The Board Does Not Trust IT (Even When They Like the CIO)

In many organizations the CIO is personally well regarded.

Peers consider them thoughtful. The CEO finds them collaborative. Board members often describe them as credible and capable.

And yet an important signal appears over time. Technology decisions move slowly. Investment approvals stretch across multiple meetings. Directors ask for outside opinions. The same questions resurface each quarter despite detailed reporting.

The CIO leaves meetings feeling listened to but not empowered.

This situation is common and frequently misunderstood. Leaders often attribute it to communication style, board technical literacy, or presentation polish. Research suggests the problem is different. Boards build confidence when they understand the business consequences of technology decisions, not when they simply understand the technology itself (Source: PwC, Board Effectiveness: A Survey of the C-Suite, 2019).

The issue is not personal trust in the CIO.

It is institutional trust in the system the CIO is describing.

What Boards Are Actually Evaluating

Boards are accustomed to evaluating functions where cause and effect are visible.

Finance provides forecasts, variances, and cash implications.Operations shows throughput, utilization, and service levels.Sales reports pipeline, conversion, and bookings.

Technology rarely presents information in the same way.

A typical board technology update may include uptime percentages, project milestones, ticket volumes, and security patch compliance. All of these are legitimate operating indicators. However, they do not directly answer the board’s underlying oversight questions.

Directors are implicitly trying to determine three things:

• whether the company is investing appropriately in technology

• whether those investments are allocated to the right problems

• whether a material risk exists that management cannot yet see

When reporting does not resolve those questions, directors cannot form judgment. Gartner surveys have repeatedly found that fewer than half of directors believe they receive meaningful technology performance information tied to business outcomes (Source: Gartner Board of Directors Survey, 2021). McKinsey similarly observes that many CIO reports describe activity and progress rather than enterprise value creation or risk reduction (Source: McKinsey, The CIO’s Balancing Act, 2020).

Faced with uncertainty, boards behave rationally. They slow decisions.

This hesitation is often interpreted as skepticism about the CIO. In practice it is a response to incomplete assurance.

The Reporting Mismatch

Most CIO reporting originates as internal management reporting. It is designed to help engineering leaders operate systems and manage teams. The board then receives a summarized version of the same material.

This creates a structural mismatch.

Operational metrics communicate effort and diligence. Boards evaluate control and predictability.

Consider several common examples:

• A dashboard showing increased deployment frequency communicates productivity to technology leadership. To a director, it may suggest increased operational risk if release discipline is unclear.

• High availability percentages demonstrate reliability internally. To the board, they do not answer what happens when failure inevitably occurs.

• Security patch compliance rates show operational rigor. They do not clarify enterprise exposure.

• Cyber risk illustrates the gap particularly clearly. Cybersecurity is now among the top concerns in boardrooms globally, yet many directors still report low confidence in understanding their organization’s cyber readiness despite receiving regular security reports (Source: National Association of Corporate Directors, Cyber-Risk Oversight Handbook, 2022).

The challenge is not technical literacy. It is translation. Operational reporting does not automatically provide enterprise assurance.

The Predictability Problem

Boards ultimately judge functions by predictability.

Finance earns trust when forecasts are reliable.Operations earns trust when service commitments hold.Sales earns trust when pipeline converts consistently.

Technology organizations often struggle here, even when well run.

Large initiatives evolve. Dependencies appear. Estimates shift as systems are better understood. Each explanation may be valid and transparent. However, the cumulative effect is uncertainty.

Bain & Company has found that directors lose confidence in functions when performance cannot be forecast with reasonable accuracy, even if final outcomes are positive (Source: Bain, Closing the Strategy to Results Gap, 2019).

This explains a common dynamic. A board approves a major system modernization, cloud migration, or platform replacement. Months later, timeline or scope changes. Leadership communicates openly and responsibly. Trust still declines.

Not because the board believes management acted improperly.

Because the board cannot predict what will happen next.

Governance confidence is built on predictability rather than intent.

What the Board Needs From IT

Contrary to popular belief, boards are not seeking technical detail. They are seeking assurance. In practice, that assurance takes three forms.

Investment clarity

Directors need to understand how technology spending affects enterprise capability. They are not evaluating whether a project is interesting or modern. They are evaluating its consequence.

They want to know whether a technology investment will:

• increase growth capacity

• reduce operational cost structure

• improve regulatory compliance

• materially reduce business risk

McKinsey research shows companies that explicitly link technology initiatives to measurable business outcomes outperform peers in revenue growth and return on invested capital (Source: McKinsey, Delivering Large-Scale IT Projects on Time, on Budget, and on Value, 2017).

When that linkage is unclear, technology spending appears discretionary regardless of its operational importance.

Risk transparency

Directors are legally responsible for risk oversight. Technology risk now intersects operational, financial, and reputational exposure simultaneously.

