessary to ask the appropriate questions in order to guarantee that technological developments are examined in the context of regulatory requirements, risk, and agility. This is due to the fact that technology is a relatively young and rapidly expanding field of work. Although chief executive officers have been there since the beginning of time, the role of financial advisor has just emerged in the last century. But because technology is still relatively new and the cost of implementing it is always shifting, the field of information technology is continually developing. Technologists have focused on how challenges confronting business can be solved by using these systems, including how they are constructed and how they are used. They have just recently become aware of the requirement to comprehend and participate in the overall business plan. The CEO and CFO have no prior experience or expertise in using technology, nor do they have any prior experience making critical technology decisions.The Board of Directors has to be involved in the decision-making process that the executives use to make technological choices, just as the technology leader requires the Board’s support and advice in order to make technological choices.

Recent legal demands such as Sarbanes-Oxley have altered the traditional connection between the CEO of an organisation and the leader of its finances. They, in turn, want comparable reassurances from the industry leader in technology. The business leader and the financial leader both have access to a team of professional advisers, including attorneys, accountants, and investment bankers, to assist them in making choices. The technologists have been relying on the vendor community or consultants, both of which have their own points of view and may not always be able to give suggestions that are in the company’s best interests. This void can and should be filled by the Information Technology Audit Committee of the Board.

Which functions should be performed by the Information Technology Audit Committee inside the organization? The Board’s function of IT Audit should make contributions toward the following:

1. Bringing the business plan and the technology strategy into line with one another.
2. Ensuring that all technological choices are made with the shareholders’ best interests in mind.
3. Promoting organizational growth while also ensuring harmony with different business areas.
4. Increasing the Board of Directors general comprehension of the technical challenges and repercussions facing the firm cannot be gained only via the examination of financial data.
5. Clear and effective communication between committee members and the techie

There is no need for any more board members to be added to the IT Audit Committee. It is possible to delegate this task to existing board members and make use of experts to assist them in developing an understanding of the challenges that will allow them to effectively guide the technology leader. Here are some things that all of the existing charters for the IT audit committee have in common:

1. Examine, analyze, and make recommendations on technology issues that are critical to the organization’s operations.

2. Evaluate and provide an objective analysis of the potential financial, operational, and long-term benefits of the various proposed significant technology-related projects and technology architecture options.

3. Monitor the progression of significant technologically linked initiatives and technological architecture decisions, and make recommendations.

4. Serve as a consultant to the senior technology management team of the company.

5. Keep a close eye on how well the technological processes and systems that are related to or affect the company’s internal control procedures work and how well they work.

To put it simply, the responsibility of the Board in IT Governance is to validate that technology processes and practices are generating value for the company, monitor the activities undertaken by the technology steering committee, and ensure that there is alignment between IT projects and business objectives. Building a technology architectural foundation that enables agile businesses begins with establishing strategic alignment between information technology and the business. Boards of directors need to know about the technical risks that a company faces, how management rates those risks, and what solutions have been studied and put in place to reduce those risks.

This document does not provide any new guiding principles; rather, it reaffirms already established governance charters. The management of the organization is responsible for putting the organization’s technological decisions into action. The Board is accountable for providing management with supervision as part of its duties. The Board of Directors needs to take responsibility for the technology and keep a closer eye on it.

Is it necessary for boards to have a committee to audit technology? There is a need for a Technology Audit Committee to exist within the Board of Directors since such a committee will facilitate the alignment of technology and business. It is not only a moral thing to do; it is also an industry standard that has tangible positive effects on the bottom line.