Boards of directors increasingly are turning their attention toward IT. And while board-level oversight can be scary, evidence is mounting that CIOs, their departments and their enterprises can - and should - thrive in the spotlight. [...]

Corporate boards are increasingly aware of how dependent their companies have become on IT, and they are paying closer attention than ever before to its workings, even more so than they did during Y2K, according to Richard Nolan, a business professor at the University of Washington. At the same time, computer crashes, denial-of-service attacks and the need to automate compliance with new government regulations have heightened their sensitivity to IT risk and the need for board-level scrutiny. "There are so many opportunities where things can go wrong for CIOs," says Bob Weir, CIO of Northeastern University in Boston. As if managing a company's central nervous system wasn't enough responsibility, CIOs have become stewards for an enterprise's information assets and, in some cases, for as much as 60 percent of its capital spend, according to Nolan.

The trend toward board-level IT oversight may sound threatening to CIOs, especially since it's largely being driven by negatives such as risks and regulation. And it is true that since the majority of corporate directors are current or former CEOs and financial types, they don't always know a great deal about the costs, risks and benefits of implementing technology. Therefore, some board members may lack the qualifications to ask the right questions about IT. In some situations, they might focus too heavily on cost issues and not be able to help their CIO evaluate, say, whether he or she has a sound program in place for training sales staff on a new CRM tool to ensure that the deployment doesn't tank.

Yet, many IT executives are discovering that board scrutiny can be of benefit to them. CIOs whose boards pay attention to IT say it gives them greater visibility within the enterprise, puts IT on a level playing field with other functions represented by board-level committees - such as finance and HR - and provides support for evaluating projects, risks and investments. CIOs such as DTE Energy's Lynne Ellyn and FedEx's Rob Carter say executives who don't have such board-level attention should push for it, either through the audit committee or through a separate IT oversight committee. [...]

Three very convincing arguments for board-level IT oversight

1. The extent of corporate IT spending To convince your CEO or CFO that your board should be more concerned with technology, tell them exactly how much money the company spends on IT. But don't just throw the number on the table. If your company has never evaluated its total IT spending, the figure may frighten your higher-ups. Discuss the tally in terms of how it enables the corporate strategy and the return the company is seeing from it.
   
2. The company's dependence on technology Pick a couple of key business processes and explain how and where they are enabled by technology. Describe how your company could suffer if a key IT enabler of that process failed as well as how your company could benefit from increased automation. The degree to which systems support business processes will also help explain the size of your company's IT spending.
   
3. The role of IT in Sarbanes-Oxley compliance Financial reporting, access to data and data integrity require effective information systems. "You can't separate the increased focus on governance and controls from systems and information technology," says John Crowther, vice president and CIO of Diebold. "Going forward, they'll be even more tightly linked. Therefore, it's important to have someone address the executive committee and the board on the performance of those systems and their ability to meet the various requirements of Sarbanes-Oxley," he says.