What Is Digital Transformation?

Information, communication, and operational technologies and applications are commonly referred to as digital technologies. Increasingly, digitized ways of engaging and transacting are the accepted and expected way of doing business and transacting.

Digital transformation is the significant modification of how an organization manages business. This includes changing a wide range of organizational activities, processes, competencies, and models to fully leverage the innovation and opportunities offered by a mix of digital technologies and applications. The impact of emerging technologies together with the ways of gathering and analyzing information is driving the need for transformation. This is occurring universally across business, government, and nonprofit organizations, and society as a whole.

George Westerman, principal research scientist with MIT Sloan and a digital transformation thought-leader, describes digital transformation being evident when companies use technology to radically change the performance or reach of the enterprise. According to Westerman, companies are driven by disruption in two areas.

First, disruption is driven by existing competitors. Here, changes in competitive positioning are evident in improved margin and through cutting operating costs. These competitors enter new markets or open up new channels afforded by radically changing how the firm uses information and technology.

Second, disruption occurs through the rise of new competitors. This has happened across nearly all industry sectors. Here, newcomers gain advantage through system, product, and service innovation to win new customers and create new markets.

There's no getting away from the fact that technology is transforming how we work, live, play, and interact as whole countries, counties, cities, towns, organizations, groups, and individuals. And it's happening faster than many can conceive or cope with.

The Need for Speed Is Being Driven by Your Customers and Stakeholders

Alongside the disruptive impact of emerging technologies on companies, another key aspect of digital transformation is the rapid rise of tech-savvy customers and stakeholders, including shareholders.

Digitization is occurring across large and small organizations in the public, not-for-profit, and private sectors. Further, cloud computing and mobile has facilitated the extraordinary and disruptive rise of big data analytics, tablets, smartphones, and social marketing. Industry commentators and researchers alike predict that this nexus of forces will continue to revolutionize the manner in which enterprises of all types and sizes around the world conduct business.

With digital disruption and access to unprecedented amounts of know-how, customer and stakeholder expectations and even technical knowledge often exceeds what firms are able to deliver. Further, how firms organize people and systems to meet increasing customer demands is changing. The boundaries between office and work, customer and stakeholder are morphing, merging, and converging very rapidly.

Figure 19.1 illustrates how cloud, mobile, social, and big data technologies have come together to create information and technology-enabled opportunities and risks. This combination of technology has facilitated the rapid development and implementation of a dizzying array of technologies and applications. The pervasive and disruptive nature of these technologies has precipitated the largest change in the way people live since the industrial revolution. The effects are global and affect all industries in a range of ways, no exceptions.

Figure 19.1 illustrates a combination of the affordances of technology and customer power, globalization, and the use of information and technology for competitive advantage. This dynamic combination of influences is pervasive, disruptive, and impacting at breakneck speed.

The need for digital transformation is about remaining relevant in this environment. It requires a fundamental rethink about how boards and executives analyze risk and opportunity, and how they strategize, monitor, and govern information and technology in organizations. These are the three areas of ETG competency we discuss later in the chapter.

Never before have boards and senior executives needed to understand what ETG is. And this means new understanding of ETG and new or expanded individual governance capabilities.

What Is Enterprise Technology Governance?

Enterprise Technology Governance provides the means by which the board and senior executives fulfill their duty-of-care responsibilities when making business and Information and Technology² (IT) decisions. ETG includes the alignment and oversight of enterprise IT with the organization's business strategy, structure, systems, policies, and governance processes. Good practice ETG leads and facilitates a culture of data-driven decision-making and seeks to minimize IT risk throughout the enterprise. ETG creates value by optimizing stakeholder engagement and strategic investments, and in deriving returns from new and old sources (updated from Valentine, 2016.)

This definition centers on clarifying the specific enterprise-wide roles and accountabilities of directors in governing information and technology. The board directors and senior executives have both individual and collective duty-of-care responsibilities to govern both information and technology assets. However, the definition also includes the aspirational leadership nature of the board's role in building a data-driven, tech opportunity, risk-aware culture, and directing strategy and value creation from investments. In other words, IT competent boards can build stronger organizational capabilities through digital transformation.

Steven De Haes and Wim Van Grembergen (2015) have long asserted that ETG and corporate governance have converged to become one and the same, suggesting that IT governance is an integral part of corporate governance exercised by the board. The board oversees the design and implementation of processes, structures, and relational mechanisms in the organization so that both business and IT people execute their responsibilities in support of business/IT alignment and the creation of business value from IT-enabled business investments.

