Technology has emerged as a critical issue for boards over the past few years. Domini Stuart examines how directors can capitalise on this development by improving productivity and stewardship within organisations.
As companies grow more dependent on technology, boards are operating in an environment of rapid and continuous change. Cloud computing, for example, has transformed the way companies operate, yet it is barely 15 years since cloud computing company salesforce.com pioneered the idea of using a website rather than in-house computer infrastructure to access business applications.
“Traditional IT systems used to be one of a company’s biggest expenses,” says Karl Adolfsson, business advisory partner at Crowe Horwath in Sydney. “Cloud-based financial systems such as accounting software and enterprise resource planning (ERP) solutions opened the door to more cost-effective solutions because you can pay for these services as you need them and maintenance, such as system upgrades and new hardware, is usually included in the [subscription/access] price.
“This not only helps to minimise costs, it means that many small companies are much better placed to compete with bigger and wealthier organisations,” he adds.
Digitisation of business processes has also made it possible to collect and process data on a massive scale. “Big data is the term used to describe all of the information a business can collect – and it can give boards an unprecedented insight into the business,” says Tessa Court, CEO of IntelligenceBank. “At a micro level, dashboards in board portals can provide key performance metrics and also allow directors to dig down into the detail. On a macro scale, it can help directors to establish their priorities and identify where critical decisions need to be made.”
Within the next 18 months, most businesses should have access to the national broadband network (NBN). This promises fast, reliable and affordable services from a range of providers. And, by putting companies around the country on a level footing with those in city centres, it will enable them to be more competitive.
“Boards should be thinking now about business models and ways of working that assume this level of connectivity,” says Dr Greg Spencer MAICD, principal consulting partner at Beyond Technology.
Spencer also anticipates a rapid increase in cloud-based mobile and flexible work practices. “Devices such as the Surface Pro 3, Samsung Galaxy S6 and iPhone 6 are introducing mobile capabilities that we could only dream about a year ago,” he says. “For example, the new ‘digital dividend’ spectrum allows users to access consistent 4G services inside buildings where devices would previously have defaulted to the slower 3G.”
Most directors now take it for granted they can access their board papers, minutes and resolutions electronically anywhere, anytime. “The latest secure board portals can be used on any device and with every operating system, so they’re not even restricted to an iPad,” says Court.
Directors may soon want to ditch their laptops in favour of a new-generation hybrid tablet/PC with full business capability. And, while there is a plethora of devices designed for frequent travellers, it’s also possible to travel light.
“I consider just three things to be essential – noise-cancelling headphones, my phone and a good book,” says Adolfsson. “I like to remind myself that there’s a world beyond technology.”
Some publicly-listed companies are already providing information to their shareholders online or via a mobile app. “At the moment, this isn’t much more than you can get from the ASX,” says Thomas King, general manager of AusCERT, a not-for-profit cyber-security group based at the University of Queensland.
“They could do more work around providing early market information but I think the big payback will come from apps that are specific to the company. For example, if you’re a manufacturer, an app that mapped your business processes from building your sales pipeline through getting an enquiry and providing a quote to fulfilling an order could help you to streamline the process and reduce your response times,” he says.
Cloud may have the power to transform a business but it would be a mistake to presume it is always the best solution. “Cloud should be considered in the context of the overall strategy,” says King, “For example, if your goal is to reduce your time to market, a cloud solution might give you the speed you need.”
“But if you look into it more deeply, you could find that you’re only gaining speed because you wouldn’t be imposing the same restrictions on your cloud provider as you do on your own IT department. This makes no sense at all. Give your people a level playing field and you could have the speed and agility you need in-house.”
Before making any decision, the board needs to ask the right questions around benefits of privacy, risk management and cost control. “For example, if you have legacy or paper-based systems, re-tooling to collect and analyse big data can be very expensive,” King continues. “Directors must be able to weigh the benefits against the cost.”
