2/4/19 - Promontory Currents: How Today’s Boards Can Manage Technological Disruption
Home > News & Insights > Insights & Publications

2/4/19 - Promontory Currents: How Today’s Boards Can Manage Technological Disruption

By Sylvia McGratten

Corporate-governance practices are evolving in response to technological disruption occurring in financial markets. Given the unprecedented pace of change, rules of engagement for boards are quickly shifting. Perhaps most notable is how board members are increasingly being expected to address emerging technologies and other disruptive forces to ensure their companies remain competitive. Meanwhile, the core mandate of a board member remains to enable and encourage management to deliver superior, long-term shareholder value through the pursuit of a growth agenda.

The Proliferation of Technology Risks

Technology is becoming an increasingly important risk area for boards.1 Technology risks include cybersecurity risks, operational risks associated with operating-system performance, and risks to a company’s business model arising from technological advancements (such as the use of social media and real-time access to information). The implementation of large-scale technology projects also introduces a high degree of risk, as flawed implementation can have a significant negative impact on business operations. Companies must manage not only their own control environment, but also the robustness of third-party providers’ technology controls and third-party providers’ ability to manage potential security incidents.2

Privacy Implications in the Digital Age

Technology and privacy risks are often discussed together, given their interrelationship and potential to negatively impact a company’s reputation and bottom line. Technological advancements — such as advanced algorithmic capabilities, artificial intelligence, the “internet of things” (devices exchanging data over a network without human interaction), big data, blockchain, and cloud services — can all put the privacy of customers at risk.

With the speed at which personal information is now collected, analyzed, and shared, societal and governmental expectations are higher than ever for public companies to manage customer and employee information responsibly. The ability to quickly and easily share customer data can improve customer service and profitability, but protecting the channels through which such information is shared is critical, particularly when information is shared with unrelated parties. Companies that abuse or misuse customer data could suffer devastating reputational damage and financial loss.

Where Should Today’s Boards Focus?

The average lifespan of S&P 500 companies has fallen dramatically in recent years, a trend that many experts expect to continue as technological forces continue disrupting industries. How can today’s boards insulate their companies from the effects of such disruption, or better yet, use disruption to the advantage of the companies they help oversee? To start, they should focus on the following:

Technology-risk management. This is an increasingly critical area for board oversight. To better understand technology issues, many boards are working more closely with chief information officers and hiring directors with technology experience. When deeper expertise is required, they are also creating technology subcommittees to advise them on certain decisions.3

Privacy protection and data ethics. Boards should be vigilant when overseeing managers tasked with privacy protection and when addressing ancillary issues, such as the ethical use of data for the organization’s business strategy and control environment. They should consider addressing these issues on an ongoing basis to prevent negative press, loss of consumer trust, and regulatory censure. When gaps or breaches occur, they should work with management to understand how and why and to remedy problems in a timely manner.

Agile planning. Corporate strategy should be more flexible and adaptable. Today’s business plans need to be living documents, updated by management throughout the year to reflect changing priorities and goals as circumstances warrant. Companies must be equipped to monitor the impact of new entrants and technologies and modify their business strategies to address significant disruptions before they manifest into competitive disadvantages — or worse.4

Risk oversight. Until recently (and largely in response to the 2007-2008 financial crisis), most boards spent the majority of their time managing risk. However, in the post-crisis environment, demands for better risk oversight have escalated (a priority that often competes directly with agility and flexibility). Today, boards must address risks that cut increasingly across multiple business lines and customer segments and that, due to the potential enormity of their reach and consequences to the organization, could lead to reputational ruin.

To improve risk oversight, today’s boards must stay apprised of external developments while simultaneously remaining focused on strategic execution and short-term planning. They can balance these competing priorities by making decisions that fully integrate risk considerations and that optimize the company’s long-term prospects. For instance, when evaluating acquisition targets, boards should not only consider revenue gains and operational synergies, they should also analyze the target company’s control environment and its ability to prevent and mitigate risk.5

Scenario planning. Boards should prioritize identifying, assessing, and planning for risks and trends that could impact their organization’s long-term sustainability. Discussing emerging trends and evaluating what-if scenarios can help companies better assess and prepare for a range of outcomes. If material threats seem plausible, boards should consider asking management to establish early warning indicators to detect when such threats materialize and trigger a reassessment of the risk environment.

Skills and capabilities. Boards need to ensure their collective balance of skills and capabilities align with the unique features of the organization and the business environment. As the business environment changes, so too should a board’s expertise and contributions to the company. To provide effective oversight and challenge, boards must always be in a position to address the right topics and issues — at the right depth.

Above all, boards need to ask smart questions and encourage creative thinking about the organization’s products and services. They should work with management not only on long-term strategy, but also on navigating and plugging into disruption, forming new ecosystems, and accessing talent markets. Otherwise, their organizations are at risk of becoming stagnant and obsolete.


Sylvia McGratten is a principal in Promontory’s Toronto office.


1. Sheila Judd, “Risk Governance: Evolution in Best Practices for Boards,” Global Risk Institute (March 22, 2018).

2. Ibid.

3. Aida Sijamic Wahid, “Disruptive Technologies and Corporate Governance: The Impact of Technological Disruption on the Role of Board of Directors,” Rotman School of Management, University of Toronto (October 2018).

4. “Courage Under Fire: Embracing Disruption,” Deloitte (January 2017).

5. Judd, “Risk Governance.”