24 Oct 2005  Research & Ideas

Building an IT Governance Committee

Boards need to take more accountability for IT, argue professors Richard Nolan and Warren McFarlan. In this excerpt from their recent Harvard Business Review article, the authors detail what an IT governance committee should look like.

 

Editor's Note— In a recent Harvard Business Review article, authors Richard Nolan and Warren McFarlan explored the role of the board of directors in IT governance—and how most "fall into the default mode of applying a set of tacit or explicit rules cobbled together from the best practices of other firms." Instead, they argue, directors need their own framework to develop IT policies. First step: Determine your current approach, or mode (support, factory, turnaround, or strategic), to IT. (See sidebar.)

In this excerpt, Nolan and McFarlan discuss how to build an IT governance committee. Nolan is an emeritus professor of business at Harvard Business School and a professor of management and organization at the University of Washington Business School in Seattle. McFarlan is a Baker Foundation Professor and the Albert H. Gordon Professor of Business Administration emeritus at Harvard Business School.

How do you set up an IT governance committee? A company that decides it needs board-level IT oversight must do three things: Select the appropriate members and the chairman, determine the group's relationship to the audit committee, and prepare the charter. The first two are especially important.

We recommend that the IT governance group be made up of independent directors, as is the case with audit and compensation committees. Chairmanship is also critical. For firms in support, factory, or turnaround modes, the chairperson need not be an IT expert but should certainly be a tough-minded, IT-savvy business executive—either a CEO or a top manager who has overseen the use of IT to gain strategic advantage in another organization.

The expert's job is to challenge entrenched in-house thinking.

In any case, at least one person on the committee should be an IT expert who should operate as a peer at the senior management and board level. The expert's job is to challenge entrenched in-house thinking. He or she should not think ill of technology-averse cultures and must be a skilled communicator who does not hide behind technology jargon or talk down to board members. The expert should help the committee avoid dwelling on the difficulties of the work and emphasize instead the opportunities. The focus should be on the big picture: Conversations about IT strategy are hard and can be discouraging if the committee gets dragged down in technical details. (In fact, when looking for someone who fits these criteria, boards may find that many talented CIOs and CTOs drop off the list of potential IT committee members.) The IT expert must have not only a solid grounding in the firm's overall business needs but also a holistic view of the organization and its systems architecture. This is particularly important if the firm chooses to outsource its functions and connect multiple vendors across a network. The expert must also thoroughly understand the underlying dynamics governing changes in technology and their potential to alter the business's economic outlook.

Generally speaking, the IT expert serves much the same function as the certified financial expert on an audit committee. A CIO or CTO with solid experience in the management of IT qualifies; for example, the IT oversight committee chairman for the Great Atlantic & Pacific Tea Company (A&P) was previously CEO of an extremely successful supermarket chain on the West Coast, where he achieved impressive business results through effective IT system implementation and management. As chair of the IT committee, he helps balance his company's short-term business needs with long-term IT investments.

Unfortunately, skilled, business-oriented technology strategists are in short supply. In the absence of such a person within a company, an IT consultant who can help sort out technology issues can fit the bill, as might a divisional CEO or COO who is actively managing IT. Alternatively, a manager who has served in an influential technology company such as Microsoft or Oracle can help a firm determine its place on the strategic impact grid, begin to embrace emerging technologies, and locate other experts who can serve on the committee.

Businesses in strategic mode should have an IT oversight committee chaired by an IT expert. In this mode, it's even more important to get the membership right. For example, the chairman of the IT committee for Novell—a company in strategic mode—founded a major IT-strategy-consulting company, sold it to one of the then Big Six accounting firms, and continued as a senior partner in that firm's IT consulting business. Two other members of Novell's IT committee previously served as CIOs in major Fortune 100 companies; they also serve on Novell's audit committee.

We recommend that the relationship of the IT governance committee to the audit committee be very close, because IT issues can affect economic and regulatory matters such as Sarbanes-Oxley compliance. For this reason, it's a good idea to have one audit committee member serve on the IT oversight committee. The charter of the IT committee should explicitly describe its relationship to the audit group, as well as its organization, purpose, oversight responsibilities, and meeting schedule.

The Four Modes

by Richard Nolan and Warren McFarlan

Firms can be either defensive or offensive in their strategic approach to IT—approaches we call "modes." Let's look at each mode in turn.

Support Mode (Defensive). Firms in this mode have both a relatively low need for reliability and a low need for strategic IT; technology fundamentally exists to support employees' activities. . . .

Factory Mode (Defensive). Companies in this mode need highly reliable systems but don't really require state-of-the-art computing. They resemble manufacturing plants; if the conveyor belts fail, production stops. . . .

Turnaround Mode (Offensive). Companies in the midst of strategic transformation frequently bet the farm on new technology. In this mode, technology typically accounts for more than 50 percent of capital expenditures and more than 15 percent of corporate costs. . . .

Strategic Mode (Offensive). For some companies, total innovation is the name of the game. New technology informs not only the way they approach the marketplace but also the way they carry out daily operations. . . .

About the authors

Richard Nolan is an emeritus professor of business at Harvard Business School and a professor of management and organization at the University of Washington Business School in Seattle.

Warren McFarlan is a Baker Foundation Professor and the Albert H. Gordon Professor of Business Administration emeritus at Harvard Business School.

Excerpted with permission from "Information Technology and the Board of Directors," Harvard Business Review, Vol. 83, No. 10, October 2005.

[ Buy the full article ]