I am assisting the NACD by gathering potential readings for issue identification, etc., from my library and online, and specifically seeing things from a governance and board perspective.
Here is a listing:
July 21, 2013, updated July 29, 2013
Richard Leblanc
Associate Professor, Law, Governance & Ethics, York University
Prof Dr Richard W Leblanc
York University
4700 Keele Street
Toronto, CANADA M6S 1P3
Webpage: http://www.yorku.ca/rleblanc
Dr. Leblanc prepared this list of readings and potential issues/trends below, on IT related topics
Board’s role in Social Media “listening”
Lead or be left behind: A chairman’s perspective on social media
What Do Corporate Directors and Senior Managers Know about Social Media?
http://www.gsb.stanford.edu/sites/default/files/documents/TCB_DN-V4N20-12.Social_Media.pdf
50 Top Tools for Social Media Monitoring, Analytics, and Management
http://socialmediatoday.com/node/1458746
Social Media and the Board: Why #Hashtags Matter to Directors
Seven Steps for Board Success in the Facebook Age
http://knowledge.wharton.upenn.edu/article.cfm?articleid=2940
Cameras May Open Up the Board Room to Hackers
Nonprofit Boards and the iPad: a Good Fit?
http://nonprofit.about.com/od/boardquestions/a/Nonprofit-Boards-And-The-Ipad-A-Good-Fit.htm
Potential Issues/Trends
- Lack of direct digital media management experience for some/many directors, even incumbent CEOs / SMT (senior management team);
- Psychological / comfort issues as well, but this is changing as boards are going paperless (tablets, portals, etc.) and there is pressure on laggarts;
- Concerns with Reg FD and equal treatment of investors: directors more comfortable listening;
- Directors are listening and reading, and this should not be misunderstood for lack of appreciation or passivity: there is high awareness among good boards and directors, which usage statistics above may not reflect;
Social Media and Reputational Risk
Reputation Risk: A Corporate Governance Perspective
http://processunity.com/cms/wp-content/uploads/2012/05/Reputation-Risk-Conference-Board.pdf
Director: Reputations at Risk
http://www.director.co.uk/magazine/2010/6_June/social_media_63_10.html
Ten Keys to Manage Reputation Risk
Virtual world, real risks: When social media becomes a liability
http://www.grant-thornton.co.uk/PageFiles/3572/Virtual%20World_Real%20Risk.pdf
Reputational Risks & The Role Of Social Media
http://www.youtube.com/watch?v=qoTtmRgDThs
Social Media Said to Present Significant Reputational Risks
Three Steps Towards Managing Reputational Risk
http://deloitte.wsj.com/riskandcompliance/2013/04/25/three-steps-toward-managing-reputational-risk/
The Board, Social Media and Liabilities
http://www.mediabadger.com/2012/12/the-board-social-media-and-liabilities/
Reputation risk management on the rise
http://www.camagazine.com/reputationrisk/
Social media reputation damage high on risk managers’ list of concerns
http://www.ferma.eu/2011/10/social-media-reputation-damage-high-on-risk-managers-list-of-concerns/
The Risks of Social Media: Self-Inflicted Reputation Damage
http://www.riskmanagementmonitor.com/the-risks-of-social-media-self-inflicted-reputation-damage/
Potential Issues/Trends
- Speed, inter-connectedness and unpredictability of transmission;
- Personal vs executive vs corporate reputations now merging;
- Design and implementation of internal controls, balanced with communication and opportunity;
- SM was junior position at outset, but now best practice is senior management oversight or member ownership;
- Crisis planning involves digital stress testing and response plans in advance; mock runs also;
- Reputation online background checks for directors, management, employees now; good firms will do regular reviews of current members;
- Online analytics part of information flow to good SMTs and boards;
Integrating Social Media into overall strategy/questions the board should be asking management
Why boards need to adopt social media
http://blogs.reuters.com/lucy-marcus/2012/03/22/why-boards-need-to-adopt-social-media/
What Directors Think About Social Media
https://www.boardmember.com/MagazineArticle_Details.aspx?id=9128
Boards remain uneasy about social media, says women’s directors group
Directors and IT: What works best?™
Social Media – questions for directors to ask
20 Questions Directors Should Ask about Information Technology Security
http://www.cica.ca/focus-on-practice-areas/information-technology/publications/item46763.pdf
SOCIAL MEDIA: What Boards Need to Know
http://www.weil.com/files/upload/May2012_Opinion.pdf
Elevating technology on the boardroom agenda
http://www.mckinsey.com/insights/business_technology/elevating_technology_on_the_boardroom_agenda
10 Questions You Should Ask Your Social Media Expert, Guru or Wizard
http://www.socmedsean.com/10-questions-you-should-ask-your-social-media-expert-guru-or-wizard/
52 Questions To Ask When Hiring A Social Media Company
http://outspokenmedia.com/social-media/quesitons-hiring-a-social-media-company/
The Key to Social Media Success Within Organizations
http://sloanreview.mit.edu/article/the-key-to-social-media-success-within-organizations/
The Board’s Responsibility for Information Technology Governance
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1947283
MONITORING RISKS BEFORE THEY GO VIRAL:?IS IT TIME FOR THE BOARD TO EMBRACE SOCIAL MEDIA?
