Directors & Boards published a bylined article by Russell Reynolds Associates'
David Finke about the rise of the qualified technology executive. The article is reprinted in its entirety below.
Technology powers today’s global economy. It’s hard to imagine a modern business that doesn’t rely on technology to serve its customers, transact with partners, and enable employees to work effectively and efficiently.
Leading companies across industries have been focusing on how best to leverage technology to enable digital transformation and unleash the power of big data and analytics to enhance business results. Many have added a chief digital officer to their management ranks and digital directors to their boards. At the same time, the risk of technology failure has never been more acute. Technological and cyber security mishaps have been responsible for a number of recent business catastrophes, such as halting trading on a major exchange, causing a leading retailer to lose the trust of millions of its customers, and exposing confidential communications among the leaders of an entertainment giant.
Oversight of a company’s technology infrastructure traditionally has been considered a back office management function that can effectively be handled by a chief information officer (CIO) or chief technology officer (CTO) on the senior management team.
As the need for managing technology risks and opportunities across an enterprise continues to increase, boards need to take a more proactive and informed stance on technology governance. However, the boards of some of the world’s largest organizations are not equipped to ask the right questions or make well-informed assessments about the risks and implications of technology across the organization.
Just as companies are required to have audit committee financial experts to provide financial oversight, given the critical role technology plays in an organization, it is only a matter of time before qualified technology experts become mandatory.
Defining the QTE
A qualified technology executive (QTE) is an individual possessing a high degree of current technology-relevant domain experience. She or he provides oversight and guidance on technology matters of crucial importance to the company in the context of the broader business, from the board perspective.
Whether as a standalone QTE who sits on the audit committee or a member of a broader technology committee, a QTE is responsible for vital input on key technology decisions that require board-level attention, asking the right questions and providing appropriate perspective to ensure that the board and management give proper consideration to the issues at hand.
To do this, QTEs must bring an outside-in point of view to make sure that the board and management team are neither myopic nor too internally focused when addressing strategic technology topics.
A QTE also should provide board-level mentorship to the leaders of the technology functions — CIO, CTO, CISO (chief information security officer) — and the chief executive officer. Key characteristics of a QTE are identified in the accompanying box.
Our research shows there still are very few qualified technology executives on the boards of the largest U.S.-listed companies. To address this issue, we recommend that boards start by asking the following four key questions about their current composition:
Does anyone on the existing board have a clear and deep understanding of the nature and magnitude of the major technology risks faced by the company?
Does the company have an adequate technology strategy, team and investment plan in place to reduce those risks?
Who on the board can challenge the company’s executive leadership team while mentoring C-level technology leaders on mitigating technology risks and maximizing opportunities?
Who on the board owns the governance for technology investment?
No one-size-fits-all solution
Appointing a QTE clearly is not a one-size-fits-all proposition. Companies in different industries face varying sets of technology opportunities, challenges and risks. For example, financial services companies that depend on transactional information technology systems with massive scale will require a QTE with significant experience in scaled infrastructure. Companies that handle large volumes of confidential customer data will need to place adequate weight on cyber security expertise.
Key characteristics of a QTE
An impressive career in technology leadership, with C-level responsibility for strategic and/or mission-critical technology-related decisions in a business of appropriate scale and complexity.
Strong educational and professional technology credentials.
Ample board exposure either as a board member or as an executive who presents frequently at the board level.
The same big-picture business strategy and operational perspective expected of any board member. Importantly, technology expertise should never be the only reason to invite someone to join a board, which usually can’t afford to dedicate precious seats to individuals with narrow expertise.
Responsible for technology decision making in the context of a broader executive role with an understanding of all the levers of a business.
Involvement in technology since the introduction of the iPhone (2007).
Currently a participant in or with considerable ongoing exposure to the technology domain areas, issues and trends most relevant to a company’s business.
QTEs must bring an outside-in point of view to make sure that the board and management team are neither myopic nor too internally focused.
Should we add a cyber security expert or a QTE?
No company is immune from cyber attacks, and this means that cyber security will be on corporate boardroom and executive agendas for the foreseeable future. In a recent survey of 200 corporate directors conducted jointly by NYSE Governance Services and Veracode, more than 80% of board members responded that cyber security now is discussed at most or all board meetings. Underscoring this issue is a bill introduced in in the United States Senate in December 2015, The Cybersecurity Act of 2015. If enacted, this bill will require the Securities and Exchange Commission to issue new rules mandating public companies to disclose cyber security experience or expertise held by their board members in the companies’ annual reports or proxy statements.
While cyber security certainly warrants careful board attention, it is not the only technology issue that can impact the fate of a company. We recommend that boards assess the full range of technology issues relevant to the company and then consider adding one or more QTEs with expertise across the range rather than zeroing in on narrow expertise in one critical discipline.