Skip to Main Content
HBS Home
  • About
  • Academic Programs
  • Alumni
  • Faculty & Research
  • Baker Library
  • Giving
  • Harvard Business Review
  • Initiatives
  • News
  • Recruit
  • Map / Directions
Working Knowledge
Business Research for Business Leaders
  • Browse All Articles
  • Popular Articles
  • Cold Call Podcast
  • Managing the Future of Work Podcast
  • About Us
  • Book
  • Leadership
  • Marketing
  • Finance
  • Management
  • Entrepreneurship
  • All Topics...
  • Topics
    • COVID-19
    • Entrepreneurship
    • Finance
    • Gender
    • Globalization
    • Leadership
    • Management
    • Negotiation
    • Social Enterprise
    • Strategy
  • Sections
    • Book
    • Podcasts
    • HBS Case
    • In Practice
    • Lessons from the Classroom
    • Op-Ed
    • Research & Ideas
    • Research Event
    • Sharpening Your Skills
    • What Do You Think?
    • Working Paper Summaries
  • Browse All
    Building an IT Governance Committee
    24 Oct 2005Research & Ideas

    Building an IT Governance Committee

    by Richard Nolan and Warren McFarlan
    Boards need to take more accountability for IT, argue professors Richard Nolan and Warren McFarlan. In this excerpt from their recent Harvard Business Review article, the authors detail what an IT governance committee should look like.
    LinkedIn
    Email

    In a recent Harvard Business Review article, authors Richard Nolan and Warren McFarlan explored the role of the board of directors in IT governance—and how most "fall into the default mode of applying a set of tacit or explicit rules cobbled together from the best practices of other firms." Instead, they argue, directors need their own framework to develop IT policies. First step: Determine your current approach, or mode (support, factory, turnaround, or strategic), to IT. (See sidebar.)

    In this excerpt, Nolan and McFarlan discuss how to build an IT governance committee. Nolan is an emeritus professor of business at Harvard Business School and a professor of management and organization at the University of Washington Business School in Seattle. McFarlan is a Baker Foundation Professor and the Albert H. Gordon Professor of Business Administration emeritus at Harvard Business School.

    How do you set up an IT governance committee? A company that decides it needs board-level IT oversight must do three things: Select the appropriate members and the chairman, determine the group's relationship to the audit committee, and prepare the charter. The first two are especially important.

    We recommend that the IT governance group be made up of independent directors, as is the case with audit and compensation committees. Chairmanship is also critical. For firms in support, factory, or turnaround modes, the chairperson need not be an IT expert but should certainly be a tough-minded, IT-savvy business executive—either a CEO or a top manager who has overseen the use of IT to gain strategic advantage in another organization.

    The expert's job is to challenge entrenched in-house thinking.

    In any case, at least one person on the committee should be an IT expert who should operate as a peer at the senior management and board level. The expert's job is to challenge entrenched in-house thinking. He or she should not think ill of technology-averse cultures and must be a skilled communicator who does not hide behind technology jargon or talk down to board members. The expert should help the committee avoid dwelling on the difficulties of the work and emphasize instead the opportunities. The focus should be on the big picture: Conversations about IT strategy are hard and can be discouraging if the committee gets dragged down in technical details. (In fact, when looking for someone who fits these criteria, boards may find that many talented CIOs and CTOs drop off the list of potential IT committee members.) The IT expert must have not only a solid grounding in the firm's overall business needs but also a holistic view of the organization and its systems architecture. This is particularly important if the firm chooses to outsource its functions and connect multiple vendors across a network. The expert must also thoroughly understand the underlying dynamics governing changes in technology and their potential to alter the business's economic outlook.

    Generally speaking, the IT expert serves much the same function as the certified financial expert on an audit committee. A CIO or CTO with solid experience in the management of IT qualifies; for example, the IT oversight committee chairman for the Great Atlantic & Pacific Tea Company (A&P) was previously CEO of an extremely successful supermarket chain on the West Coast, where he achieved impressive business results through effective IT system implementation and management. As chair of the IT committee, he helps balance his company's short-term business needs with long-term IT investments.

    Unfortunately, skilled, business-oriented technology strategists are in short supply. In the absence of such a person within a company, an IT consultant who can help sort out technology issues can fit the bill, as might a divisional CEO or COO who is actively managing IT. Alternatively, a manager who has served in an influential technology company such as Microsoft or Oracle can help a firm determine its place on the strategic impact grid, begin to embrace emerging technologies, and locate other experts who can serve on the committee.

    Businesses in strategic mode should have an IT oversight committee chaired by an IT expert. In this mode, it's even more important to get the membership right. For example, the chairman of the IT committee for Novell—a company in strategic mode—founded a major IT-strategy-consulting company, sold it to one of the then Big Six accounting firms, and continued as a senior partner in that firm's IT consulting business. Two other members of Novell's IT committee previously served as CIOs in major Fortune 100 companies; they also serve on Novell's audit committee.

    We recommend that the relationship of the IT governance committee to the audit committee be very close, because IT issues can affect economic and regulatory matters such as Sarbanes-Oxley compliance. For this reason, it's a good idea to have one audit committee member serve on the IT oversight committee. The charter of the IT committee should explicitly describe its relationship to the audit group, as well as its organization, purpose, oversight responsibilities, and meeting schedule.

      Trending
        • 17 Jan 2023
        • In Practice

        8 Trends to Watch in 2023

        • 24 Jan 2023
        • Research & Ideas

        Passion at Work Is a Good Thing—But Only If Bosses Know How to Manage It

        • 25 Jan 2022
        • Research & Ideas

        More Proof That Money Can Buy Happiness (or a Life with Less Stress)

        • 25 Feb 2019
        • Research & Ideas

        How Gender Stereotypes Kill a Woman’s Self-Confidence

        • 17 May 2017
        • Research & Ideas

        Minorities Who 'Whiten' Job Resumes Get More Interviews

    F. Warren McFarlan
    F. Warren McFarlan
    Albert H. Gordon Professor of Business Administration, Emeritus
    Contact
    Send an email
    → More Articles
    Richard L. Nolan
    Richard L. Nolan
    William Barclay Harding Professor of Business Administration, Emeritus
    Contact
    Send an email
    → More Articles
    Find Related Articles
    • Governance
    • Information Technology

    Sign up for our weekly newsletter

    Interested in improving your business? Learn about fresh research and ideas from Harvard Business School faculty.
    ǁ
    Campus Map
    Harvard Business School Working Knowledge
    Baker Library | Bloomberg Center
    Soldiers Field
    Boston, MA 02163
    Email: Editor-in-Chief
    →Map & Directions
    →More Contact Information
    • Make a Gift
    • Site Map
    • Jobs
    • Harvard University
    • Trademarks
    • Policies
    • Accessibility
    • Digital Accessibility
    Copyright © President & Fellows of Harvard College