A small number of companies, including Novell Inc. and FedEx Corp., have elevated responsibility for IT governance to their boards of directors in an attempt to ensure that they have high-level oversight of technology investments.
Novell established its board-level IT oversight committee in January, and Richard Nolan, an outside director who chairs the committee, said he expects other companies to take similar steps as executives start to examine the legal risks that IT investments pose under the financial reporting requirements of the Sarbanes-Oxley Act.
"This is an area where boards of directors will be named in stockholder suits," said Nolan, a management professor at the University of Washington Business School in Seattle. He spoke about the issue of board-level IT governance at a conference held this month by consulting firm Cutter Consortium (see story).
Novell's oversight committee, which includes four other directors from outside the company, monitors major projects and decisions about the company's technology architecture. Nolan said its duties include working with senior IT executives and addressing questions such as whether Novell is getting adequate returns from its technology investments.
Having directors oversee IT activities "is an enforcing function," Nolan said. "This can shine a light on issues."
FedEx created an IT oversight committee four years ago that includes board members. Like Novell's committee, the one at FedEx oversees major IT-related projects and architecture decisions and advises both the senior IT management team and other board members on technology issues, according to a spokeswoman for the Memphis-based company.
Over the past few years, many large companies have created IT steering committees to help prioritize funding for high-cost projects. But most of those committees are made up of business unit leaders and department heads, and they don't include board-level participation beyond senior executives such as CEOs and chief financial officers.
For instance, KeySpan Corp. established an IT governance board early last year, according to Frank La Rocca, co-CIO at the Brooklyn, N.Y.-based natural gas distributor, electric utility and energy services firm. The panel, which meets monthly to scrutinize IT investments, includes KeySpan's CFO and chief strategy officer, plus several executive vice presidents and business unit heads. But no external directors are members at this point, La Rocca said.
Board-level IT governance and oversight committees are just beginning to emerge, said Tom Pohlmann, an analyst at Forrester Research Inc. in Cambridge, Mass.
"There are many cases where the CIO presents to the board of directors once or twice a year," he said. "But overall, this is not a trend that I'm observing."
Steve Bandrowczak, CIO at DHL International Ltd. in Scottsdale, Ariz., said he isn't sure whether IT governance at the board level will be widely adopted. DHL itself has yet to move in that direction, he said.
"Most company board meetings have little time to cover IT strategy," Bandrowczak said. "That's not to say board meetings don't discuss major business initiatives that require a major IT project. But the two go hand in hand."
At Schneider National Inc., most IT decision-making "happens at the VP and CxO level without board involvement," said Bob Grawien, vice president of application development at the Green Bay, Wis.-based trucking firm.
Nonetheless, Grawien said, Schneider's board of directors would want to know what's happening in certain areas of IT, such as risk mitigation plans and the alignment of IT and business strategies.