The key is how IT governance can be deployed as part of overall governance using processes, structures, and relational mechanisms—common, well understood mechanisms—that are already in place, but from an integrated and digital worldview.

ETG structures can be seen as a blueprint of how the governance framework will be organized. ETG structures include organizational units and stakeholders as users. Structures are also the mechanism for assigning roles and responsibilities and provide the framework for formal communication channels. So, structures should also define and delineate governance and operational roles to connect board responsibility with operational responsibility for identifying and appropriately escalating IT risk. In this way, structure facilitates a “rapid-risk-response” (Valentine, 2016) approach to cybersecurity, for example. Governance structure needs to also support IT decision-making and to facilitate contacts between business and IT management and the board when decision-making and governance oversight are required (e.g., IT steering committees or cross-functional IT project teams).

ETG processes refer to the formalization and institutionalization of strategic IT decision-making and IT monitoring procedures. ETG processes can be as simple as project management processes or a formal part of business process. How work is planned, conducted, monitored, and reported through process ensures that daily behaviors are consistent with policies as well as strategic goals. Processes are integral to reporting and provide input back to decisions (e.g., portfolio management). As we discuss later, ETG processes can be traditional (such as management by objectives/waterfall methods) or more agile.

Finally, ETG relational mechanisms are about the active participation and collaborative relationships required to compete and prosper. They are people-oriented, existing among corporate executives, IT management and service suppliers, business management, and key stakeholders. Relational mechanisms can include committees, project assignments, stand-ups, announcements, advocates, channels, and education efforts.

They can also include human-centered design approaches such as collaborative design or codesign, which involves a range of stakeholders including customers. Some examples of structures, processes, and relational mechanisms are provided in Figure 19.2.

Structures and processes are the formal design and communication channels that support a firm's work, whereas relational mechanisms are often informal and less structured. However, relationship-based engagement with internal and external stakeholders can make or break a project at all stages; same with client and supplier relationships. Relational mechanisms are determined by culture and the often taken-for-granted practices which influence how people interact to fulfill their roles. This happens at all levels including within boards, executive, and management teams.

The challenge in building skills during digital transformation is in developing change and relational capability at all levels, including the board. It's not enough to invest in digital transformation from a technology perspective. Change capability will determine whether investment pays a return and transformation is realized. Here it can be useful to consider structural, process and relational impacts as a checklist for change planning. In particular the chief executive and board must pay attention to whether poor supplier performance or project slippage is being accurately reported through operating and project reports.

While these simple steps might not sound so different, what has changed is the operating context. In a significantly changing digital world, we suggest that it's foolhardy for a board to state that they don't have a role in governing information and technology strategy, structures, policy, processes, risks, stakeholders, and investment. Change means building new skills and capabilities.

Disruptors Are Innovative and Agile; They Can Come from Unexpected Places

So far we have introduced a complex digital world that boards must comprehend to be capable of making quality judgments as directors. There is a strong and growing link between change leadership, technology investments, and increased competitiveness. As a result of digital technologies, any company's unique business processes and business models can now be multiplied with much higher fidelity across the organization, by embedding them in enterprise IT. This is a significant competitive risk in less capable hands. It is an opportunity in a tech-savvy board's hands. Innovators with a better way of doing things can scale up with unprecedented speed and dominate an industry (McAfee & Brynjolfsson, 2008).

The bottom line is, when it comes to disruptors such as Uber and Amazon, competition is already coming from new, aggressive sources. The strategic assimilation of a wide range of digital technologies is accelerating worldwide, including from third-world countries. Here, technologies are enabling whole cities, sometimes countries once considered backward, to leapfrog over their first-world counterparts.

These disruptors are lean and agile. They simply bypass unsustainable models of doing business and legacy infrastructure development that older, developed countries have already passed through. A digital start-up can literally plug into the developed world's global web and cloud infrastructure, often at significantly lower cost. There are examples of cities such as Bangalore, Mumbai, Dhaka, Shanghai, and Lagos rising directly from rural, agrarian economies to become the futuristic, sustainable, knowledge-driven city-states they are today.

Traditional Versus “Agile” Governance

While agile has become a bit of a buzzword, it's also a useful description of the type of rapid, flexible, customer-centered governance required at board level in a digital world.

