With accusations that boards of directors of financial institutions were asleep at the wheel while their companies engaged in risky behavior that erased millions of dollars of shareholder value and plunged the country into recession, increasing pressure is now being placed on public company boards to shoulder the burden of risk oversight for the companies they serve. This article provides an overview of some of the main considerations relative to every director’s duty to govern IT risk. In particular, this comment will address directors’ roles in the risk oversight of the corporations they serve, their role in governance of IT, their role in mitigating IT risks, and ways in which that risk can be transferred to or shared with others. A discussion of these topics will hopefully foster a deeper and productive discussion within boardrooms.
Lawrence J. Trautman & Kara Altenbaumer-Price, The Board's Responsibility For Information Technology Governance, 28 J. Marshall J. Computer & Info. L. 313 (2011)