http://www.gsb.stanford.edu/sites/default/files/research/documents/CGRP25%20-%20Social%20Media.pdf
Privacy and Boards of Directors:; What You Don’t Know Can Hurt You
http://www.ipc.on.ca/images/Resources/director.pdf
Execs Not Using Social Media At Board Level Strategy
Social Media — The New Business Reality for Board Directors
Too Many Top Executives Aren’t Taking Social Media Seriously
http://www.businessinsider.com/top-executives-dont-take-social-media-seriously-2013-5
Why 1700 CEOs Are Wrong about Social Media
How Kodak Squandered Every Single Digital Opportunity It Had
http://mashable.com/2012/01/20/kodak-digital-missteps/
Potential Issues/Trends
- SM seen in the main as a risk (: defensive, liability), versus being seen opportunistically and strategically;
- CIOs/CTOs may lack broad P&L experience for board membership; this may not change;
- Technology / reputation risk may need board committee oversight, depending on sector and opportunity/threat;
- SM advocates may have self interest (e.g., vendors, service providers): assurance and analytics are immature but evolving;
Big Data/ Analytics
Big data: The next frontier for innovation, competition, and productivity
http://www.mckinsey.com/insights/business_technology/big_data_the_next_frontier_for_innovation
Big data
http://en.wikipedia.org/wiki/Big_data
http://searchbusinessanalytics.techtarget.com/definition/big-data-analytics
Guide to big data analytics tools, trends and best practices
Experts share perspectives and identify best practices for big data analytics projects in this Essential Guide.
Severe Consequences Face Big Data Analytics Without Governance, Experts Say
INFORMATION TECHNOLOGY AND FIRM PROFITABILITY: MECHANISMS AND EMPIRICAL EVIDENCE
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1000732
New research suggests using big data, particularly social media data, can lead to a biased representation of the data based on societal factors.
Potential Issues/Trends
- Big Data is somewhat tangential to my area of expertise, so I will not comment; however; big data / analytics are an important area, with significant capacity and opportunity, and it is correct for this item to be on this list;
Social Media & CRM
Three Out of Four Social Networkers are Logging in on Company Time, Ethics Resource Center Reports
How the Voice of the People Is Driving Corporate Social Responsibility
http://blogs.hbr.org/cs/2013/07/how_the_voice_of_the_people_is.html
Social Media in Corporate Social Responsibility (CSR)
http://blogs.cisco.com/csr/social-media-in-corporate-social-responsibility-csr/
Tying Together Social Media and Corporate Social Responsibility
Mashable: Corporate Social Responsibility
http://mashable.com/category/corporate-social-responsibility/
Why Social Media Is Vital to Corporate Social Responsibility
http://mashable.com/2009/11/06/social-responsibility/
A Guide To Social Media For CSR Professionals
http://www.csrwire.com/blog/posts/721-a-guide-to-social-media-for-csr-professionals
Telus Corporate Social Responsibility Report 2012
Tying Together Social Media and Corporate Social Responsibility
Potential Issues/Trends
- Digital media is the new stakeholder communication platform;
- CSR lacks rigor of reporting that US GAPP / IFRS have; this is changing, but regulators are waiting for maturity; GRI has made good efforts, as have others (e.g., integrated reporting);
- CSR (including Climate change/environmental) may lag because of austerity and jobs concerns since 2008;
- Exemplary companies (see above) are communicating CSR through social media, communicating directly with stakeholders;
- Opportunity to affect messaging and communication: needs to be genuine and two way; listening and acting; stakeholder groups are sophisticated, even activist;
Trends/Emerging Topics
What Do Corporate Directors and Senior Managers Know about Social Media?
