Energizing Technology Governance: A Quick Start Guide for Board Directors

by Dorlisa K. Flurin LinkedIn Articleson Posted on

I was thrilled to be invited to join the NACD’s Blue Ribbon Commission (BRC) for technology governance after five years of focusing on director education as an NACD chapter leader. Still, when the bios of my fellow commissioners arrived (IBM fellows, former CIOs/CISOs, technology company directors, etc.), I wondered if I was a hiring mistake!

Although I majored in computer science, many years of “technology time” elapsed between acquiring my first 8086 IBM PC and conversing with ChatGPT on my iPhone 16 Pro. I opted for an MBA instead of a technical path, spending the first half of my career as a partner at McKinsey and the latter in operational roles that spanned the retail sector’s omnichannel transformation.   How was I uniquely positioned to contribute to the BRC?

Most directors are not technology experts. We are not helping Apple, Google, or Microsoft define the next new technology frontier. We’re not former CIOs or CISOs recruited to bring critical cyber expertise, but we are tech-aware enough to be curious. Many of us just lack the confidence to voice challenging technology-related questions in the boardroom.

Our recently released NACD 2024 Blue Ribbon Report (link to BRC report) provides a comprehensive blueprint to help boards govern technology. Even as a co-author, I find it a bit overwhelming. Not everyone likes to read the entire instruction manual before trying out a new gadget.   I created this quick start guide for the “regular” director who wants to get up and running swiftly—and build conviction to catalyze necessary broader change.

Part 1. Welcome & Unboxing: Preview the Board’s Technology Governance Role

With the accelerating pace of technology change, the board’s governance role is more critical than ever. The disruptive potential of generative AI, especially when backed by coming quantum computing, has the potential to make significant innovations from the past 30 years (e.g., Internet, SaaS, Cloud) look quaint. As early adopters race to leverage AI to gain competitive advantage, those that lag too far behind could risk irrelevance. The board must provide the oversight, insight, and foresight that enables the former and averts the latter.

  • Oversight: What steps can we take to ensure the board can fulfill its essential fiduciary duties in such a high-stakes environment?
  • Insight: How can we equip the board to be a better thought partner in questioning how management invests in and leverages promising technologies?
  • Foresight: How do we set the stage for the board and management to learn together and wrestle with the industry-reshaping possibilities amidst the unknowns?

It’s incumbent on boards to navigate all three “sights” concurrently. Use this quick start guide to jump-start your journey to fluency in each.

Part 2. Powering Up: Strengthen Oversight

You do not have to look far to strengthen the board’s tech oversight. Begin by getting more involved in those technology topics already discussed regularly in the boardroom.

Cybersecurity: Cyber is in the top 3 to 5 risks for nearly every company, with a quarterly update to the audit committee or entire board. Unfortunately, it’s often treated as a techie issue with the CISO mainly speaking to the board’s “cyber expert” while other directors politely nod. This is the perfect starting point for a curious director to get a snapshot of the company’s major technology assets—infrastructure, enterprise applications, new technologies, user-controlled devices, and data.

  • Download a free copy of Akbari and Naidoo’s The Cyber Savvy Boardroom Essentials Explained [HYPERLINK] to master basic vocabulary first.
  • Schedule a one-on-one with the CISO or CIO to get a personal tutorial on the company’s digital landscape.
  • Talk to the audit or board chair about converting a quarterly cyber update into a holistic “re-grounding” session for all directors.

Data privacy: Secure use of data is a cornerstone of trust.   Data privacy is a hot topic for legal and marketing teams due to the fragmented patchwork of state-by-state regulations. Much like cyber, it can provide a jumping-off point to gain a deeper understanding of high-value data assets, including those related to customers, employees, financial transactions, and intellectual property.

  • Ask the GC for a summary of privacy laws and active bills by state and the EU’s GDPR (general data protection regulation), even if not global.
  • Schedule time with the Chief Customer/Marketing Officer and CHRO to discuss how they use and protect customer and employee data, respectively.
  • If it is a consumer-facing business, ask them to pull what they know about you as a customer (admittedly, an advantage I enjoy from serving retailers).

Enterprise Risk Management: ERM is the perfect backdoor for identifying the business’s critical technology risks. In addition to the above, ERM registers highlight everything from aging infrastructure and unsupported applications to significant new technology implementations or outsourcing ventures. Each can serve as a valuable vignette to jumpstart a board-management technology discussion.

These concrete examples can provide valuable grounding for later discussions of conceptual topics such as ensuring digital trust or realigning the board-management RACI.

