Growing Concern About Overseeing IT Risks, Survey Shows
Back Published 2011-04-04New York — April 4
Almost half (47 percent) of corporate directors surveyed are dissatisfied with their boards’ ability to provide IT risk oversight.
A recent Oliver Wyman/National Association of Corporate Directors (NACD) survey of 204 corporate board members found that while virtually all board members acknowledge IT will have a significant business impact on the companies they govern over the next five years, more than half (51 percent) say they are not given enough information to perform their oversight duties effectively.
Other findings highlighted in the report include:
• 36 percent of survey participants expect IT to improve operational efficiencies in the next five years.
• 30 percent believe IT will provide a competitive advantage for their companies in the next five years.
• 19 percent think IT will transform the companies they govern in that time frame.
• Only 16 percent report having been a CIO or senior IT executive earlier in their career.
“Significant risks are introduced by the ineffective use of information technology,” said Jonathan Cohn, Oliver Wyman partner and co-author of a report detailing the survey findings, “Taming Information Technology Risk: A New Framework for Boards of Directors.”
“We estimate that the world’s largest 500 companies lose more than $14 billion every year from failed IT projects alone,” he said. “Companies that receive focused board direction on IT-related risk will have a competitive advantage over those that don’t.”
“Board members should think about IT risk in the context of a wide range of business concerns, rather than as a monolithic issue,” said Mark Robson, Oliver Wyman partner and report co-author.
“Taming Information Technology Risk” introduces a framework for board members to use in evaluating four areas of risk related to ineffective management of IT:
• Competitive risk is the threat that a rival will gain a competitive advantage through technology.
• Portfolio risk is the danger that a corporation is allocating too much of its IT budget to basic operational expenses instead of transformational projects.
• Execution risk is the failure to execute IT projects.
• Service and security risk is the inability of IT systems to service employees and customers.