Use of board portals and social media
http://www.conference-board.org/retrievefile.cfm?filename=TCB-CoW_V2N11.pdf&type=subsite
2012 CEO, social media & leadership survey
http://www.brandfog.com/CEOSocialMediaSurvey/BRANDfog_2012_CEO_Survey.pdf
Taming Information Technology Risk:
A New Framework for Boards of Directors
http://www.oliverwyman.com/media/OW_EN_GRC_2011_PUBL_Taming_IT_Risk.pdf
IBM CEO Predicts Three Ways Technology Will Transform The Future Of Business
The Next Digital Paradigm
http://www.forbes.com/sites/gregsatell/2013/02/02/the-next-digital-paradigm/?goback=.gmp_4220981
Make Social Media an Organizational Asset – Right Now!
http://www.thecmosite.com/author.asp?section_id=1237&doc_id=246605
THE FUTURE OF DIGITAL [SLIDE DECK]
http://www.businessinsider.com/future-of-digital-slides-2012-11?goback=.gmp_4220981
Ten Technology Trends that Will Change the World in the Next Ten Years
http://www.zawya.com/story/ZAWYA20120212081954/
Technology, Strategy and Shareholder Engagement Driving Corporate Governance
http://www.deloitte.com/view/en_us/us/press/ac998d5e23835310VgnVCM2000001b56f00aRCRD.htm
Potential Issues/Trends
- Rapid change and transformation occurring: a few have said ‘revolution’, e.g., cloud, meta data, digital payment, social platforms, ease of use, direct contact with users;
- Intermediaries in any value chain may need to transform because of technology;
- Board should be in position to predict, press and stretch management if / when SMT is off-course or in denial;
- Some industries/sectors will need to transform or die / be replaced: opportunities here; we are seeing transformation and complacent vs strong boards;
- Boards should not be in denial if SMT (day to day) may be, and see up and out (what is coming) to fullest extent possible;
Cyber
Cyber Risk Management – A Board Level Responsibility:
http://www.bis.gov.uk/assets/biscore/business-sectors/docs/c/12-1119-cyber-risk-management-board-responsibility
10 Steps to Cyber Security – Executive Companion:
http://www.gchq.gov.uk/Press/Pages/10-Steps-to-Cyber-Security.aspx
Cyber risk, Guidance note
https://www.icsaglobal.com/assets/files/Guidance%20notes/gn06-2013cyberrisk.pdf
Cyber security: Considerations for the audit committee
Cyber Security and the UK’s Critical National Infrastructure
http://www.chathamhouse.org/publications/papers/view/178171
Cost of cyber attacks triples in a year
http://www.ft.com/intl/cms/s/0/bb3fcc90-ab4a-11e2-ac71-00144feabdc0.html#axzz2Zcz9iIg1
Cyber threats and security breaches forcing companies to re-evaluate risk management
The Art of Cyber War
http://www.nacdonline.org/Resources/Article.cfm?ItemNumber=6807
U.S. Outgunned in Hacker War
http://online.wsj.com/article/SB10001424052702304177104577307773326180032.html
Cybersecurity and Internet Governance
http://www.cfr.org/cybersecurity/cybersecurity-internet-governance/p30621?goback=.gmp_4220981
Time to get real over cyber security
http://www.cbronline.com/blogs/cbr-rolling-blog/time-to-get-real-over-cyber-security-230212
Cyber crime is now a booming industry
Potential Issues/Trends
- Rogue players beyond domestic enforcement, sanctions (e.g., Al Qaeda, China, Russia, Ukraine, other);
- Lack of full understanding of precise vulnerabilities by some/many directors;
- Under-reporting by companies who have been hacked, and industry specific (e.g., defense, utilities, banking);
- Government action increasing (e.g., NSA): privacy concerns;
- Literature is still very general (some exceptions, e.g., NACD above (The Art of Cyber War), others), suggesting lack of knowledge, immaturity;
- Multi/bi-lateral agreement to enforce within rogue states needed;
- Good industry-specific boards will do (have done) thorough cyber review and strengthen defective controls, with expert input;
- Some boards have IT as a desired board competency, and IT as material business risk;
BYOD- Security
Good Governance Guide: Issues to consider in the use of tablets for accessing board papers
http://www.csaust.com/media/365618/2012_ggg_tablets_boardroom_v2.pdf
10 steps for writing a secure BYOD policy
http://www.zdnet.com/10-steps-for-writing-a-secure-byod-policy-7000006170/
For BYOD Best Practices, Secure Data, Not Devices
http://www.cio.com/article/711258/For_BYOD_Best_Practices_Secure_Data_Not_Devices
Security Think Tank: BYOD – key tenets and best practices
http://www.computerweekly.com/opinion/Security-Think-Tank-BYOD-key-tenets-and-best-practices
Bring Your Own Devices Best Practices Guide – Dell
Learn BYOD policy best practices from templates
http://www.techrepublic.com/blog/it-consultant/learn-byod-policy-best-practices-from-templates/
Best practices to make BYOD simple and secure
A guide to selecting technologies and developing policies for BYOD
http://www.citrix.com/content/dam/citrix/en_us/documents/oth/byod-best-practices.pdf
Dell Outlines The Death Of The PC
