Boards of directors don"t know enough about IT and don"t take enough interest in it.

That"s the upshot of a talk given by Victoria University information systems professor Sid Huff at the 2004 IT Governance International Conference in Auckland, New Zealand, last week.

Huff presented the findings of a study of the level of IT awareness on boards at 17 Canadian companies, which he and colleagues conducted while he was working at the University of Calgary recently.

In his presentation, tilted "The IT Attention Deficit," Huff noted that companies are now operating in an environment where there is much emphasis on corporate governance and great reliance on IT.

However, the results of the survey suggest that at board level, IT isn"t being given the emphasis it deserves in the Canadian companies and Huff says that in New Zealand, where he plans to do further research, the situation is likely to be similar, though the fact that more New Zealand boards contain executives from the same company may reveal our boards are more IT-savvy.

The companies studied were in the primary industry and financial services sectors and the study consisted of interviews with board chairs, CIOs and others.

Questions were asked such as whether the board is informed regarding the company"s IT vision and its alignment with the corporate vision, to which most board chairs said no.

An overwhelmingly negative response was also received when board chairs were asked whether the board had discussed the IS strategic plan and its alignment with corporate strategic plans.

When it comes to hiring IT staff, even the CIO, most boards didn"t get involved and when IT issues did come up at board level, it was usually under the auspices of the board"s audit committee, not regular board meetings.

Most boards had never discussed how IT could boost their company"s competitive advantage and when such talks had taken place, it was related to a major buy, such as an ERP system.

Most board chairs interviewed said little or no oversight of large IT projects took place at board level.

Three overriding impressions came out of the board chair interviews, Huff says.

"Boards spend almost no time directly considering IT-related issues, and to the limited extent IT issues are discussed, these usually occur within board committees."

The final impression was that "board members view IT issues as too technical."

When CIOs were interviewed, most agreed boards didn"t take a lot of interest in IT and while that could be seen as advantageous to CIOs who want to get on with the job without an interfering board asking awkward questions, that"s not how the CIOs see it, Huff says.

"We saw no evidence of a desire by CIOs to promote the IT function by attracting more board attention, nor did we see overt evidence of any concern about closer board oversight."

Generally, the CIOs thought boards should be discussing more strategic aspects of IT and be provided with regular reports on big IT projects.

So what can be done to improve the level of IT interest and literacy on boards? Seeking out and appointing at least one board member with an IT background and inviting CIOs to board meetings and encouraging the CIO to get to know the board members in a social setting can all help.

Huff says the average age of the board members in the companies studied was over 60 and that many will be retiring soon and are likely to be replaced by younger, more tech-savvy members.

Today, companies are governed fairly similarly around the world and their IT systems are run in a fairly similar way, Huff says, so the results of the study are likely to be similar in New Zealand.

He is planning a similar study of New Zealand boards and says one difference that may make New Zealand boards a bit more IT-oriented is that here, company executives often also sit on boards, whereas that"s unusual in Canada.

"If you"re a board member and a senior executive you"ll have a different perspective on IT."

The 2004 IT Governance Conference was hosted by the Auckland chapter of ISACA, the Information Systems Audit and Control Association and Auckland University of Technology"s Centre for Research on IS management.