BA Board Composition Not Fit For Purpose....
The board own shares valued at £24.5M so they have a huge personal vested interest in getting the company’s costs as low as possible. So of course they’ll outsource IT support. The some 50% of the firm is owned by Qatar and the institutional shareholders. None of these investors will even ask about the actual risk to the company form IT related (cyber) risks and their mitigation…because they wouldn’t have invested so heavily in something so apparently prone.
The Annual Corporate Governance Report for 2016 has pages of methodology in relation to financial risk, but the risk from critical IT failure gets a sentence. Why? Well it might be that the firms Audit and Compliance Committee doesn’t seem to have a single trained, experienced or fully qualified IT specialist, yet according to the latest corporate governance report their function includes(pg.32)
g. To evaluate all aspects of the non-financial risks the Company is exposed to, including operational, technological, legal, social, environmental, political and reputational risks.
Hmmm…it would seem this committee composition is not fit-for-purpose! (Perhaps the Head of Group Audit and Risk Management needs to find a sword to fall on!) The Risk control and Management Systems include Enterprise Risk Management under class B. (Pg. 40 of the report) The mention of the risk from ‘Failure of Critical IT Systems’ is clearly not mitigated as the recovery approach clearly just don’t work! (Pg.41)
I conclude that this company’s boards are far too focussed on finance and therefore the firm is not properly run.
Biting the hand that feeds IT
