Many have argued that data has become the most important asset for businesses and it is also clear that technology plays a fundamental role in how companies operate and compete. As such, oversight of the company’s technology-related activities and formulation of an effective technology strategy is an essential function of the board of directors and boards should carefully consider the need to create a board-level technology committee. Feldman and Potamianos, noting that creation of technology committees has proceeded slowly, argued that such committees can serve several important roles:
“It can serve to ensure effective and secure utilization of technology within the corporation, a broad area with a number of sub-responsibilities. It can also evaluate, and advise with respect to, the direction of the corporation’s technological evolution– something distinct from the technology management role previously noted and, within a technology-based corporation, a role that dovetails with the overall role of the board of directors in guiding corporate direction – and it can, in the process, oversee effective protection of the corporation’s intellectual property. Finally, the Technology Committee can recommend technology and procedures to meet the corporation’s financial and regulatory obligations with respect to privacy, data retention and data protection.”
Feldman and Potamianos noted that emphasis and objectives of technology committees will vary substantially from company-to-company since the mandates of such committees are not regulated by listing standards in the same manner as audit, compensation and nominating committees, thus freeing the board to structure and task technology committees in ways that are best for the particular situation. They explained by suggesting that the technology committee of a company in the computer networking industry might focus on the development of networking standards and evaluating strategic product development, a biotechnology company might have its technology committee concentrate on regulation of product development and a non-technology based company would likely have its technology committee spend relatively little time on technology strategy and devote most of its efforts to information security and business continuation risks.
In a December 2016 report on how board committees among S&P 500 companies had evolved to address new challenges, the EY Center for Board Matters mentioned that companies often created technology committees at the board level to assume responsibility for overseeing and assessing the company’s technology-related development and innovation strategies; making recommendations regarding the scope, direction, quality and investment levels; and overseeing the execution of technology strategies formulated by management. Technology committees also reviewed and discussed management’s assessment of the company’s technology profile and addressed related risks and opportunities. The functions of the technology committee may overlap with the risk and research and development committees. The sectors most likely to have a technology committee included financial services, industrials and materials.
The scope of the duties and responsibilities of the board-level technology committee will vary depending on the activities of the company and the decisions that the entire board makes with respect to allocating oversight authority among various committees. Companies that depend heavily on technology development, acquisition and commercialization will generally look to have the board-level technology committee proactively participate in technology planning and strategy. In other cases, the primary concern for the company will be in identifying and managing security risks for the information that the company collects and uses in the course of its business activities (e.g., cybersecurity, business continuity and disaster response). Many technology committees oversee both technology planning and technology-related risks; however, it is not uncommon for technology risk identification, assessment and management to be assigned to the board’s risk management committee.
When committee is charged with oversight of all of the company’s technology-related activities, including risks and opportunities, the scope of duties and responsibilities of the committee will be quite broad and include responsibility and authority to:
- Review and approve the company’s technology planning and strategy, including the financial, tactical and strategic benefits of proposed significant technology-related projects and initiatives.
- Review significant technology investments and expenditures
- Request and receive reports from management, as and when appropriate, concerning the implementation of the company’s technology priorities, including the cost compared to budget, the expected benefits and the timelines of implementation
- Remain informed of, assess, and advise the company’s senior technology management team with respect to monitoring and evaluating existing and future trends in information technology and new technologies, applications, and systems that relate to or affect the company’s technology strategy or programs, including monitoring of overall industry trends
- Receive reports from management concerning the company’s technology operations including, among other things, software development project performance, technical operations performance, technology architecture and significant technology investments and approve related policies or recommend such policies to the board for approval, as appropriate.
- Report and make recommendations to the board, as appropriate, as to the scope, direction, quality, investment levels and execution of the company’s technology strategies
- Oversee management’s programs relating to technology-related risks and opportunities including review, at least annually, of management’s IT security program and receipt of frequent updates on IT security from management
- Oversee effective protection of the company’s intellectual property right portfolio
- Request and receive periodic reports from management on their strategy for disasters and assess the company’s readiness for disasters to ensure continuity of the company’s business operations
- Oversee the company’s activities relating to sustainable technology management, typically through collaboration with the board-level committee charged with oversight of corporate social responsibility
When necessary, the charter should address potential overlaps with the duties and responsibilities of other board committees. For example, as mentioned above, responsibility for the oversight of risks associated with technology, including risk assessment and risk management, will often be reserved to the board’s compliance and risk management committee; however, provision should be made for that committee to report regularly to the technology committee on steps taken to mitigate technology-related risks and for the technology committee to have access to company executives with responsibility for important information technology initiatives and providing for security of the company’s intellectual property.
This article is adapted from material in Sustainability and Corporate Governance: A Handbook for Sustainable Entrepreneurs, which is prepared and distributed by the Sustainable Entrepreneurship Project and can be downloaded here.
Alan Gutterman is the Founding Director of the Sustainable Entrepreneurship Project, which engages in and promotes research, education and training activities relating to entrepreneurial ventures launched with the aspiration to create sustainable enterprises that achieve significant growth in scale and value creation through the development of innovative products or services which form the basis for a successful international business. Visit the Project’s Library of Resources for Sustainable Entrepreneurs to download handbooks, guides, articles and other materials relating to sustainable entrepreneurship and keep up with the Project’s activities by following Alan on LinkedIn, Twitter and Facebook.