Many organizations still describe risk using technical indicators such as vulnerability counts, penetration testing results, or phishing performance. These are inputs. Boards require exposure understanding.

They are asking:

• What failure would materially affect the company?

• How likely is it?

• What would the impact be?

Regulators in financial services now require firms to define important business services and quantify tolerable disruption thresholds precisely because technical measures alone do not communicate enterprise risk (Source: Bank of England Operational Resilience Policy Statement, 2021).

When technology leaders describe risk in business scenarios rather than technical conditions, board confidence rises quickly.

Delivery reliability

Boards do not expect flawless execution. They expect disciplined commitments.

They want to see that management understands what conditions must be true for a plan to succeed and how tradeoffs will be managed if conditions change.

DORA research shows that high performing technology organizations emphasize lead time predictability and change failure rates over raw development speed because reliability builds organizational confidence (Source: Forsgren, Humble, and Kim, Accelerate, 2018).

Reliability communicates control.

Why Personal Credibility Is Not Enough

Many CIOs are effective communicators and strong partners across the executive team. Relationships improve, but governance skepticism persists.

This is because board trust is institutional rather than interpersonal.

Board composition changes. Committee leadership rotates. Investor expectations evolve. Directors rely on repeatable oversight structures rather than individual rapport. PwC research shows boards anchor confidence in decision frameworks and consistent reporting mechanisms more than executive personality (Source: PwC, Board Effectiveness and Executive Performance, 2019).

A well regarded CIO can still lead a technology function the board finds opaque.

How Confidence Changes

Across organizations, confidence increases when three reporting shifts occur.

From projects to capabilities

Instead of describing implementations, leadership explains operational outcomes. Rather than reporting that a system was upgraded, reporting shows how underwriting cycle time, customer onboarding, or service recovery improved.

Capabilities allow directors to reason about business performance.

From technical metrics to enterprise indicators

Operational measures remain essential internally. Board reporting reframes them.

Availability becomes revenue service continuity.Incident resolution becomes productivity restoration.Security compliance becomes exposure reduction.

Organizations that align technology metrics with enterprise KPIs report higher executive satisfaction and more stable funding decisions (Source: Gartner, Aligning IT Metrics to Business Outcomes, 2020).

From plans to governed commitments

Boards gain confidence when leaders define decision points and tradeoffs in advance. Statements such as “here is what we will validate before next quarter and what choices we will make” allow directors to exercise oversight.

Oversight builds trust.

A Repeating Pattern

A common cycle appears across industries.

When boards do not understand technology consequences, they delay decisions. Delays slow modernization. Slower modernization increases risk and cost. Rising risk increases oversight, which increases reporting burden.

Organizations often interpret this as resistance to technology.

In reality, it is a rational response to insufficient decision clarity.

When reporting clarifies investment impact, risk exposure, and delivery reliability, board behavior changes quickly. Approvals accelerate, discussion becomes strategic rather than operational, and budget conversations shift from justification to allocation.

The CIO’s role shifts from technical operator to enterprise leader.

Where External Help Helps

External support is valuable in specific circumstances:

• when reporting does not translate into enterprise understanding

• when significant investment decisions are pending

• when leadership cannot determine how the board actually perceives technology risk

The value is not additional reporting content. The value is structuring how technology is explained so directors can exercise judgment.

It is counterproductive when it substitutes for leadership ownership.

Key Takeaways

Boards do not withhold trust arbitrarily. They withhold trust when they cannot evaluate.

Technology reporting frequently communicates effort rather than assurance. Directors are not trying to understand systems. They are trying to understand consequences.

Confidence grows when technology is expressed in terms of investment impact, enterprise risk, and delivery reliability. Personal credibility supports dialogue, but structural clarity creates governance trust.

Many organizations interpret board skepticism as resistance to technology. More often it is a request for decision clarity.

How RLK Helps

RLK Consulting works with leadership teams to translate technology into decision language for boards and executives. The work focuses on board-level reporting design, investment framing, and operating model clarity so directors can confidently exercise oversight.

The objective is not to simplify technology. It is to make its business implications understandable.

When that occurs, governance strengthens and execution accelerates.

Sources

PwC, Board Effectiveness: A Survey of the C-Suite (2019)

PwC, Board Effectiveness and Executive Performance (2019)

McKinsey & Company, The CIO’s Balancing Act (2020)

McKinsey & Company, Delivering Large-Scale IT Projects on Time, on Budget, and on Value (2017)

Gartner Board of Directors Survey (2021)

Gartner, Aligning IT Metrics to Business Outcomes (2020)

National Association of Corporate Directors, Cyber-Risk Oversight Handbook (2022)

Bain & Company, Closing the Strategy to Results Gap (2019)

Bank of England Operational Resilience Policy Statement (2021)

Forsgren, Humble, Kim, Accelerate (2018)