Part 3. Plugging In: Deepen Insight

Most boards tend to be financially focused, overemphasizing ROI while underemphasizing harder-to-quantify capabilities and new growth that technology investments can enable. As a director interested in deepening your technology-related insight, financials can still be a valuable starting point for further exploration.

  • Review justification for the past 2-3 year’s most significant technology investments. Often, this will be limited to capex/opex requests during budget approval, but if you’re lucky, you might stumble upon an IT strategic plan.
  • Seek relevant industry context and benchmarks to understand whether the company is embracing promising technologies or distracted by “shiny objects.” Most companies already have a cadre of professional external advisors (e.g., public audit firms, law firms, major technology partners, or membership organizations like Gartner or NACD) that are tremendous sources for “free” director education.
  • Experiment with transformative technologies in your professional and personal life. Generative AI, the “new kid on the technology block,” has been likened to the discovery of electricity or the invention of the Internet. Many talented directors shy away from it because it wasn’t a part of the business world they grew up in. What better way to appreciate its potential than to jump in and use it?

While technology proficiency is the ultimate goal, these first steps aim to make you conversant on the technologies that matter most to your board company.

Part 4. Exploring New features: Develop Foresight

Theoretically, boards can add unprecedented value in an environment of rapid technological change. They do this by leveraging their diverse functional, industry, generational, and life experiences—a tremendous resource for navigating uncharted territory. However, in practice, this occurs all too infrequently in the boardroom.

Management prefers to be buttoned up, limiting discussions to areas where they are advanced enough to steer the conversation. Directors, fearful of exposing their lack of technological proficiency, adhere to management’s script. To steer clear of these traps, focus the discussion not on technology but on how it could transform the economics, create new opportunities (and risks) for the business model, or blur the boundaries between industries.    As a director, how can you prepare yourself with a few insights before advocating for a “blue sky” brainstorming session?

  • Think like a customer. Put yourself in their shoes and consider the pain points and inefficiencies that likely drive them crazy. Then, ask yourself how these could be addressed by using unstructured data better to understand them or by linking intelligent automation to streamline the customer’s journey.
  • Look at what competitors or near competitors are doing. Get in the habit of doing your “research” every day. Monitor their press releases, white papers, industry developments, etc. During times of uncertainty, there is no shortage of opinions on the future!
  • Reflect on the parallels in your previous experiences. I lived through retail’s omnichannel transformation and see the same mistakes repeated with Gen AI (e.g., viewing it as a standalone capability vs. integrated into the entire business model/ ecosystem).
  • Talk to tech entrepreneurs or consultants in your network. Where do they see untapped opportunities?   What are they working on? Ask them for a demo, especially for B-to-B applications that aren’t as accessible to you as B-to-C.

Foresight is a tricky skill for many to understand.  It’s less about mastering prediction than channeling your innate curiosity to ask questions about what might be. Directors’ top-down perspective can help Management identify the right problems to solve.

Part 5. Committing to Full Installation: Plan What’s Next

While this quick start guide can help you get early traction and build your technology fluency, a single director cannot go it alone.   To be effective, you will need a broader coalition to join you in embracing the need to govern technology more purposefully, strategically, and proactively.  I have found three potential avenues to be effective in building your coalition:

  • Partnering with the board chair: This is the most direct path if you are blessed with a like-minded chair.   He or she can create the space on the agenda, frame the topic appropriately, push back on any naysayers, and set a plan in motion.
  • Teaming with two other tech-aware directors: Board diversity research has shown something magic about getting three voices (1/3 of a typical board) to break through boardroom inertia and catalyze change.
  • Joining forces with the CEO/other top management: If the first avenues are unproductive, you may face a broader board culture issue.   Appeal to the CEO and his/her key lieutenants driving the most transformational initiatives and discuss what support they need from the board.

Ultimately, you want to get your entire board on board with the enhanced technology governance role described in our NACD 2024 Blue Ribbon Report (link to BRC report).   To quote one of our BRC co-chairs, every board eventually needs to have “the talk” to level set where they are and what they need to do differently. This demands:

  • Oversight: Revised board processes, practices, and structures to ensure philosophical alignment between management and the board on technology.
  • Insight: Focused individual and collective education to become a technology-literate board, and scorecards with more meaningful insights than rear-view ROI metrics.
  • Foresight: Fostering a boardroom culture that makes “safe discussions” of the unknown possible, with dedicated time set aside to enable such discourse.

These changes won’t happen overnight. But rapid technological changes will. So, don’t delay. Start today to ensure your organization remains relevant tomorrow. Hopefully, this quick start guide inspires you to take the first steps.