CRITICAL BOARD REPORTING REQUIREMENTS FOR DIGITAL

Boards rely on insightful and timely information to properly execute their fiduciary responsibility to manage risk within a company.  The question is what types of information should management share with the board regarding technology innovation? This proposal identifies a two fundamental reporting needs based on today’s legal and regulatory statues and guidance, and suggests ways to present the information.

First, every director should be acutely aware of a company’s cyber security strategies, budgets and talent.  Given the “guidance” from the SEC it is clear that the government is placing more accountability at the board level to ensure the faithful execution of improved cyber security risk and notification process.

Directors should have access to audit reports, penetration tests and PCI compliance reviews on a regular basis. These reports should be jargon-less reporting on the key exposures, level of business disruption and steps including budget to rectify. Normally, these insights are produced annually and provide good insight to best practices regarding cyber security. These best practices do not limit themselves to technology only topics, but discusses talent, process and cultural challenges that need to be addressed as well.

Due to the cadence of these reviews in the normal business year, a cyber security review should be conducted with the board annually. Approved cyber-security initiatives that are important to the board should be reviewed at each board meeting and guidance and support provided where necessary.

Second, since technology is rapidly changing industries and creating new competitors every day, boards need to understand managements technology and innovation strategy. They need to understand the approach to technology strategy and innovation to perform their due diligence challenging the approach and assumptions and when satisfied, supporting the initiatives.

Road maps displaying technology initiatives and understanding status are important. However, reliance of road maps, project statuses and budget reviews miss other, more useful information. Boards need to understand how the individual technology or innovative initiatives impact customer experience, product innovation or operational efficiency. This insight is needed so that board directors, normally steeped in business strategy and competitive models can ensure a prudent and well considered course for the organization. Once understood a portfolio approach to investment is required, to balance short term and long term tradeoffs that are in alignment to the company’s operations and strategy.