The Case for CIOs on Corporate Boards

The following is an excerpt from The CIO Paradox: Battling the Contradictions of IT Leadership, by Martha Heller.

[Part 2 of 3]

[Read Part 1: The Bias Against CIOs on Corporate Boards]

If you happened to catch my last blog on the subject of CIOs on corporate boards, you probably felt afterwards like you should just turnoff your smartphone, laptop or tablet and take a moment to mourn the loss of a board experience during your career. But before you do that, and just to make us feel good, let’s build the case for boards to appoint CIOs.

1. Diminishing Supply of CEOs

With the economic volatility of the last several years, CEOs have to deal with problems at their own companies, and many no longer have the bandwidth to attend to another company’s challenges. “The fact is, many companies do not want their own CEOs to sit on other boards. Board work is incredibly time consuming,” says Doreen Wright, former CIO at Campbell Soup and Nabisco, and current board member at Dean Foods and Crocs. “In times of crisis, my own boards have met twenty times in a three-month period. These days, companies do not want their executives gone for that long.”

2. Diversity of Personalities is Good

Boards often include a number of CEOs who have just retired and are not yet ready for a life of golfing and gardening. “There is a problem with this approach,” says Wright. “These executives are fresh off of a successful CEO career, which is great, but now you have a board populated by people who are used to making all of the decisions. When you have too many chiefs around the table, it’s a mess.”

If you look at senior management teams as a model, you find a blend of CEOs, P&L leaders, and functional heads. “It is the functional leader, whether it is the CIO, head of HR, or head of legal, who understands how to do things in large enterprises in a consistent, cohesive manner,” says Wright.  “Functional leaders have to be highly collaborative. They have to understand how to reconcile big differences and natural tensions between, let’s say, a P&L leader and a particular function. The functional leader has a very different orientation than a P&L leader, which can be very valuable for a board.” And what works for an executive committee should work for a board.

3. CIOs Have the Broad View

My favorite phrase lately is: The CIO is at the nexus of all things. As CIO, there is no part of the business for which you do not have some sort of accountability. In such an integral role, you have an intimate knowledge of the business from beginning to end. “Boards need to understand that with a CIO, you are not just getting IT expertise,” says Wright. “You are almost always getting more.” The CIO is the only executive in the company who sees a business process from beginning to end. No other function, not even supply chain, sees everything: how you procure materials, how you make the product, how you package, ship, and sell it, how you collect the money in accounts receivable. So, just by definition, a CIO understands the company’s business processes better than anyone. “That’s an amazing perspective to have on the board,” says Wright.

4. Crisis Management

We can all cite scenarios where companies are in crisis precisely because of IT. A few years ago, my firm conducted a CIO search for a company whose $100 million, global, single-instance ERP implementation went horribly wrong. The project team missed most of its deadlines, the steering committee went back to the well for more funding a number of times, and the company’s warehouses could not get up-to-date order information for weeks. In fact, things were so bad that the CEO said to me, “I know I won’t get the benefits I wanted from the ERP system. My only hope now is that the project doesn’t kill us.” And that is nothing compared with companies that have experienced major breaches in customer information security. Wouldn’t a board member with IT crisis management experience be of help here? “By turning a blind eye to IT, boards are ignoring one of the most key components of their chartered responsibility,” says Bob DeRodes, former CIO at Home Depot and board member at NCR and Veracode.

DeRodes cites the numerous service and information security failures of major corporations around the world. “One of the primary roles of a board is to govern over operational areas that can have a material impact on the corporations’ financial condition or brand value. What single area inside the corporation has more opportunity to negatively impact these factors than IT? The risks associated with massive IT deployments are not only not well understood, but the backgrounds of the board members governing these companies rarely prepare them to ask the right questions of the CIO or, more importantly, understand the answers,” he says.

5. Change Management

Not only, as CIO, do you have intimate knowledge of the business, you also play a major leadership role in changing the business. “When we put in an ERP at Campbell, we changed 1,800 business processes,” says Wright. “And I had to make sure that everyone was trained and everyone knew the new processes and everyone knew how to use the computer systems, and how to hold the hands of the people who were resistant to change.” Most boards are leading their companies through some kind of transformation, and transformation falls squarely in the wheelhouse of the CIO.

6. Risk Management is Hot

Whenever there is an economic downturn or a major crisis, boards take a step back and reevaluate their membership. “Since 2008, more boards are conducting self-assessments and asking, ‘Who do we have on the board? Let’s check the boxes. We want to expand internally; do we have that expertise? What about our risk management challenges? Do we have that covered?’ ” says Wright.

According to Bob DeRodes, the evaluations that boards are currently conducting has led many of them to consider risk more closely. And, of course, CIOs have a unique perspective on the topic. “Boards would benefit from someone who can ask questions about how the IT organization identifies, categorizes, and manages risk, even at the highest level,” he says. “Boards need someone who can say, ‘Explain to me, CIO, how you categorize your risks, how you think about them, and then how you go about managing them. What are the execution plans behind that management?’ ”

Of course, boards have been talking about risk for years—it’s a topic typically treated by board audit or finance committees. But risk has taken on a new meaning in our current technology environment. “Information security, privacy, compliance, all those issues are deeply embedded in the IT organization,” says DeRodes. “As these issues get increasingly complex and high-tech, it is getting more difficult for even auditors to explain what we’re doing and how we’re doing it. So you’re finding more and more board members wanting a technologist around the table just to be sure they understand what the IT organization is telling them about how they are protecting customer information.”

Stay tuned for part 3 of this series: "Get Yourself Onto a Board."