Abstract
AbstractThe board‐level technology committee (TC) could play a significant role in enterprise risk management. Unfortunately, only about 10 % of public companies have chartered such a committee. There is evidence that the TC mitigates the negative market reaction to data breaches (Higgs et al. 2016), suggesting that investors expect TCs to control operational IT risk—the risk associated with technology that facilitates the company's core operations, including external risk such as data breaches. Based on a review of 50 existing TC charters, we find that TCs today focus instead mainly on strategic risk—the risk associated with strategic product technology development—with under half of TCs including operational risk management in their charters. We see this as a potential disconnect between stakeholder expectations of risk management and company delivery on that expectation.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
