Writing an article about the ‘Top 3 Boardroom Risks’ in the middle of an actual war is tricky because it’s hard not to dwell on the extraordinary and immediate risks presented by a member of the nuclear club invading a European neighbor. My remit is technology, so that’s what I’m focusing on, with the assumption that the ‘Next Normal’ doesn’t involve excess gamma radiation.
Remember that the role of Boards (in the US, at least) has historically[1] been to look out for the interests of a dispersed group of Owners (Shareholders) who employ a team of Agents (Management) to operate the business on behalf of the Owners. Also, remember that Directors don’t ‘manage’ the business; they ‘oversee’ (or ‘govern’) the actions of Management employees who actually operate the business. Hence Boards are typically focused on the bigger picture, often longer-term issues than the C-Suite executives.
The challenge isn’t identifying significant risks facing Boards these days; what’s hard is picking just three risks from an ever-growing universe of threats. From my perspective as a CIO, here they are:
- Disruption of technology capabilities
- Failure to respond to Human Capital changes
- Inability to adapt to market & societal changes
Disruption of Technology Capabilities
I chose not to restrict this risk to the obvious one: Cybersecurity breaches. I’m not discounting cybersecurity because, for most firms, it’s an ever-present risk of large-scale, expensive—and potentially existential—disruption. If you haven’t heard your Board talking about cybersecurity, you must have dozed off at a Board meeting! But unless your firm is a high-value target or the focus of a nation-state adversary, you can take some basic precautions to reduce your risk of significant cybersecurity losses[2]. (Unfortunately, many firms haven’t taken these precautions, and won’t until their insurance carriers or regulators force their hands).
Boards should educate themselves about other technology risks. What happens if the real-time ERP that oversees your manufacturing and logistics process fails due to a snowstorm caving in the roof of your primary data center, or your old-technology network fails due to a carrier problem? What happens if your billing software incorrectly figures sales tax on millions of sales? Or if your systems crater due to an unexpected surge in orders? Or if your trading partner inadvertently sends you a million bad transactions through an automated interface, and they post in your system?
I’ve seen many types of failures across 30 years as a CIO in businesses from banking to manufacturing to logistics to energy. Most of them weren’t total shocks; they represent IT/process control failures, Technical Debt[3], or under-investment in ‘Availability
Management’ (what used to be called ‘Disaster Recovery’). Don’t let these topics scare you: if the CIO & CISO can’t explain these types of risks and their mitigation approaches, you have the wrong IT executives!
Failure to Respond to Human Capital Changes
The abrupt COVID-19 shift to Work From Home (WFH), followed by the ‘Great Resignation,’ plus the rise of DE&I (Diversity, Equity, & Inclusion) awareness, plus the emergence of Gen Z workers and ‘The Metaverse’ constitute a perfect storm for employers. Whereas firms used to have the upper hand when dealing with employees (which I would argue was never a good thing!), that’s not true in 2022.
Boards must educate themselves about diversity, the needs of 20-somethings entering the workforce, the cultural factors affected by WFH[4], and many other topics that, to be frank, make the privileged old white guys that comprise legacy company Boards very uncomfortable.
In the Acceleration Economy, it’s imperative that Boards and C-Suite execs clearly define and communicate their corporate goals and ideals and create and continually reinforce corporate cultures that make their firm an employer of choice for an increasingly empowered, enlightened, and impatient global workforce. If you can’t attract, retain, and motivate great people, you’ll quickly fall behind…and given today’s pace of change, perhaps losing the race to stay relevant and profitable.
Inability to Adapt to Market & Societal Changes
If managing through those considerable changes in your workforce’s composition and expectations wasn’t enough of a risk, what about the equally massive and equally rapid changes affecting customers, regulators, investors, and society as a whole?
Let’s start with changes to the very nature of firms and of Boards themselves. In the opening paragraph of this article, I used the term ‘historically’ to describe the nature of a firm. That model is called ‘Shareholder Capitalism’ and assumes that firms operate for the economic benefits of their owners. Recently, the exclusive focus on Shareholders and their economic benefits has come into question. Boards are being urged to look out for a much broader group of ‘Stakeholders’ and oversee a much more comprehensive set of outcomes: for owners, workers, customers, neighbors…all the way to the world as a whole5.
An example of Stakeholder Capitalism is the rise of ESG (Environmental, Social & Governance) investing and regulation. Boards must deal with a broad range of environmental concerns, such as accounting for ‘Scope 1 vs. Scope 2 vs. Scope 3’ emissions[5]. They must learn to listen to the opinions and concerns of all Stakeholders—while walking the legal tightrope of the ‘Duty of Loyalty’[6] to the firm and its Shareholders.
As complex as ESG and Stakeholder Capitalism may be, an even more significant element of this ‘Adaptation Risk’ for the Board is failing to take a leadership position in driving true Digital Transformation. Space precludes a deep dive into the meaning of Digital Transformation, but here’s my definition: “Digital transformation is a CEO- and Board-led reimagining of an organization’s culture, markets, products, customer experience, and employee experience that is driven—in part or entirely—by the promise or threat of technology.”[7]
If the Board can’t help Management envision the organization’s future, then devise an appropriate compensation structure to incent C-Suite executives to drive execution of the necessary steps—which may take years to carry out and which will undoubtedly be painful[8]— the organization’s long-term survival is in doubt.
We’ve just taken a rapid-fire journey through the landscape of Board-level Risk. If you’re on a Board, you’ve been dealing with these issues to some extent for a while. I hope I’ve helped CIOs, CISOs, and other CxOs understand the complex and rapidly shifting nature of Board risk and provided some insight into working with your Board on these issues.
- Hold your complaints until later, please ↑
- See my article 6 Cybersecurity Principles to Protect from Ransomware – Acceleration Economy ↑
- See Technical Debt and Its Consequences | Sadin on Digital – Acceleration Economy ↑
- See Corporate Culture Isn’t About Office Birthday Parties (cloudwars.com) 5 What is stakeholder capitalism? It’s History and Relevance | World Economic Forum (weforum.org) ↑
- See Cloud Wars Sustainability Roundtable (on24.com) ↑
- See (among many others) Fiduciary Duties in a Stakeholder Model of Corporate Governance (fordham.edu) ↑
- What is Digital Transformation Exactly? – Acceleration Economy ↑
- Cloud Wars Minute: Digital Transformation Requires Risk—Just Look at Meta (cloudwars.com) ↑
Want more tech insights for the top execs? Visit the Leadership channel:
