New and emerging technologies enable companies to become more efficient and capture competitive advantage – but they also create significant risks. The complexity of IT systems and projects is increasing. Proliferating policies are hard to monitor. Costs and benefits of new technologies are difficult to evaluate, even as advanced IT services like cloud computing are becoming increasingly easy for business units to purchase independently. The lines between corporate and personal technology are blurring. Most ominously, cyber attacks have matured into persistent, often state-sponsored threats to businesses in nearly every industry.
Leading audit committee chairs are discussing how the board’s and audit committee’s roles in IT governance are changing to keep pace with advances in technology. Read more about their top concerns, successful practices, and lessons learned.
Cybersecurity and the board
The hype around cybersecurity is fully justified. In discussions with Mark Hughes, BT Group Security, and Shawn Henry, former FBI official, audit chairs learned that companies face a number of formidable adversaries. Companies must fight them at the perimeter of the network and inside it. Boards need to focus more on cybersecurity, asking pointed questions of management and using outside experts.
The board and audit committee's role in IT governance
One member said, “IT is one of our [company’s] biggest advantages, but it’s really introduced a lot of risk that the board isn’t used to overseeing.” Members explored IT trends and described practices to ensure effective board and audit committee oversight.
Audit committee oversight of IT risk
Members were joined by chief information officers from several of their companies to discuss best practices for managing the risks introduced by new technologies, including cloud computing and social media.