Boards, not IT, should govern technology

11.08.2015
Company boards must maintain responsibility for governing large IT projects rather than give up control to the IT department, according to IT industry veteran, Russell Yardley.

"Boards need to govern the enterprise. They need to set the goals and policies, allocate the resources to achieve these outcomes; they need to verify that achievement and they need to hold management to account. Technology is no exception," said Yardley during a keynote speech at the ISACA CACS conference in Sydney on Monday.

Yardley, who is currently a non-executive director for NICTA, Readify and Folk, said although a lack of IT skills has left today's boards with little understanding of the opportunities and threats presented by technology, boards should still govern IT executives and their decisions around risky tech deployments.

The issue is the growing need for a process to ensure the details of technology proposals can be properly examined by the board.

"Often after a presentation by technologists, the board will make a decision and the technologist will say, 'the board didn't understand,'" he said.

"But the board is a group of individuals who bring independent information to the table, and we need those team members to be able to share their unique perspective to lead to a better outcome."

Yardley's belief is that good governance is always a team effort, as opposed to leaving decisions to single experts, with research backed up by mathematician James Surowiecki in his book, The Wisdom of Crowds.

"When I look at the six boards that I'm on, when the executive and the board are really working together as a team -- and I don't mean everyone is buddies, you can have pushing and shoving - we get the best results."

"We need the executives and the boards to work together to make decisions that are evidence- and data-based, but also to remain aware of the emotional connection and response required, because in the end it is people that make things work, not technology."

Better understanding technology

Following a number of highly publicised failed IT projects- including the Victorian Myki smart card travel system or the $1 billion Queensland Health payroll system fiasco - Yardley said the cause of most failures is in how the project was instigated, shaped and approved.

This is something which should be identified by the board and executive team, he said.

Boards should be taking it upon themselves to be educated in technology matters by bringing in two or three technology experts, and not be afraid of asking questions that display their own ignorance, Yardley said.

Read more:Intelligent machines part 3: Big data, machine learning -- where's it all heading

"All directors should be fully equipped to have a meaningful conversation about technology and be able to confidently play a role in its governance.

"Boards need to have two or three people that can lead the learning process, because it is a learning process, but it isn't one of abrogation. It's not about saying 'the experts will deal with the technology and we'll do everything else'.

"You need to use the experts on the board to build a dialogue so that people get the vocabulary they need, the case studies and the anecdotes, and all the different perspectives, and then you can bring together a much more honest experience."

Yardley recalled his time on the board of the Victorian Government's failed VicRoads' Registration and Licensing (RandL) project. He was invited to join the board as a technology expert after five years in operation, which had cost the state $112 million and began with "a grand vision" that Yardley claimed was long gone by the time he joined.

"That experience was incredible, I kept asking 'why didn't they stop this project three years ago' but it's really hard to see that when they are so invested in a project.

"When I've been on boards, and I've been there because of my 40 years in the tech industry, I can ask certain questions, and then others will say, 'I've wanted to ask that question for three years but I thought I'd look too stupid'.

Read more:NICTA tool to help manage natural disasters

"That's what happened when I got on RandL board, I started asking all these questions and everyone else admitted to have been worried sick about those things too... in the end they all knew it had to be terminated, and that's so often the case with technology."

Grilling the experts

The experience on the RandL board reinforced Yardley's belief about the culture in boardrooms, and the difference it makes when an expert is brought in and "grilled by the amateurs".

"Every answer to each question would generate ten more questions," he said.

"You get the amateurs and the experts to interact, and with the expert having to articulate what they think is important the layperson will learn and then ask better question of the expert.

"After doing this for a while the laypersons will say, 'you experts always want to do this, but we've thought about it and we think instead we're going to do this' -- and they will be right."

Read more:Intelligent machines part 2: Big data, machine learning and its challenges

Yardley recommended that to better understand technology, board members should seek to investigate and engage with technology on a regular basis, while also investigating technology in the same way they would investigate finance.

"There's a 30-year difference between the two approaches... but if a board was asking questions very similarly to the way they'd investigate finance and audit as they do with technology, they'd feel more comfortable," said Yardley.

"Think about the way you can take those areas of audit that are really mature and apply those to technology, you need to start to ask questions around the weight and ultimate outcome of technology and not get buried in the detail of it."

Technology is the easy part

Often when discussing technology with an organisation, Yardley said he concludes that technology is actually the easy bit to get right, and the complications lie in how organisations work.

"What we need boards to do is monitor and verify what actually has been achieved in the organisation, how mature its technology strategy is, and where the business case stops and the real challenges start," he said.

"We must ensure that the lessons that we're learning from these projects are shared and that we're providing hard evidence to be able to improve the future decisions that we're making.

"What's exciting is that technology today really is giving us the opportunity to invite real input from across the organisation around things that need to be overcome with technology solutions."

(www.cio.com.au)

Bonnie Gardiner