This study investigates how to best measure IT competency on corporate boards of directors. Using a survey of 75 directors in Sri Lanka, the research compares the effectiveness of indirect 'proxy' measures (like prior work experience) against 'direct' measures (assessing specific IT knowledge and governance practices) in reflecting true board IT competency and its impact on IT governance.
Problem
Many companies struggle with poor IT governance, which is often blamed on a lack of IT competency at the board level. However, there is no clear consensus on what constitutes board IT competency or how to measure it effectively. Previous research has relied on various proxy measures, leading to inconsistent findings and uncertainty about how boards can genuinely improve their IT oversight.
Outcome
- Direct measures of IT competency are more accurate and reliable indicators than indirect proxy measures. - Boards with higher directly-measured IT competency demonstrate stronger IT governance. - Among proxy measures, having directors with work experience in IT roles or management is more strongly associated with good IT governance than having directors with formal IT training. - The study validates a direct measurement approach that boards can use to assess their competency gaps and take targeted steps to improve their IT governance capabilities.
Host: Welcome to A.I.S. Insights, the podcast at the intersection of business, technology, and Living Knowledge. I’m your host, Anna Ivy Summers.
Host: In a world driven by digital transformation, a company's success often hinges on its technology strategy. But who oversees that strategy at the highest level? The board of directors. Today, we’re unpacking a fascinating study from the Communications of the Association for Information Systems titled, "Unpacking Board-Level IT Competency."
Host: It investigates a critical question: how do we actually measure IT competency on a corporate board? Is it enough to have a former CIO on the team, or is there a better way? Here to guide us is our expert analyst, Alex Ian Sutherland. Alex, welcome.
Expert: Thanks for having me, Anna.
Host: So Alex, let's start with the big picture. What is the real-world problem this study is trying to solve?
Expert: The problem is that many companies have surprisingly poor IT governance. We see the consequences everywhere—data breaches, failed digital projects, and missed opportunities. Often, the blame is pointed at the board for not having enough IT savvy.
Host: But "IT savvy" sounds a bit vague. How have companies traditionally tried to measure this?
Expert: Exactly. That's the core issue. For years, research and board recruitment have relied on what this study calls 'proxy' measures. Think of it as looking at a resume: does a director have a computer science degree? Did they once work in an IT role? The problem is, these proxies have led to inconsistent and often contradictory findings about what actually improves IT oversight.
Host: It sounds like looking at a resume isn't telling the whole story. So, how did the researchers approach this differently?
Expert: They took a more direct route. They surveyed 75 board directors in Sri Lanka and compared those traditional proxy measures with 'direct' measures. Instead of just asking *if* a director had IT experience, they asked questions to gauge the board's *actual* collective knowledge and practices.
Host: What do you mean by direct measures? Can you give an example?
Expert: Certainly. A direct measure would assess the board's knowledge of the company’s specific IT risks, its IT budget, and its overall IT strategy. It also looks at governance mechanisms—things like, is IT a regular item on the meeting agenda? Does the board get independent assurance on cybersecurity risks? It measures what the board actively knows and does, not just what’s on paper.
Host: That makes perfect sense. So, when they compared the two approaches—the resume proxies versus the direct assessment—what were the key findings?
Expert: The results were quite clear. First, the direct measures of IT competency were found to be far more accurate and reliable indicators of a board's capability than any of the proxy measures.
Host: And did that capability translate into better performance?
Expert: It did. The second key finding was that boards with higher *directly-measured* IT competency demonstrated significantly stronger IT governance. This creates a clear link: a board that truly understands and engages with technology governs it more effectively.
Host: What about those traditional proxy measures? Was any of them useful at all?
Expert: That was another interesting finding. When they looked only at the proxies, having directors with practical work experience in IT management was a much better predictor of good governance than just having directors with a formal IT degree. Hands-on experience seems to matter more than academic training from years ago.
Host: Alex, this is the most important question for our listeners. What does this all mean for business leaders? What are the key takeaways?
Expert: I think there are three critical takeaways. First, stop just 'checking the box'. Appointing a director who had a tech role a decade ago might look good, but it's not a silver bullet. You need to assess the board's *current* and *collective* knowledge.
Host: So, how should a board do that?
Expert: That's the second takeaway: use a direct assessment. This study validates a method for boards to honestly evaluate their competency gaps. As part of an annual review, a board can ask: Do we understand the risks and opportunities of AI? Are we confident in our cybersecurity oversight? This allows for targeted improvements, like director training or more focused recruitment.
Host: You mentioned that competency is also about what a board *does*.
Expert: Absolutely, and that’s the third takeaway: build strong IT governance mechanisms. True competency isn't just knowledge; it's process. Simple actions like ensuring the Chief Information Officer regularly participates in board meetings or making technology a standard agenda item can massively increase the board’s capacity to govern effectively. It turns individual knowledge into a collective, strategic asset.
Host: So, to summarize: It’s not just about who is on the board, but what the board collectively knows and, crucially, what it does. Relying on resumes is not enough; boards need to directly assess their IT skills and build the processes to use them.
Expert: You've got it. It’s about moving from a passive, resume-based approach to an active, continuous process of building and applying IT competency.
Host: Fantastic insights. That’s all the time we have for today. Alex Ian Sutherland, thank you for breaking this down for us.
Expert: My pleasure, Anna.
Host: And a big thank you to our listeners for tuning into A.I.S. Insights, powered by Living Knowledge. Join us next time as we continue to explore the ideas shaping the future of business.
Board of Directors, Board IT Competency, IT Governance, Proxy Measures, Direct Measures, Corporate Governance
