Directors' statutory duty of care and diligence in the context of information technology

Voogt, Thea (2015). Directors' statutory duty of care and diligence in the context of information technology Master's Thesis, T.C. Beirne School of Law, The University of Queensland.

Author Voogt, Thea
Thesis Title Directors' statutory duty of care and diligence in the context of information technology
School, Centre or Institute T.C. Beirne School of Law
Institution The University of Queensland
Publication date 2015-10-31
Thesis type Master's Thesis
Open Access Status Not Open Access
Supervisor Ross Grantham
Total pages 151
Language eng
Subjects 150303 Corporate Governance and Stakeholder Engagement
180109 Corporations and Associations Law
Abstract/Summary Over the past 20 years, there have been three significant events that have fundamentally changed the way that business is conducted: the slew of corporate collapses in the late 1990s and early 2000s, the global financial crisis that started around 2007-8 and, more recently, rapid changes resulting from information technology, often referred to as ‘digital disruption’. The impact that information technology has on business is significant and the reach of digital disruption cuts across the very fabric of society. Though changes in information technology and digital disruption bring with it boundless opportunities for reward, there is often no reward without risk and changes in information technology and digital disruption has significant and important consequences for those managing businesses, which in the case of companies, is the board of directors. The central question posed by this dissertation is whether the pervasiveness of information technology and information technology risk has changed virtually every aspect of business and thereby also the statutory duty of care and diligence of all directors as set out in s 180 of the Corporations Act 2001 (Cth). The hypothesis laid out in this dissertation is that directors’ statutory duty of care and diligence has broadened due to information technology and its resultant risk in much the same way as corporate governance measures, risk management, ongoing disclosure and financial literacy requirements have changed the way that directors go about their business as a consequence of corporate collapses and the global financial crisis. The dissertation sets about making this case by classifying business risk into the following categories: strategic risk, legal, regulatory and compliance risk, financial, financial reporting and disclosure risk, operational, business continuity and disaster risk, and people, reputation, customer and market risk. A strong case is then made that information technology and information technology risk is inextricably linked to each risk category and to every aspect of the business of a company and is, therefore, in the remit of all the directors. Particularly in so far as the link between strategic risk and IT is concerned, all of the members of the board must have a reasonable understanding of the impact of IT on the business, as sound business strategy requires an understanding of the business of the company, which undoubtedly includes IT pervasively. But, boards are made up predominantly of non-executive directors who are not involved in the day-to-day business activities of a company, evidenced by an analysis of the composition of the boards of the ten largest listed companies in Australia and their board committees. Further, though there is an emergence of Digital directors, the scope of their responsibilities is usually limited to transformation related to digital disruption. It is, therefore, on that basis that this dissertation presents an analysis of the objective general duty of care and diligence of all directors in the context of IT and concludes that, based on case law, the objective general duty of care and diligence of each director, irrespective of whether they are non-executive or executive directors, are: • That each director must be familiar with the impact of IT on the business, as IT is fundamental to the business; • To understand the impact of IT on the business so that they remain informed about the business; • To understand the impact of IT and IT risk on strategy and how IT strategy affects most, if not all business areas; • To give direction about IT and to monitor IT; • All of which may be summarised as being ‘IT literate’. Therefore, just as directors must be financially literate, without necessarily being accounting experts, they must be IT literate, without necessarily being IT experts. In the case of companies that have appointed a Digital director, IT director, CIO or others, these directors and officer can play an important in advising the board at a strategic level of the role that IT can play, but this does not change the objective general duty of care and diligence. In the case where IT matters are delegated to the CEO, the general objective duty of care and diligence is no lesser than the duty set out above, as this delegation must be made on the basis of knowledge and requires feedback and monitoring by the board which must equally be on the basis of knowledge. When the directors apply business judgment to IT matters, this too must be on the basis of knowledge. This dissertation argues that this basis of knowledge is the objective general duty of care and diligence of each director to be IT literate.
Keyword Digital director
Director's duties
Technology risk
Business risk
Care, skill and diligence

 
Versions
Version Filter Type
Citation counts: Google Scholar Search Google Scholar
Created: Tue, 21 Feb 2017, 12:31:13 EST by Thea Voogt on behalf of T.C. Beirne School of Law