How often (annually, semi annually or quarterly or as needed) should the CIO brief the Board (BOD) on state of technology in the organization?

1.9k views7 Comments

Executive Architect in Healthcare and Biotech, 10,001+ employees
Quarterly, if not more frequently.  In today's world the board needs to be apprised of the organization's technology position as often as financials, HR and operations performance are communicated.   Information security, effective support of remote employees, and competitive application of e-commerce technologies are just a few of the disciplines that every company board should be monitoring.
Senior Information Security Manager in Software, 501 - 1,000 employees
Like the answer to all information security questions, it is ‘it depends’.


Depends on issues such as: how tech savvy is the board?  How connected are they to IT? How much do they want to know?


Once questions like that are quantified, then you can know how often they should be briefed.


With that, I think semiannual works for most organizations as annual is just not frequent enough.
1 2 Replies
Executive Architect in Healthcare and Biotech, 10,001+ employees

Ben, I don't disagree.  If the board cannot grasp tech's role in the success and survivability of the company, I can see the point of not trying to lead those horses to water.  As a shareholder, I might want thirstier horses in the stable.

Assistant Director IT Auditor in Education, 10,001+ employees

What I have seen in the past, broker dealers (Financial Org) the board required semiannual presentation from the CIO roadmap progress. The were also very interested in incidents, specifically, cyber attacks and trends of these attacks. Today I suspect they wanted quarterly or more frequent updates. One major breach can cost the company a lot of money, reputational damage, intellectual property loss, affect their competitive advantage and worst case scenario put them out of business.

Sr. Director, Head of Global MCM IT in Manufacturing, 10,001+ employees
annually is probably enough
Director of Information Security in Energy and Utilities, 5,001 - 10,000 employees
At least quarterly would a good benchmark to follow. Less frequently than that would result in a disconnect between technology operations and business oversight folks.
Chief Security Officer in Software, 10,001+ employees
It depends on how engaged the board is, but I recommend quarterly to keep them up to date on major issues or status updates that significantly move the w on risk for the business. This can be a good way to get support for activities outside of the normal c-suite.

Content you might like

Community User in Software, 11 - 50 employees

organized a virtual escape room via - even though his team lost it was a fun subtitue for just a "virtual happy hour"
Read More Comments
10.8k views26 Upvotes63 Comments

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
74.4k views71 Upvotes42 Comments









1.9k views1 Upvote