The challenge is to meet both regulatory requirements for good governance practice while at the same time having the capability to make decisions and proceed, at pace, when required. We define agile governance as:

Agile Information and Technology Governance utilizes structures, processes and relational, user-centered design to define user needs and implement information and technology infrastructure to support strategic business achievement. Non-IT business units and technical specialists are involved in co-designing and implementing information and technology for competitive advantage and business effectiveness. The approach is applied at all levels, with the board providing oversight. The focus and methods are part of the culture: they're user-centered, utilize the principles of the Agile Manifesto and facilitate rapid risk response.

Based on Luna et al. (2010), Table 19.1 compares the focus, language, relationships, and predominant pace of the different approaches: IT management, traditional governance, operational IT governance, agile methods, and agile IT governance.

Is it a matter of traditional versus agile? We suggest not. Table 19.1 introduces the interrelationships between these areas of practice. The table highlights the general characteristics of a range of methods. However, as a developing approach, we suggest using agile principles, values, and best practices alongside more traditional methods (Valentine, 2016). This is more likely to ensure good practice processes for planning and reporting are supported by user-centered and collaborative design and agile approaches to construct a fit-for-purpose information and technology Agile Governance method that works for your organization.

However, whatever approach is used, a fresh approach is required to board governance competencies. This fresh approach should underpin planning and decision quality in a digital world. The future success of digital transformations may rest on how well firms learn to lead, govern, and use the information and technologies which have infiltrated, amplified, distracted, enriched, and complicated our lives.

How Bad Is the Board ETG Capability Problem?

Corporate governance is the overall rigorous supervision of management that ensures the work of the organization is done competently, with integrity, and with due regard for the interests of all stakeholders (Norfolk, 2011). It is easy to assume that this definition encompasses board ETG capability. Any such assumption, however, is flawed. Directors must improve their ETG capability.

A majority of boards and senior executives know that technology is critical to their enterprises. However, only a small number of boards worldwide have made the transition from an almost mono-focus on finance and legal capability as a proxy for corporate governance, to incorporating digital leadership into the new mix of the board's structure and capability profile (Valentine, 2016). In failing to understand their information and technology governance leadership roles and the need for capable oversight, many boards continue to fly blind (Carter & Lorsch, 2004), and so risk is increased.

A Skill Shortage at the Top

The problem is that there is a skill shortage at the top. Your organization does not need to be a multinational for capable ETG to be a requirement in your board and senior leader team. And, you're not alone. Right around the world, directors vary significantly in their personal competency and collective capability to provide effective information and technology governance oversight and digital leadership.

Strong IT knowledge, skills, and experience, that is, competency and capability within the board and management, increases opportunities and can improve bottom-line results. On the flipside, lack of capability can significantly increase risk across six areas. More on this in the next section.

Two landmark court cases illustrate the significance of the requirement for board ETG capability. In 2014, the entire board and senior executive of both Target US and Wyndham World Wide were sued for breach of duty of care (United States District Court, 2014a, 2014b) after cyberattacks. We suggest that even though both cases were eventually dismissed, a lack of ETG capabilities at the top can have very serious consequences on firm reputation. But, barriers remain to build ETG capability at the board level.

The reluctance of boards to include IT governance competencies in the boardroom might be because of confusion on the term “IT governance” (Valentine & Stewart, 2013). Many board members do not perceive IT governance as a topic that the board should take care about, but rather a topic associated with the IT department (Butler & Butler, 2010; Steven De Haes & Wim Van Grembergen, 2015; Parent & Reich, 2009). However, the board's role in providing governance oversight of IT matters differs significantly from that of IT management. That is, the board should consider IT from a perspective of strategy, risk, and control rather than from a technical and operational point of view. Accordingly, board members' IT expertise or experience does not have to be of an extremely technical nature, but should entail strategic, integrative, and aligning aspects.

Case Study: How Agfa-Gevaert Increased Their Board IT Governance Capability³

Contrary to many organizations, the level of IT expertise is quite high at the board of Agfa-Gevaert. However, this does not mean that every board member holds a technical diploma or a CIO position in another firm. There are two ways in which Agfa's board members have built their IT expertise.

First, there are two board members with an IT-related education and professional background. One holds a master of sciences in electronic engineering and computer sciences. On top of that, he founded an organization that provides software in the field of online banking and regulatory financial reporting. He is also the chairman and CEO of another e-finance company. As such, he has deep and broad IT knowledge. Another board member graduated as an engineer specializing in electro-technology and mechanics with a PhD degree in electronics. In the past, he had served as the chairman of a technology advisory group for the European Commission. He is also a member of the executive board, COO, and advisor to the chairman of the board of directors of a global telecommunication company.

