Directors: Don’t Approve a Tech Purchase Without Asking These Questions

Any corporate board member knows how to read a balance sheet or analyze an income statement. But how many can explain the nuances of cloud computing or the difference between a database and a data lake? Despite tech’s growing centrality to every industry, many board directors lack expertise, understanding and confidence in the area. Some still turn to their kids when they encounter WiFiproblems at home. But that knowledge gap carries increasingly serious risks for businesses.

Since boards are responsible for holding management accountable, all directors should be relatively fluent in questioning companies’ tech strategies, as well as ensuring that third-party providers receive strong oversight.

That doesn’t mean just tapping the few members with tech backgrounds who can work knowledgeably with the CIO, CISO or CTO in sub-committees. All directors should be equipped to scrutinize whether management has fully considered the opportunities and landmines of a new tech endeavor, as well as how it fits into the company’s overall strategic direction. Here are questions directors should be asking management, regardless of their personal familiarity with digital transformation.

1. Who, what, when, where, why?

By now, the reputational risks of a major security breach have trained most directors on scrutinizing cybersecurity. But that’s just table stakes. Directors need to expand their remit to keep management accountable on the overall digital strategy, asking tough, probing questions about the use of data, the ROI from new tech investment and the impact of change on employees and customers. Directors can take a page from any dogged reporter’s manual and ask the 5W questions: Who, what, when, where, why.

That last one is the most important. When you suspect there’s a problem and you need to get to the root cause, just keep asking, “why?” “Why should we do it this way?” “Why does it cost so much?”

Using this 5W approach, they’ll be able to peel back the onion on any technology plan. Better yet, they’ll help manage risk.

2. How does this fit into the company’s overall strategy?

Board directors should act as checks on the instincts of CIOs, who can sometimes become enamored with the next tech “shiny new thing” without considering the broader ramifications. A great tactical plan might align with one component of the business but fail to consider the comprehensive plan. Questions board directors can ask include: Will the new platform or software help our company achieve its broader business goals within three to five years? How does this tech strategy align with business strategy? And how does this help us compete in the broader marketplace? 

3. Is your organization ready for change?

One client I worked with had a plan to upgrade the inventory system in its football stadiums to alert concession owners when supplies were running low. It looked great on paper but ran into problems in practice because the concession managers weren’t on board with the change.

Can your CIO, CISO or CTO confirm that the company’s people, processes and culture are in place to make it work? In addition to the technology itself, what does management need to do to address the human elements of technology change. And, if the change is too big or disruptive, companies may consider setting up a separate unit for testing and incubation.

4. What are the risks?

It’s the board’s responsibility to ask what could go wrong with new tools, plus how they could be received by customers and what kind of back testing is being done to bullet-proof the system.

For example, AI and machine learning are among the biggest buzzwords these days, but boards shouldn’t give the CIO a free pass on purchasing them without scrutiny. AI tools can certainly boost productivity and product innovation, but they might also bring unforeseen risks. In some cases, AI tools create data bias, which can have unintended consequences for customers and the company’s reputation.

5. Are we maintaining what we have already?

The pandemic did for digital evolution what very few CEOs could do: sped its adoption exponentially. Have the company’s controls and processes around technology kept up with the rapid pace of change, including the shift to remote work, the move to the cloud, and the explosion in third-party providers? These changes have affected everything from disaster recovery plans to measuring employee performance, and boards need to assure that management is doing enough to keep up. The answers are vital to knowing whether a new purchase is appropriate.

We are at a pivotal turning point: Years ago, it was rare to find a board director who was fluent with technology and could hold CIOs accountable at a granular level. In five to seven years, I predict most will be tech aware, if not entirely tech savvy. Until then, however, all board members need to recognize their central role in ensuring tech is aligned with business goals and raise their game accordingly. The good news: It’s entirely possible, even if they have to rely on their kids for IT support at home.

A few pointed queries about strategy, risk and change management can put CIOs, CISOs or CTOs in the spotlight, perhaps saving the company millions and those professionals their jobs.