The board should also consider whether the structure of the organisation would need to change. “To make the most of the technology, you might need to move away from an administration model to one that is more focused on strategy and innovation,” says Andrew Mackenzie, business development manager at software and services provider Professional Advantage.
The overriding concern for most boards is cyber security. “Directors need to know where information they retain on their customers, suppliers and competitors is going to be stored, how it can be accessed and what would happen if their cloud provider was hacked,” says King.
“Would they be liable? Would they have broken any laws or regulations? What would be the fallout in terms of reputational damage and how would they manage this? The board needs to be sure that management understands the real costs involved and that they’re going into any new relationship with their eyes open.”
However, risks also need to be kept in perspective. “Most mega vendors are subject to far more security certifications and standards than a typical corporate could even consider,” says Mackenzie. “They’re also very transparent, and some even allow third-party penetration tests. It would be a pity if irrational concerns about the security of a provider prevented a company from taking advantage of the same benefits as their competitors.”
Major software vendors and ERP providers do invest very heavily in security but thorough due diligence is vital to ensure that appropriate standards are being maintained. The board should also be looking closely at security inside the organisation.
“A rogue employee can do a lot more harm than someone hacking into your system,” says Adolfsson. “And, thanks to social media, even well-meaning employees can send out information which could break a company in a matter of minutes. The board should check that there’s an effective social media policy in place.”
A media feeds dashboard integrated into the board portal will alert directors to social media activity as it occurs. “A director can’t afford to wait until the next board meeting to find out about a new market entrant or a threat to corporate reputation,” says Court.
Policies and precautions
Greater mobility enables staff to be more productive but, the more mobile devices you have, the greater the risk to security. Again, the board needs to know there’s an effective security policy in place and that all employees know how they’re expected to behave. “This is a responsibility that the board must take seriously,” says Mackenzie. Directors should also take sensible precautions. “Directors’ mobile devices are increasingly vulnerable as the gap between work and play continues to converge,” says King.
“You could easily have sensitive business information on the iPad the children are playing with. It surprises me how few directors take the most basic security precautions, such as having strong passwords, not sharing them and having a plan in case their phone or tablet gets lost.”
Many directors are easy targets for hackers because their online board portals are not secure. “Methods such as consumer file syncing applications make it easy to share documents because they rely on creating public links to information without having to log in,” says Court.
“But there are now search engines that trawl these public links and make board papers containing sensitive financial and strategic information visible to the public. Emailed board papers are also easy to access because they are often downloaded without encryption.
“Since the names of most directors are publicly available, even a low-level hacker can uncover sensitive information on a personal computer. Every board should be using a secure option.”
As opportunity and risk continue to evolve, some boards lack the skills and understanding to oversee IT.
“Even when they seek external independent assistance there can be problems because the organisation’s internal governance structures are less than adequate,” says Spencer. “Some executive teams take a ‘don’t ask, don’t tell’ approach because they don’t feel equipped to have a technical discussion with the IT people.”
Groups like AusCERT can help organisations to prevent, detect, respond to and mitigate cyber and internet-based attacks. And Spencer recommends an approach he describes as “IT excellence by design”.
“This ensures the company has a deliberate IT strategy based on effective IT governance structures and regular independent review,” he says.
“It provides boards and management with the certainty they need that IT is focused on business enablement rather than unimportant technical constraints.”
10 questions to ask the management team
1. How is management leveraging improvements in IT for the business?
2. Who is making decisions about what should be in the cloud and what should stay in-house?
3. Are we getting independent advice or relying on vendors for information?
4. Are we doing thorough due diligence on cloud providers?
5. Who is responsible for managing the risks associated with cloud computing and do they have the necessary skills?
6. Are we collecting and analysing big data? Have we weighed the potential benefits against the cost of implementation?
7. How well are we monitoring social media? Will the board and management be alerted if something potentially damaging appears?
8. Who is responsible for the information we post on social media? Is there a company-wide policy that all employees know about and understand?
9. What are we doing to prepare for the rollout of the national broadband network (NBN)?
10. Is the online board portal secure?
Already a member?
Login to view this content