Second, several members of the Agfa-Gevaert board have gained a certain level of IT expertise, experientially. Their expertise is not because of their educational background but because they were involved in large IT projects or active in an industry that is highly dependent on IT.

A good example is the CEO of Agfa-Gevaert. He worked in a global telecommunications company from 1978 until he joined Agfa-Gevaert in 2008. Here he was also involved in a merger, which required him to dig deep into the processes and IT systems of both organizations. One other board member worked in this telecommunication company as well. In addition, another board member was CEO of a large banking and insurance company, a sector where IT is crucial. Hence, as the telecommunications and banking industries rely heavily on IT, these directors became familiar with IT-related decision-making.

Another board member who joined the board of Agfa-Gevaert in 2015 acquired IT experience in a different manner. From 2004 until 2010 she was a member of the European Commission with responsibility for information society and media. During that time, she was involved in different IT-related projects. One of these projects was the launch of the i2010-initiative, which entailed a five-year strategy to boost the ICT competitiveness of Europe. She also initiated the “eGovernment action plan” to stimulate the digitalization of public administrations. This is exactly the kind of IT-related strategic experience and exposure to IT decision-making a board needs. Table 19.2 summarizes the two types of professional development in IT governance that has created a well-rounded ETG competency profile within the Agfa-Gevaert board.

In conclusion, six of the seven members of the board of Agfa-Gevaert have IT expertise either building through a technical or a business focus. This high level of IT expertise is an enabler of board-level IT governance at this organization. Whenever an IT topic is raised during a board meeting, there is a certain level of understanding among the board members.

The example of Agfa-Gevaert shows us that to increase the level of IT expertise in the boardroom, one does not only have to rely on directors with an IT-related educational background. Directors used to IT-related decision-making and control from a business perspective are strong contributors in reducing IT risk, spotting new IT-related opportunities, and in general help make the board more IT savvy.

Benefits of Boards Building Information and Technology Leadership Capability

Having “tech-savvy” directors and senior executives can result in significant financial and competitive advantages. Turel and Bart (2014) concluded that, “High levels of board-level IT governance, regardless of the strong need of reliable or innovative IT, increased organizational performance.” However, Fitzgerald, Kruschwitz, Bonnet, and Welch (2014) found that only 15 percent⁴ of the organizations studied demonstrated information and technology maturity. These firms demonstrated IT maturity by providing competent and comprehensive IT investment leadership, and IT change and transformation leadership. And these mature firms consistently outperformed their peers financially by 9 percent, were up to 26 percent more profitable, and enjoyed up to a 12 percent greater market valuation. At the level of the enterprise, current and future value creation through digital transformation was driven from the top. These results occurred across all industry sectors, without exception.

The above-mentioned study included the board and executive as a key success factor, suggesting that they provide a clear and transformative vision of a digital future together with careful governance and multi-stakeholder engagement. Moreover, the board and executive understood how to make prioritized investment in new digital opportunities, at the same time ensuring a secure and up-to-date infrastructure. Through this combination of visionary change leadership, focused investment, and wide engagement the board and executives developed a digital culture that helped the organizations embrace and leverage rapid technological change. By competently observing, strategizing, investing, and carefully coordinating digital initiatives, such firms continuously advance their digital competitive advantage (Westerman, Bonnet, & McAfee, 2015).

However, failure to build strategy-matching competencies in boards (Leblanc & Gillies, 2005), which include ETG, can have serious consequences. Lack of capability can lead to increased technology and business risk, missed strategic opportunities, or a failure to integrate and leverage digital investments. Ultimately, such incompetence can lead to value destruction. At this end of the spectrum, those that do not build capability risk being sued or going out of business. Unfortunately, examples of these winner/loser extremes are increasing.

Winners and Losers

In this rapidly changing and increasingly uncertain digital world, organizations, large and small, private and public, face new opportunities and risks. Amazon, Apple, Google, Spotify, FaceBook, Expedia, AirBnB (USA), Huawei (China) Uber, Burberry, and Tesco (UK) have seized the digital leadership space. Many have developed disruptive approaches, such as Apple's development of the App Store. Others such as Uber have deployed apps and social media in innovative ways to disrupt their industry sector.

