Recently I was privileged to be part of a panel at the Governance Institute of Australia's annual conference. The focus was considering the risk universe and in particular, the board skills necessary for dealing with technological risk.
The panel was chaired by Founder and Chief Executive of Digital Asset Ventures Anthony Stevens, and the other panellists brought significant technology skills, including Macquarie University's Professor Michael Johnson and Group Executive - Technology at ANZ Bank Gerard Florian.
The panel considered the nature of technological risk in the current environment where governance extends far beyond the borders of the organisation’s operations and into the organisations with whom they transact, share services, and share information. There is also the impact of the BYOD world where employees are empowered to use technology often outside the organisation’s direct oversight.
The panel was in agreement that governance in this context is a complex and a significant task. There was also agreement that leaving technology as the responsibility of IT is not the way to proceed. The need to manage risk and ensure that non-technologically skilled executives have a basic understanding of the use and impact of technology in their business was a significant issue.
From a legal perspective, we noted that Section 189 of the Corporations Act 2001 (Cth) allows executives and directors to rely on the input and assistance of experts, but still requires them to make their own informed decisions even after relying on expert opinions.
Historically, case law shows us that it is often new and not well understood areas within organisations that give rise to major governance problems and major governance fails. On that basis, it is imperative that boards invest in upskilling themselves and also ensure that they have advice that understands the full range of risks technology poses for their organisation and a plan to mitigate and manage those risks.