Risk does not exist in a vacuum. Considering it as such is a sure path to poor performance.

A Governance Model for Risk ...

The National Association of Corporate Directors counts among its members a great many members of corporate boards (large and small) and their advisors and over time has contributed some excellent guidance on corporate governance.

Recently it made available a paper written by one of its members, Gerald Czarnecki, chairman and CEO of The Deltennium Group Inc. Cyber Threats Necessitate a New Governance Model reflects what I believe to be the personal opinion of its author. While this isn't noted, I am assuming (and hoping) that these opinions do not reflect the opinions of the NACD.

Czarnecki makes some solid points.

The paper's theme is that technology-related risks, including cyber:

  • Are the most significant risks to organizations, in general and
  • They are not getting sufficient oversight by the board and its committees, both in terms of time allotted and the technical proficiency of the board members and advisors.

I have some sympathy for this.

That Has Some Flaws

Czarnecki believes that just as businesses establish a separate and specialized committee to provide oversight of financial reporting, including the performance of the external and internal auditors, so should they establish a separate committee to provide oversight of technology-related risks.

At a superficial level, this makes sense.

Financial reporting is an activity somewhat isolated from business operations. It can be viewed and managed as what I would call a siloed activity.

Learning Opportunities

Webinar
Learn how to optimize your digital customer journey
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
What it takes to do personalization well
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Review necessary steps to protect your business
Jun
8
Attracting—and Keeping—Your High-Net-Worth Investors
Join PwC to dissect their recent survey findings on a specific customer subset — high-net-worth investors.
Webinar
Discover the challenges that contact centers, AX, and CX face and how CAI-assisted applications can help solve them
Jun
13
The Future of Contact Centers with AI at the Helm
Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX
Webinar
What data should be collected to achieve meaningful engagement
Jun
20
3 Steps to Unlock Your Customer Data and Drive Revenue
Discover how Twilio Segment’s #1 Customer Data Platform helps implement data-driven strategies.
Webinar
AdobeStock_100712730
On demand
AI for Marketers: Optimize Personalization Across the Funnel
Understand the benefits of utilizing AI across your entire marketing stack
Webinar
Learn how to optimize your digital customer journey
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
What it takes to do personalization well
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Learn how to optimize your digital customer journey
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
What it takes to do personalization well
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Review necessary steps to protect your business
Jun
8
Attracting—and Keeping—Your High-Net-Worth Investors
Join PwC to dissect their recent survey findings on a specific customer subset — high-net-worth investors.
Webinar
Learn how to optimize your digital customer journey
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media

But technology-related risks are not. In fact, it is better to call them technology-related business risks. They are not critical for their own sake; they are critical because failures to manage them directly affect the achievement of organizational objectives. They impact the business and its success.

  1. All risks should be managed and reviewed within the context of the objectives and strategies they affect.
  2. Discussions by the board on strategies and performance need to include risk.
  3. Considering risk in a silo, whether technology-related or something else, is the path to poor performance.
  4. Technology-related risks are not the only risks to any objective. Board and top management need to know whether the totality of risk to any objective or strategy means that they should take action. The level of any single risk may not be cause for action, but when all related risks are considered it may be prudent to change strategy or take other steps.

On the other hand, the board does need to find the time to obtain assurance that technology-related risks are being appropriately addressed by management.

For that reason, I can see a need — at some, but not all organizations — to have separate discussions, perhaps with a specialized committee established for this purpose, with technical advisors, to give cyber and other technology risks appropriate attention. Each board will have to decide the best approach given its structure, the level of risks, and so on.

But, and this is a big BUT, having separate discussions or even a separate board committee should not distract the board from integrating the discussions of risk — all risks — with strategy and performance.

I welcome your views.

Title image by Andrew Phillips

fa-solid fa-hand-paper Learn how you can join our contributor community.