Technology and digitization is disrupting once very stable industries and creating whole new business models (think Uber⁵ and Airbnb⁶). For example, solar energy generation and the Powerwall from Tesla Motors are significantly and rapidly disrupting current models of domestic and commercial electricity generation and transmission. Disruption in the clean energy sector is occurring along with the rise of “prosumers”—those customers who both consume and generate (Rathnayaka, Potdar, & Ou, 2012). In some sectors such as engineering and manufacturing, cycle times are significantly shortening, and new, competitive products are being developed, often at a fraction of the original cost (think digital printing in everything from whole houses to limb prosthetics).

Other organizations have not fared as well. Once considered technology leaders, an increasing list has either gone out of business or have lost significant market value because they failed to keep up with some aspect of technology opportunity or risk, or both. These companies include Kodak, EMI, Nortel, Barnes & Noble, HMV, KMart, Sony, Sears, Target (USA), and AOL. “In most instances, these firms made no massive or sudden blunders and they are often still in the textbook Hall of Fame even as their erosion had become marked and even irreparable” (Keen & Williams, 2013, p. 643). Such outcomes, or even poor or reduced capability in the oversight of digitally intense change, call into question the role of the board of directors, their corporate governance, and specific competency in governing enterprise technology. In the review of most high-profile IT project failures, there is a common question: Where was the board?

The significance of the change in board ETG capability required is graphically illustrated by a tipping point reached in 2014 involving cybersecurity breaches. Two landmark court actions were filed in the United States of America. In both cases, entire boards of directors as well as individual senior executives of Target USA and Wyndham Worldwide Corporation were charged with breach of fiduciary care (United States District Court, 2014a, 2014b).

The Case of Target USA, December 2013

In March 2014 Bloomberg Business Week reported a serious cybersecurity breach, reporting that Target USA's board and management effectively stood by as more than 40 million credit card numbers and 70 million addresses, phone numbers, and other pieces of personal information “gushed out of its mainframes.” Gregg Steinhafel, Target's chairman, president, and chief executive officer, was a 30+-year employee. Three alerts were sent to Target several weeks before the cyberattack and were ignored. This occurred despite the company having six months earlier installed a $1.6 million malware detection tool also used by the CIA and the Pentagon.

In January 2014, a Target shareholder filed a “verified shareholder derivative complaint” with the Minnesota District Court. Target Corporation's board and key management were sued for breach of fiduciary duty and waste of corporate assets (United States District Court, 2014a). By March 2014 Target had already faced more than 90 lawsuits filed by customers and banks for negligence and compensatory damages. That was on top of other costs estimated to run into the billions. For example, Target spent $61 million during February 2014 responding to the breach while holiday shopping period profits fell 46 percent from the same quarter in 2013, with the number of transactions suffering the biggest decline since the retailer began reporting these statistics in 2008. The case for breach of fiduciary duty was ultimately dismissed in 2016 after a 21-month investigation. Target's 10-Q report reported $291 million of cumulative expenses related to the case for the period to April 2016.⁷ While this level of expense is high, it should be noted that this figure does not include indirect costs such as loss of income and reputation.

To summarize so far: Boards and senior executives know technology is essential to the future of their organizations. However, too few have stepped up to competently lead and govern the digital transformation required to remain relevant and competitive going forward. While technology is rapidly becoming one of the largest areas of corporate expenditure, boards are continuing to delegate or ignore their role in technology governance. To put this lack of oversight in perspective, it would be unthinkable for a board to treat financial or legal matters with the same lack of competent oversight. The consequences of this approach are emerging as significant and severe.

At the other end of the spectrum, those organizations that build enterprise information and technology governance competency and capability, and demonstrate digital leadership are more likely to thrive and survive going forward. What can boards do to govern competently in an area they appear to know so little about? The rest of this chapter provides ideas and suggestions, starting with seven areas of IT risk.

Rapid Risk Response Is an Emerging Form of Agile Governance

Because any of the seven areas of IT risk can strike with lightning speed, traditional corporate governance approaches may need to be checked for responsiveness. The predominant board practice for overseeing risk is through board papers, board committees, and monthly meetings. This “governance by exception” approach may simply be too slow when it comes to ETG (Valentine, 2016). The solution is quite simple. The board must make sure that a more flexible set of responsibilities and processes are put in place and operate to bridge any rapid response barriers between the board and management. These must operate in parallel with current board reporting.

Had such a rapid IT risk response system been in place at Target USA, for example, the risk of prosecution would likely have been reduced. Boards that understand their risk profiles and put in more effective mechanisms—responsive structures, processes, and emergency response communications, for example—are significantly better placed to govern appropriately. An additional approach can be to improve IT governance reporting to the market and investors.

