Ever since the Y2K scare, boards have grown increasingly nervous about corporate dependence on information technology. Since then, computer crashes, denial of service attacks, competitive pressures, and the need to automate compliance with government regulations have heightened board sensitivity to IT risk. Unfortunately, most boards remain largely in the dark when it comes to IT spending and strategy. Despite the fact that corporate information assets can account for more than 50% of capital spending, most boards fall into the default mode of applying a set of tacit or explicit rules cobbled together from the best practices of other firms. Few understand the full degree of their operational dependence on computer systems or the extent to which IT plays a role in shaping their firms’ strategies.
A version of this article appeared in the October 2005 issue of Harvard Business Review.