I can promise you that we’ve all been there. The thousand-yard stare, glazed-over eyes, and certain- yet very much uncertain- nodding of heads that indicate the flatline of attention spans in real-time. A highly technical IT presentation given to a Board of Directors is known to have such an effect, but it doesn’t have to be that way.


Your board is made up of intelligent and competent professionals, so it isn’t a matter of if they can understand IT but instead how they can understand the material presented to them. We have a list of some actions your board can take to understand and oversee IT risk more effectively:


1.      Form a board IT risk sub-committee

Your board may already have sub-committees for areas like finance or advancement, so building one to report more frequently on IT risk management is a simple step you can take to enhance oversight, convey company prioritization, and build a bridge between high level “board speak” to actionable initiatives for your company’s IT professionals.

2.      Require IT expertise on your board

If you form an IT risk sub-committee, you’ll need a reporting member to attend board meetings and present updates. This person plays the essential role of envoy to translate findings for other board members and take ownership of this strategic area while offering strategic opinions on other key business areas.

3.       Create expectations for notification

Define what events require significant coverage at the board level, from IT infrastructure or project investments to serious risk events like data breaches or system outages. Creating expectations regarding what requires extensive reporting saves both board and employee time. 

4.      Perform both internal and external audits

An audit committee provides internal controls by providing independent assessments of, among other things, risk and department capability. This provides an opportunity to assess potential risk areas, but also to support department needs by suggesting opportunities for development. An independent, third-party audit can expand upon an internal audit as well as delve into more technical areas to provide assessment results.


Companies find success in conveying matters of IT risk by taking measures to provide the right voices to lead the charge all the way to the board level. By investing in professionals that can take what your technical experts are saying and present actionable steps to the board, you have taken a big step to bridging the gap between IT and those guiding the vision for your company.