value insights

Corporate boards seek more IT expertise, but CIO presence still small- Valutrics

How CIOs add value to boards


Current statistics on the issue are difficult to find, but several leaders in this space confirmed they, too, see a growing number of corporate boards seeking CIOs to serve. They said boards need the unique insight into the transformative qualities of IT that successful CIOs can bring to the boardroom.

Experienced CIOs can bring a range of skills, from their expertise with governance, to their in-depth understanding of the IT organization and its budget, to their experience working with business leaders across the entire enterprise, said Martha Heller, president of Heller Search Associates, an IT recruiting firm in Westborough, Mass., and author of the forthcoming Be the Business: CIOs in the New Era of IT.

“Boards that don’t appoint CIOs are at a disadvantage,” she said. “They’re missing out on board-level governance of an area that has the potential to make or break a company.”


Like Banerji, Heller said corporate boards in the past sought out CEOs of high-tech companies when they wanted to gain technology insight, but have recently started to reach out to CIOs.

“Boards have come to realize, to their credit, that high-tech CEOs are not what they want. They want a CIO. A high-tech CEO knows his or her niche in the market; they don’t have the breadth and depth that a CIO has,” she said.

Boards often first seek out CIOs in response to something negative, Heller observed. They experience or see a competitor experience a cybersecurity breach, or they fall behind in leveraging technologies.

Richard Chambers, who as CEO of The Institute of Internal Auditors often works with boards, said a growing list of regulations, legislation and best practices require boards to demonstrate more oversight of risk.

“And there’s nothing that jumps out at you more than technology risk,” he said.

Yet, most board members don’t have a strong enough technology background to fully assess their companies’ cyber-risk profiles, he said. Without an IT expert on the board, members may overly rely on management’s assessment of technology risk.


“They won’t have anyone in the room to speak up and say, ‘What about X or Y?’ If you don’t have someone on the board who is able to stimulate that kind of conversation, as a board, you’re at the mercy of management in how they characterize performance, risk and the assurances they’re given,” Chambers said.

But technology risk expertise is not the only reason to put CIOs on corporate boards, Chambers said. “A good CIO is one who not only has the technology background and the cyber expertise, but also has a keen sense of business strategy and strong business acumen.”