What is the role of the board‐level technology committee?

Published date01 October 2019
Date01 October 2019
AuthorAmy M. Swaney,Steven A. Harrast
What is the role of the board-level technology committee?
Steven A. Harrast | Amy M. Swaney
Central Michigan University, College of
Business Administration, Mount Pleasant,
Amy M. Swaney, Central Michigan
University, College of Business
Administration, Bellows Street, Mount
Pleasant, MI 48859.
Email: swane1a@cmich.edu
Correction added on October 10, 2019, after
first online publication: Article type updated
to Blind Peer Review.
The board-level technology committee (TC) could play a significant role in enterprise
risk management. Unfortunately, only about 10 % of public companies have chartered
such a committee. There is evidence that the TC mitigates the negative market reaction
to data breaches (Higgs et al. 2016), suggesting that investors expect TCs to control
operational IT riskthe risk associated with technology that facilitates the company's
core operations, including external risk such as data breaches. Based on a review of
50 existing TC charters, we find that TCs today focus instead mainly on strategic
riskthe risk associated with strategic product technology developmentwith under
half of TCs including operational risk management in their charters. We see this as a
potential disconnect between stakeholder expectations of risk management and
company delivery on that expectation.
board of directors, corporate governance, risk management, technology committee
Today every company is a technology company, and
technology risk management has become a leading gover-
nance issue for companies all over the world. As companies
leverage information technology, threats arise from many,
diverse sources: strategic or product misdirection, systems
that do not support user needs, project failures, inadequate
attention to contingency plans, internal fraud and abuse, exter-
nal data breaches, and so forth. The media tend to highlight
these new technology risks, reporting on the cyber attack du
jour. Media attention has also generated government attention
to these technology risks, with Mark Zuckerberg testifying
before Congress multiple times in the past year. In spite of
this broad universe of IT threats, most companies lack a dedi-
cated, board-level infrastructure to oversee these risks.
Lacking a dedicated board committee to manage IT
risk, oversight would revert to the audit committee. How-
ever, with the post-SOX requirements for audit committee
independence, financial expertise, and increased
responsibilities, there is substantial concern that the audit
committee is already overloaded. With IT threats growing
in diversity and media attention, many stakeholders would
welcome a more robust corporate IT governance system.
To that end, some companies have chartered a dedicated,
board-level committee to oversee technology risks, called
the technology committee (TC).
While chartering a TC should be a move in the right direc-
tion, this is relativelynew phenomenon, existing in only about
10% of S&P 500 companies (Stewart, 2017). Not surpris-
ingly, the actual responsibilities and oversight role of the TC
is still unclear. With no guiding principles to companies as
they develop and charter new TCs, it is unclear whether they
are being created to manage all the diverse technology risks,
or if they tend to focus on one distinct type of risk. Is the TC
being used in companies today to address the strategic risks
(technology related to the product itself) or operational risks
(related to the underlying systems that drive the value chain)?
To shed some light on the purpose of the TC, we analyzed
the charters of 50 TCs todetermine their common characteris-
tics and how the TC might be useful as a governance entity.
Our findings are described in the following paragraphs.
Correction added on October 10, 2019, after first online publication: Article
type updated to Blind Peer Review.
Received: 10 June 2019 Accepted: 17 August 2019
DOI: 10.1002/jcaf.22414
J Corp Acct Fin. 2019;30:4347. wileyonlinelibrary.com/journal/jcaf © 2019 Wiley Periodicals, Inc. 43

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT