Richard Nolan: A Committee of One's Own - ' Page 4 '

( Page 4 of 6 )



What would such a committee look like?

The committee should include CIOs, IT consultants and general managers, recruited in most cases from outside the company, who have run IT operations and who are good general managers who understand the strategic potential of IT. As for who leads the committee, I don't think the chair should be a CIO. I would prefer someone with IT experience, perhaps someone who has been a CIO but now is a general manager or CEO.

I think the mechanics would be similar to the audit committee. I have an accounting background as well as IT, so I have worked on the audit committees of A&P and Novell to monitor large ERP implementations. In one financial-services company, for example, we audit-committee members discussed the industry consolidation that was going on, and the role that information technology played in terms of economies of scale, and then we had a larger discussion with the entire board. We had staff—the CIO and some other outside consultants—get a handle on these issues.

That's the kind of thing that's going to happen on an IT oversight committee. The committee needs to be informed about what the company is doing in these areas, and what is going on outside the company. It should meet three or four times a year, including an off-site visit to experience how another company makes strategic use of IT. There will be discussions of important themes—emerging technologies, operations, architecture, strategic potential and jeopardy, competitive analysis. Members should have discussions about whether there are problems and then report back to the full board after every meeting. The oversight committee must be persistent in ensuring that the conversations are continuous and meaningful, but should not waste time by getting too deep into the details.

Ten Questions Every IT Advisory Committee Should Ask

1. Is the company getting adequate return from its investment in information resources?
2. Does the firm have the appropriate IT to exploit its intellectual assets?
3. Does the firm have management practices to guard against technology obsolescence?
4. Does the company have adequate security to protect its information assets?
5. Does the company have management processes to ensure 24/7 service levels?
6. Are processes in place to exploit discovery and execution of IT strategic opportunities?
7. Are processes in place to ensure that an IT failure won't damage the business?
8. Is benchmarking a standard practice to ensure the company's competitive cost structure?
9. Are procedures in place to ensure against costly lawsuits?
10. Are processes in place to ensure against IT-based surprises to senior management?

>>> More Expert Voices Articles          >>> More By Allan Alter