How often (annually, semi annually or quarterly or as needed) should the CIO brief the Board (BOD) on state of technology in the organization?
Sort By:
Oldest
Senior Enterprise Architect, Application Consulting in Healthcare and Biotech4 years ago
Quarterly, if not more frequently. In today's world the board needs to be apprised of the organization's technology position as often as financials, HR and operations performance are communicated. Information security, effective support of remote employees, and competitive application of e-commerce technologies are just a few of the disciplines that every company board should be monitoring.Senior Information Security Manager in Software4 years ago
Like the answer to all information security questions, it is ‘it depends’.Depends on issues such as: how tech savvy is the board? How connected are they to IT? How much do they want to know?
Once questions like that are quantified, then you can know how often they should be briefed.
With that, I think semiannual works for most organizations as annual is just not frequent enough.
Senior Enterprise Architect, Application Consulting in Healthcare and Biotech4 years ago
Ben, I don't disagree. If the board cannot grasp tech's role in the success and survivability of the company, I can see the point of not trying to lead those horses to water. As a shareholder, I might want thirstier horses in the stable.
Director Certifications in Education4 years ago
What I have seen in the past, broker dealers (Financial Org) the board required semiannual presentation from the CIO roadmap progress. The were also very interested in incidents, specifically, cyber attacks and trends of these attacks. Today I suspect they wanted quarterly or more frequent updates. One major breach can cost the company a lot of money, reputational damage, intellectual property loss, affect their competitive advantage and worst case scenario put them out of business.
Sr. Director, Head of Global Omnichannel Capabilities Delivery Center in Manufacturing4 years ago
annually is probably enoughDirector of Information Security in Energy and Utilities4 years ago
At least quarterly would a good benchmark to follow. Less frequently than that would result in a disconnect between technology operations and business oversight folks.Chief Security Officer in Software4 years ago
It depends on how engaged the board is, but I recommend quarterly to keep them up to date on major issues or status updates that significantly move the w on risk for the business. This can be a good way to get support for activities outside of the normal c-suite.