How IT Departments Can Partner with the Board of Trustees

Whatever one's beliefs concerning the rise of massive open online courses (MOOCs) and their long-term relevance within higher education, one thing is clear: College and university IT has been brought out of the back office and into the forefront of the conversation. Technology, and how it is used and deployed, is now understood as having strategic value for many institutions.

Thanks to MOOCs and other conversations about online and technology-enabled teaching and learning, institutional boards are expressing new levels of interest in information technology. According to a 2013 survey on technology and instruction by the Association of Governing Boards of Universities and Colleges, a significant number of board-level conversations around educational technology have been held within the past year: Seventy-three percent of boards have discussed online courses; 68 percent, technology in the classroom; and 58 percent, acquisition of technology for teaching and learning. Despite the high level of visibility and conversations, only one in five trustees say their board is prepared to make decisions about educational technology on their campus.

While there is renewed interest in IT, getting the support of a board committee — or even a seat at the board table — still proves a challenge for IT professionals. Even when we do get a seat, the focus isn't always as strategic as we would hope. Those conversations can ­devolve quickly to discussions around data breaches and disaster recovery instead of higher-level conversations about the strategic role that technology plays in helping to shape an institution's future.

That was precisely my fear when a new board committee was formed this year at St. Norbert College to provide trustee-level visibility and oversight for our new Information Technology Services division, created a year earlier. The good news was that we — ITS — were getting a committee; the bad news, potentially, was that it wasn't going to be the "IT" committee. The division would be part of a larger committee that also focuses on risk management.

My fears proved unfounded, thanks in large part to the work we did before and during our initial committee meeting this past ­October. What we did, and continue to do, has helped to refocus our trustees' mindset from one of "IT as risk" to one of "IT as potential strategic advantage." Here is how we approached that task:

Do more up front.

Set the proper tone for your ­committee from the very start. Get as involved as you can in the formation of the committee, from the committee name to its initial charter, to ensure IT is positioned and considered appropriately. Even little things help, such as ensuring "IT" is in the name or, ideally, having it placed first. You may not win on every issue. Our committee is named the Risk Management and Information Technology Committee, which frequently gets shortened to the Risk Committee, but we were able to expand the charter for IT beyond the committee's original focus on the intersection of technology and risk.

If you have a voice when it comes to the selection of a committee chair, ask for someone you know who understands your area or is a ­technology advocate. Either way, once a chair is selected, meet with him or her to discuss your ideas and goals for the committee, as well as any concerns you may have about the committee's structure or focus. Having a solid relationship with the chair is key, because that person can help to shape the committee's agenda and guide conversation toward strategy.

Don't ignore the obvious.

Let's face it: There are a fair amount of inherent risks in any IT organization. As much as those of us who are internal to IT recognize that those risks are a normal part of our business, and we have a number of strategies to mitigate them, it's understandable that our trustees are concerned about them. They often arrive from the corporate world, where IT is solely about risk, and they need only open any newspaper or magazine to read about the latest data breach or catastrophic technology failure.

You won't be able to move past that perception of IT until you adequately address it and make your trustees comfortable that you have it under control. Acknowledge it, and demonstrate the serious attention you pay to it as well as the many ways in which you're addressing such important issues.

Co-opt the framework.

Once you've addressed the common perception of IT risk, take the risk framework and expand it to make it your own. Discuss the risk in treating technology as a strictly back-office function instead of an ­institutionwide, strategic item. Showcase the risk of not adapting or changing in the face of new business models spurred by rapid ­technological changes — the risk of not properly resourcing ­technology initiatives or keeping up with the pace of technology changes (for example, the explosion of wireless or maintaining adequate levels of refresh funding).

Use the idea of risk to show that the greater risks to any organization vis-à-vis technology are not technology risks at all — they're financial, organizational and cultural.

Promote conversations.

If your board is like ours, it meets only three or four times per year. Consider how to continue the conversation about technology opportunities and risks beyond those few meetings.

Our committee members asked for periodic updates between meetings, not just on divisional activities but also on the bigger picture. They wanted to know what emerging technologies they should be paying attention to that might have an impact on our college or the industry as a whole.

Also consider using existing industry data and reports to frame future conversations about information technology. Leveraging industry publications allows us to provide our committee members with a broader perspective, as well as the basis for comparison when it comes to technology issues or direction at our own institution.

How do we know that these strategies worked? At the end of our first meeting, one of our trustees said this: "Even if IT is 30 to 35 percent risk, that means that it's also 65 to 70 percent strategic opportunity, and we need to focus on that."

I call that a success.