Since the 1990s the financial control processes that now loom so large in SOX compliance have resided in ERP systems, presided over by CIOs, who can provide unique understanding of how to apply those systems to SOX. The best of these CIOs also know how to go beyond mere compliance to automate business processes and financial controls to drive down the enormous costs of compliance.
business at risk. CIOs have not only been on the frontlines of data security, they also understand that ensuring data security encompasses links in the technology supply- chain that extend far beyond the company’s control.
service providers, and manage multiple distribution channels and customer touch-points. In all of these activities, technology plays a central role, providing the CIO with an enterprise-wide view of business—and an enterprise-wide view of risk management.
Data security has also moved to the forefront of risk management, largely as a result of high-profile security breaches at information companies, credit card companies, and banks, elevating concern about protecting the public’s personal information. Companies that fail to exercise diligent oversight in this area put their reputations and their
In matters of strategy and business acumen, the nature of global business and technology today ensures that CIOs in large, global and complex organizations have acquired skill and understanding that far exceeds the purely technical. Global businesses today operate complex supply chains, manage a variety of captive and outsourced
“As businesses continue to transform from batch to real time, risk management extends beyond traditional BCP/DRP to include a CIO’s ability on a board to provide a point of view and oversight on information, reputational, project execution and acquisition risks,” says James Dallas, Audit
profile names to their boards—and that usually means a celebrated CEO. Even the obvious ability of CIOs to exercise oversight of disaster recovery and BCP is easily discounted by companies who may erroneously believe that creating a plan and signing on for backup sites are one-time events rather than part of an ongoing oversight process.
A Compelling Case for Inclusion
With companies increasingly restricting the number of boards on which their CEOs can serve, the pool of qualified director candidates is shrinking. CIOs can significantly enlarge that talent pool. For despite all of the negative perceptions of CIOs, those with the right combination of experience and talents can make substantial contributions in a wide variety of areas—especially risk management and compliance as well as business strategy—which, taken together, add up to a compelling case for adding a CIO director.
Boardroom Brieng: Business Continuity and Disaster Recovery