Contributing writer

6 key board questions CIOs must be prepared to answer

Aug 29, 2022
CIOIT Leadership

The board expects the CIO to be a critical agent for business change. Be ready to address these tricky, timely questions to assure your board that IT is being led in the right direction.

business people conference room collaboration boardroom
Credit: Thinkstock

Board directors like Jean Holley can be a CIO’s best friend or worst nightmare. A former CIO herself, Holley always reaches out to the CIO before board meetings to offer her advice on how to handle inevitable questions. “It’s amazing how many times they don’t take me up on it,” Holley says.

These CIOs, especially those new to the role, often come off as overly techie, out of touch with the business, or worse, out of their depth in the position, she says. On three different boards, directors have asked Holley if the company chose the right CIO, and three times her answer was no. Don’t be that CIO.

CIOs hold more influence than ever in the boardroom. The CEO and board may steer the ship, but they’re relying on the CIO’s radar to see what’s coming. Preparation is key and can make or break the relationship. Get ready for these questions and curveballs.

First, know your audience

Before meeting the board for the first time, it’s important to research the background of each board member and the other boards they’re on, says Gary Cantrell, former CIO and senior vice president of IT at manufacturing company Jabil, who spoke with his board quarterly.

“Most of the board members aren’t deeply versed in IT, but they know what’s important from reading the news or from what they’ve learned from other boards that they sit on,” Cantrell says. “If you follow those companies on your feed and read up on an incident before you get in front of the board, you can answer questions easy enough. If not, you have to dance as you go.”

1. ‘Are we vulnerable to current cyber threats?’

Cybersecurity remains a top board concern, especially given the war in Ukraine and ongoing global unrest. CIOs should always prepare for this loaded question without giving doomsday predictions or appearing overconfident.

“Prepared for cyber questions in the context of risk,” says Jay Ferro, chief information and technology officer at Clario. “Explain that the likelihood of a risk X happening is very low, but the impact could be high, so here’s what we’re doing to mitigate it,” Ferro says. “Have a conversation about where you aren’t as secure, too, but follow immediately with how you’re getting better, what your plan is, and how they can hold you accountable for getting better.”

Here, CIOs can help the board see improvement by reusing and updating performance graphs and charts that were presented at previous board meetings, so directors can see progress, he adds.

Vulnerability isn’t the only cyber-related question CIOs should be prepared to address. Ferro says he was put on the spot many times with the question, “Are we spending enough on cybersecurity?”

“You always want to spend more, but your CEO is in the room, and you have to be very careful about your answer,” Ferro says. “You don’t want to throw your CEO under the bus.”

On the flip side, the current economic climate has some boards asking, “Can you do this more cheaply?” says Alexander Lowry, host of the podcast “Boardroom Bound.” Typically the answer is no if the company wants to remain well-defended or needs to retain talent, he says. “Time, cost, and quality form the triangle of balance,” he adds, and CIOs must explain the importance of all three factors.

Directors who sit on several boards may also inquire about the security chain of command in the organization, Holley says. Because of this, CIOs are often asked, “Should the CISO report to the CIO or to someone else?”

“About 90% of CIOs will say yes, I want it,” Holley says. “But if you’re a technology-based company and you develop technology for a living or maybe in the security space, it should not be under the CIO. The board prefers the checks and balances of two different leaders in this case, she says.

2. ‘Are we investing in the right technology that aligns with our strategy?’

The board wants assurances that the CIO has command of tech investments tied to corporate strategy. “Demystify that connection,” Ferro says. “Show how those investments tie to the bigger picture and show immediate return as much as you can.”

Global CIO and CDO Anupam Khare tries to educate the board of manufacturer Oshkosh Corp. in his presentations. “My slide deck is largely in the context of the business so you can see the benefit first and the technology later. That creates curiosity about how this technology creates value,” Khare says. “When we say, ‘This project or technology has created this operating income impact on the business,’ that’s the hook. Then I explain the driver for that impact, and that leads to a better understanding of how the technology works.”

Board members may also come in with technology suggestions of their own that they hear about from competitors or from other boards they’re on. So CIOs should also be prepared to answer the question, “Should we be using the same technology as company X?”

Avoid the urge to break out technical jargon to explain the merits of new cloud platforms, customer-facing apps, or Slack as a communication tool, and “answer that question from a business context, not from a technology context,” Holley says. “[The answer] depends on how the business is doing and where you are competitively. Are you trying to be a leader or a fast follower” in the digital space?

It’s also wise to prepare a list of three areas that you would invest in if capital were available, Holley says. “That’s a key question to always have a good answer to in case the business is throwing off more cash or somebody isn’t spending as much capital,” she says. “For instance, if we throw $5 million now at this active project, we could pull in this ROI in six months. It may not be IT-related either. If we’re looking to pull in that acquisition in Q1 of next year, why don’t we pull it in Q4 this year because people have the bandwidth.”

Holley had a similar short list of projects to slow or stop if the business was contracting or the company had a rough quarter and needed to pull back. Top contenders were projects where the business is not engaging enough, or those the business can’t bring the right head count to make it move faster, she says.

3. ‘How are you retaining and attracting tech talent?’

Board members read about a worldwide IT talent shortage and they’re asking CIOs what they’re doing to develop talent in-house, and how they’re retaining workers, Cantrell says. They’re also asking about attrition rates and how you’re attracting new talent. Are you only offering higher salaries or other perks?

4. ‘Should we be looking to automation to fill hiring gaps?’

Without enough qualified workers, some board members may also ask about automation or robotics as an alternative, Lowry says. “The question might be, ‘Since we can’t get enough human beings to do these things anyway, could we do it more efficiently with automation? Not just today, but for the medium or long term would it make the organization more resilient or help us operate more cheaply?’” CIOs should prepare a list of what parts of the business could be or should be automated, Lowry says.

5. ‘How are you cultivating the most diverse, equitable, and inclusive tech team?’

With the increasing emphasis on diversity, equity, and inclusion (DEI) as a key workplace objective and productivity driver, CIOs should also be prepared to describe their DEI initiatives, including how they are going about sourcing for this talent, such as partnerships with organizations that can help, Ferro says.

These types of corporate responsibility topics may also include sustainability questions, he adds. “What are you doing to run a more sustainable technology organization — whether that’s reducing your data center footprint or moving to the cloud,” he says.

6. ‘What should we be concerned about that’s not on our radar?’

The board is relying on your radar to help them shape business strategy. A crisp top-three list should start things off. “This is not an invitation to go apocalyptic or to overtalk or overexplain,” Holley says.

“I would always pre-think an answer internally and externally,” Holley says. “I start with something like, ‘Externally there’s an opportunity to grow revenue by x%.’ Or I would ask, ‘Do you know what our competitors are doing?’ And I would expand on that. Or I would start with, ‘The competitor we don’t even see today is probably doing this.’”

Instead of elaborating on each idea, she would follow up with, “Would you like to know more?” The board chair or a committee chair would usually say yes or want to follow up at a later time.

Dealing with the unexpected

If any question comes out of left field that you aren’t prepared to answer, never make up the answer, Ferro says. “Be prepared to say, ‘I would like to come back to you on that, or just say, ‘That’s a great question. Generally, it’s on our radar. Let’s do a separate call on that.’”

Preparation can pay off big time, Cantrell says. “It’s always the first impression. If you can get off on a good foot in the first three meetings, life gets a lot easier. If not, it gets to be a challenge.”