Abstract
The board-level technology committee (TC) could play a significant role in enterprise risk management. Unfortunately, only about 10 % of public companies have chartered such a committee. There is evidence that the TC mitigates the negative market reaction to data breaches (Higgs et al. 2016), suggesting that investors expect TCs to control operational IT risk—the risk associated with technology that facilitates the company's core operations, including external risk such as data breaches. Based on a review of 50 existing TC charters, we find that TCs today focus instead mainly on strategic risk—the risk associated with strategic product technology development—with under half of TCs including operational risk management in their charters. We see this as a potential disconnect between stakeholder expectations of risk management and company delivery on that expectation.
| Original language | English |
|---|---|
| Pages (from-to) | 43-47 |
| Number of pages | 5 |
| Journal | Journal of Corporate Accounting and Finance |
| Volume | 30 |
| Issue number | 4 |
| DOIs | |
| State | Published - Oct 2019 |
Keywords
- board of directors
- corporate governance
- risk management
- technology committee