Magazine article New Zealand Management

TABLED : Does the Board Carry the Can for ICT?

Magazine article New Zealand Management

TABLED : Does the Board Carry the Can for ICT?

Article excerpt

Byline: Michael Wigley

Information and communications technology (ICT) is an ever-increasing feature of corporate value and risk. Failure can be catastrophic, such as in the case of a serious security breach or an internal network failure. Recent developments confirm that legal responsibility for managing ICT risk goes all the way to the top.

ICT doesn't always get enough attention from boards, yet it can make up a high proportion of the value and risk of the organisation. It involves wide-ranging issues including information stored and used electronically, through to intellectual property (which is often located on computers).

Certain types of large-scale IT implementations are notorious for failure, particularly company-wide projects. Hershey's Chocolate almost went under for example when one project melted. Locally, INCIS has its private sector equivalents: they just don't get the same press. These large projects call for heightened board focus.

Where does the legal responsibility lie? Right at the top, with the board

TJX: There's a great example in what happened to Fortune 500 company, TJX. One of the largest retail chains in the world: it had an electronic security breach. Consumer information from an estimated 46 million debit and credit cards walked out the door. It's not clear where the breach was, although it might have been via a single wireless connection in one of the many retail outlets.

Early on, there was talk the company would go under because of these security breaches. In the end, it has been lucky and things have gone better than expected.

Significantly, from a governance perspective, major TJX shareholders and lenders looked at suing the directors for failing to meet their obligations to ensure adequate IT security systems were in place. TJX itself might have been able to sue the directors as well.

This could happen in New Zealand as well. Board members could end up being sued for failing to ensure that adequate systems are in place to deal with ICT failures.

All directors owe legal duties to their company to exercise the care, diligence and skill that a reasonable director would exercise in the same circumstances. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.