What would such a committee look like?
The committee should include CIOs, IT consultants and general managers, recruited in most cases from outside the company, who have run IT operations and who are good general managers who understand the strategic potential of IT. As for who leads the committee, I don't think the chair should be a CIO. I would prefer someone with IT experience, perhaps someone who has been a CIO but now is a general manager or CEO.
I think the mechanics would be similar to the audit committee. I have an accounting background as well as IT, so I have worked on the audit committees of A&P and Novell to monitor large ERP implementations. In one financial-services company, for example, we audit-committee members discussed the industry consolidation that was going on, and the role that information technology played in terms of economies of scale, and then we had a larger discussion with the entire board. We had staffthe CIO and some other outside consultantsget a handle on these issues.
That's the kind of thing that's going to happen on an IT oversight committee. The committee needs to be informed about what the company is doing in these areas, and what is going on outside the company. It should meet three or four times a year, including an off-site visit to experience how another company makes strategic use of IT. There will be discussions of important themesemerging technologies, operations, architecture, strategic potential and jeopardy, competitive analysis. Members should have discussions about whether there are problems and then report back to the full board after every meeting. The oversight committee must be persistent in ensuring that the conversations are continuous and meaningful, but should not waste time by getting too deep into the details.