Premium
What is the role of the board‐level technology committee?
Author(s) -
Harrast Steven A.,
Swaney Amy M.
Publication year - 2019
Publication title -
journal of corporate accounting and finance
Language(s) - English
Resource type - Journals
eISSN - 1097-0053
pISSN - 1044-8136
DOI - 10.1002/jcaf.22414
Subject(s) - enterprise risk management , business , risk management , it risk , stakeholder , operational risk , accounting , operational risk management , control (management) , finance , operations management , marketing , management , economics
Abstract The board‐level technology committee (TC) could play a significant role in enterprise risk management. Unfortunately, only about 10 % of public companies have chartered such a committee. There is evidence that the TC mitigates the negative market reaction to data breaches (Higgs et al. 2016), suggesting that investors expect TCs to control operational IT risk—the risk associated with technology that facilitates the company's core operations, including external risk such as data breaches. Based on a review of 50 existing TC charters, we find that TCs today focus instead mainly on strategic risk—the risk associated with strategic product technology development—with under half of TCs including operational risk management in their charters. We see this as a potential disconnect between stakeholder expectations of risk management and company delivery on that expectation.