IT governance research (Joshi, Bollen, & Hassink, 2013) advocates the importance of technology governance communications to external stakeholders of the firm. Such research predicts that firms can improve their liquidity and firm valuation through better information disclosure.

Firms can also enhance their market reputation and reduce litigation costs and the cost of capital because of IT governance disclosure. Building on the association between potential economic benefits and voluntary disclosure, Bünten, Joshi, De Haes, and Van Grembergen (2014), and Joshi, Bollen, Hassink, De Haes, and Van Grembergen (2018), demonstrate that a higher maturity of IT governance activities enables boards to create a better IT information environment and dissemination capability. As shown in Figure 19.3, to assess the level of technology governance disclosure, an IT Governance Disclosure Framework was developed by Joshi et al. (2013).

This framework consists of 39 disclosure items across four broad technology governance domains: IT strategic alignment (ITSA), IT value delivery (ITVD), IT risk management (ITRM), and IT performance management (ITPM). ITSA is concerned with the linkage of strategy, architecture, and processes on the IT and business side, whereas ITVD is related to providing quality IT products and services on time and within budget. ITRM investigates various IT risks such as operational, business continuity, and security risk while ITPM focuses on IT expenses and budgets. Each domain contains several items, indicating the existence of ITG-related features within that domain.

In one study, the 2012 annual reports of Belgian and Dutch listed companies were analyzed (Caluwe, 2014) against the Joshi ITG disclosure framework. The results show that the category which is reported most frequently is IT risk management. An explanation can be provided by the Belgian and Dutch corporate governance codes, which state that organizations need to report on systems for risk and internal control. Since IT keeps growing in importance in today's organizations, IT risk is often included. However, annual reports included very little on IT strategic alignment or how the board is engaged and their capability to oversee the other matters highlighted in the framework.

In the second of the two 2014 U.S. Investor Derivative Complaints of breach of fiduciary care, the Wyndham Worldwide Corporation suit was eventually dismissed after the court heard evidence of security strategies the organization had put in place. The company had taken significant steps to act on security feedback received from an earlier cyberattack.

Similarly, among many considerations in the Target USA case were: a lack of IT governance disclosure; disconnected ETG and operational IT governance and security initiatives, including no rapid risk response systems or processes; the absence of timely stakeholder communications; and a lack of ETG accountability and competency within the board and senior executives.

Take the First Steps Toward Digital Transformation

Start the digital transformation process by hiring a skilled consultant to conduct a digital maturity audit. This will help your organization understand the focus and effectiveness of previous investments, and your organization's IT change capability.

Conduct an audit of current board ETG capability using the three competencies in Table 19.5. This will help identify whether you build capability through director professional development or recruit the necessary talent.

Evaluate the Digital Capability of Your Executive Team

Your chief executive's digital capability is critical. If he or she is not tech-savvy, critical information could be filtered out of board papers. Such filtering can impact investment priority, risk responses, or value-creation opportunities. Equally, because technology impacts all parts of operations, the currency of all executives' technology knowledge should be checked and professional development needs critically reviewed.

Review the current chief information officer (CIO) or chief technology officer (CTO) position in the organization structure. Are enterprise information and technology still considered an operational cost rather than a strategic asset by the board or executives? Does the CIO or CTO report directly to the chief executive? Is she or he capable of functioning across the business as a strategic business partner? Does the CIO/CTO engage with and brief the board on a regular basis?

Establish a Digital Vision for the Organization

Beyond alignment, technology and its governance have become integral to organizational strategy and its governance. A digital vision is not some pie-in-the-sky exercise. This is where your organizational strategy and digital future come together and stay together as one.

Use the above results to craft a flexible but an actionable, measurable vision achievement plan in place that forms the basis of your organization's board reporting.

Review Board Governance Structures and Processes

Check that board governance structures and processes will support the vision and plan and are appropriate to a digital business. Incorporate digital effectiveness measures into your performance reporting scorecard.

Review the structure and membership of board committees. Consider establishing a technology advisory or governance committee to focus on digital opportunities and risks.

Consider Your Board's Agility

Make sure rapid IT risk alerts and response systems and procedures are in place outside of normal board reporting. Know what actionable insights are required at each level of accountability, including the board; who is responsible; and what circumstances trigger the escalation of alerts. Make sure your board has an emergency communication plan that includes monitoring of social media networks. These types of actions ensure emergency responses will help meet technology-related duty-of-care responsibilities.