Potential Issues/Trends
- Usage may have overtaken internal controls and policies in some companies;
- Demographic and talent issues (e.g. education sector, younger students may: bring only a smartphone to class; not have used pen and paper);
- Theft, loss: purging of data, passwords, signatures, controls to mitigate: policies all progressing, at differential speed;
- Better policies available (see above); Whitehouse example: http://www.whitehouse.gov/digitalgov/bring-your-own-device
- Devices may be opportunities, e.g., over 100K online course registrants in Harvard-MIT course: devices may be (or already are) the main channel of communication to customers, other stakeholders;
Executive Security
Corporate Theft? Build a barrier with access governance
Global Status Report?on the?Governance of Enterprise It (GEIt)—2011
Cobit: An information security survival kit
http://www.pkfavantedge.com/wp-content/uploads/2013/COBIT_Security.pdf
Potential Issues/Trends
- See cyber;
- There should be rigorous controls, and third party validation if possible, e.g., separation of duties, prevention of management over-ride, treatment of passwords, restricted digital areas, separation of development and approval, record retention, etc.;
- Assume IT and executive management self interest: control environment and board oversight/reporting important to deter fraud schemes, internal cyber;
Social Media & Investor Relations
A Virtual Annual Meeting Approach
http://www.directorship.com/adopting-a-virtual-approach-to-the-annual-meeting/
Call to move huge annual reports online
http://www.ft.com/intl/cms/s/0/71dc17ba-19d5-11e0-b921-00144feab49a.html#axzz2Zcz9iIg1
Twitter Speaks, Markets Listen and Fears Rise
Dress rehearsal for disaster shows why Twitter has no place on Wall Street
SEC Says Social Media OK for Company Announcements if Investors Are Alerted http://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171513574#.Uer4KFMpcvQ
New SEC Guidance on Social Media Levels Playing Field for Investors
How to Use Social Media for Regulation FD Compliance
SEC Blesses Social Media Disclosures
The Push and Pull of Social Media for Investor Relations
http://blog.businesswire.com/2013/06/20/the-push-and-pull-of-social-media-for-investor-relations/
The Greatest Social Media for Investor Relations Panel Ever*
Social Media’s Place in Investor Relations
http://thesocialmediamonthly.com/social-medias-place-in-investor-relations/
Social Media for Investor Relations
http://www.slideshare.net/IRSmartt/social-media-for-investor-relations-12976664
Survey finds social media gap between investors, companies
http://irwebreport.com/20130611/iros-vs-investors-social-media/
Crisis investor relations in the age of social media
http://irwebreport.com/20111208/crisis-investor-relations-social-media/
SEC’s social media guidance has devil in details
http://irwebreport.com/20130403/secs-social-media-guidance-has-devil-in-details/
Social Media Strategy for Investor Relations
http://www.brandchannel.com/images/papers/530_ccg_wp_social_media_strategy_ir_0911.pdf
Potential Issues/Trends
- SEC permits investor contact using SM: significant;
- Accuracy and fair disclosure concerns by companies and investors;
- Regulators are reviewing proxy plumbing (shareholders) and will inevitably address SM, perhaps even (eventually) digital investor voting, fora, collaboration, communication using digital platform [think of a LI or FB group within a company investor section of a website];
- Investor relations will use (are using) SM, including digital communication, hybrid annual meetings, Q and A, outreach, etc.: this will mature and eventually be regulated to provide structure, expectations;
- Paper, in person meetings, email, even voting may/will be replaced with digital (text, visual, audio – multi media): the changes are starting;
Other:
Director skills
Recruiting the Digital Director
http://www.spencerstuart.com/research/bg/1535/
Wanted: More Directors With Digital Savvy
CIOs Say Corporate Directors Are Clueless About IT
Risk and IT intersection
Observations on Developments in Risk Appetite Frameworks and IT Infrastructure
http://www.newyorkfed.org/newsevents/news/banking/2010/an101223.pdf
Recruiting a Nonprofit Digital Board Director: Limitations & Alternatives
Nonprofit Board Responsibility Social Media – What Needs To Be Done? Revised & Updated
Management suite:
Digital diaspora in the enterprise: Arrival of the CDO and CCO
http://www.zdnet.com/digital-diaspora-in-the-enterprise-arrival-of-the-cdo-and-cco-7000016193/
CIOs Can Strengthen Your Board of Directors
KPMG brochure:
Risk management in an evolving world
Making the case for social media governance
http://www.kpmg.com/US/en/IssuesAndInsights/ArticlesPublications/Documents/social-media-brochure.pdf
Posted by Richard Leblanc on Jul 29, 2013 at 8:21 pm in IT Governance |