The boardroom and the tablet

The explosion of iPads and other mobile devices in the boardroom has opened up opportunities for many directors and executives. Matthew Sainsbury considers the pros and cons of this emerging technology.

It is hard to believe that the first iPad was released just four years ago (on 28 May 2010). What was originally dismissed as a consumer toy - or even an oversized iPhone that would never catch on - has become a phenomenon. 

Catch a plane and you may be offered an iPad with in-flight entertainment, or courtesy of an app, can use your own. Your local café may also  use an iPad for its register and you can build one into your car’s dashboard for GPS or other telematics (technology that sends and receives information via telecommunications devices). Similarly, you can read newspapers on your device and, increasingly, your board papers too.

Without the iPad we may never have had Android tablets or Windows Surface devices and while company directors are overwhelmingly users of Apple’s iPad, it is important to note just how disruptive the device has been on the entire PC marketplace. “With its dramatic revision to the user interface, the iPad is ideally suited for the dense information boards need to review in an intuitive and accessible manner. The iPad settled the debate about which device to use and took concerns about directors’ digital literacy off the table. Perhaps most importantly, the iPad’s readability and portability makes the online board book an even better experience than its traditional printed predecessor,” says Mary De Frenchi, VP of sales and account management at software company BoardVantage (Twitter @BoardVantage).

With somewhere around 200 million iPads sold to date, and factoring in the success of various devices running the Android operating system, the tablet has become a permanent part of many people’s lives. Designed in such a way that even the most technologically illiterate can be comfortable using apps and a touch screen, the iPad achieved technology nirvana by providing immediate benefit to all users. This meant it was almost inevitable that eventually the iPad would find its way into the boardroom, despite some initial concerns about the security of consumer devices being used for highly sensitive information such as board papers.

It is true that using email delivery for board papers to a tablet is not an inherently secure form of distribution. However, in practice it is no less secure than relying on paper; we have seen time and time again critical documents accidently left on planes or in taxis. As developers started to create specialised iPad apps built around security, the emergence of the iPad has actually become an opportunity to improve the level of security around board papers.

For instance, most apps designed for boards do not download and store digital copies of the board papers to the iPad over the long term. Instead, company directors access the papers online through an encrypted cloud system that the company secretary has control over. That company secretary is then able to enforce archival policies and remotely wipe any iPad that goes missing, helping to guard against the papers falling into the wrong hands, either by accident or as an act of deliberate espionage.

“Even if a director neglects to delete his or her own notes, the administrator can manage that task from the central control and delete the notes of all directors,” De Frenchi says. “This is not dissimilar to the practice of collecting and shredding paper board books after the close of a meeting.”

By centralising the management of security policy to one individual, boards are able to use iPads to better control their security risk and this has been a significant revelation for many corporations.

Doing More With Digital

With an increasing number of company directors comfortable with the use of their iPads and other tablet devices in the board room, many of the app providers are seeing opportunities to start enhancing the functionality of the board paper apps by taking full advantage of the digital platforms in order to help improve efficiency and productivity.

“Board portal technology should streamline the meeting process by being flexible enough to reflect the nuances and governance requirements for each board,” says Tessa Court, CEO of online information management company IntelligenceBank (Twitter @intellibank).

“In addition to securely sharing board packs, board portal technology should seamlessly integrate with calendars and email for voting and approvals.”

These additional functions will enable boards to better streamline their operations. Prior to a meeting, for instance, company directors would be able to vote on proposals, allowing the CEO and other executives to prepare responses based on whether or not the directors have responded positively to the proposal. Previously, there was no efficient way for increasingly busy directors to be polled on a response to an idea prior to the meeting. Board portal apps now allow users to start a meeting with a solid idea of where things stand.


Because the additional features and integration add further complexity to the app, Court also recommends that organisations take the time to properly instruct the director on its use, both to ensure compliance and to make sure that each director is comfortable. “It is important to recognise that each director has his or her own comfort level with technology, and for a board portal to be accepted, you need technology that can cater for everyone — not just iPad users,” Court says.

“Ensure that each director has one-on-one training so they are able to use the platform the way they want.

“This training time will also act as an opportunity for the director to be assured of any security or data concerns they might have,” Court adds.

“One of the key concerns we hear about is the digital footprint of ‘private’ electronic annotations,” Court says. “That is, directors want assurance their private mark ups remain private and are not viewable by others on the board, and also, that when they are deleted, they are wiped from the system. Board portals should be able to adjust policy based on the board’s governance mandate on how annotations are handled.”

Looking Further Ahead

With some of these technology concepts still in their infancy, the next year will see continued development in order to bring a full sense of functionality to what they can offer the director. For instance, while there is a great deal of interest in the online voting capability that’s currently being built into board portals, the next year of development should see this become mainstream, according to Colin Panagakis GAICD, business development manager at BoardPad (Twitter @BoardPad).

“There are some challenges that need to be addressed before online voting can realise all the benefits that it promises the boards,” Panagakis says. “For example, legally the voting cannot be used as a resolution at the moment because the technology itself is not an approved format. With that being said it is just a matter of time for that issue to be resolved, and everyone is aware of this. This is why there is so much interest in using it now as it gives the company secretary and CEO insight into how the directors will vote in the meeting.”

As paperless meetings become more commonplace and the additional functions being brought to board portals enable further remote collaboration between directors and executives, it again raises the question of whether there will be any reason for physical meetings in the future. High definition video conferencing or even telepresence do a remarkable job of creating an “in the same room” impression, and coupled with the document sharing capabilities of these new advanced board portals, an argument could be made that meeting face-to-face may no longer be essential. Similarly, with directors increasingly busy and remote working a growing reality, the temptation might be there to experiment with remote meetings. However Panagakis recommends not taking face-to-face meetings off the agenda just yet.

“A virtual meeting is never going to have the same sense of spontaneity that a face-to-face meeting can have,” Panagakis says. “We have heard from directors plenty of times that some of the best decisions or conversations happen in the hallway outside, or going off the track and bouncing ideas around the room. The virtual meeting is a nice idea and might become necessary at times in the future, but I do not want to advocate that a virtual meeting may become default.”

But is it possible that something as disruptive as the iPad might come along over the next 12 months and redefine the way boards are organised and conduct their business? It is possible, yet unlikely, says Panagakis. “A lot of the technological innovation has been driven on the top of technology innovation from hardware manufacturers. At the moment innovation is focusing on wearable devices and smart connected homes. I do not think there is anything significant that is going to change boardrooms in the next 12 months; paperless meetings have been a large step forward. ”

TECHNOLOGY ADOPTION IN THE BOARDROOM

Mary De Frenchi, VP of sales and account management at BoardVantage explains how to maximise the use of tablets in board meetings.

Online-offline syncing: Directors carry their iPads everywhere they go and rely on them for access to board materials. Usually, they expect ready access to those materials even if they are out of wi-fi range. A main requirement is technology that seamlessly syncs content between online and offline so any notes made while offline are instantly available when back in range. Also, to ensure directors have the latest information, the system lets the company secretary push new materials directly to the briefcase.

Protect against discoverability: The iPad is a ground breaking mobile device, but there is tension between mobility and the risk of discoverability. Having the board book on an iPad creates a potential legal exposure because directors may forget to purge this material. The way to remove this risk is with a system that centralises control with the company secretary so that downloaded content, and directors’ notes, can be purged remotely. This is akin to the old practice of the company secretary collecting and shredding paper material after the meeting.

Map the paper process: Board communication is characterised by varying levels of access to sections of the board book. For example, what members of the audit committee see is often different to what members of the governance committee see, or outside counsel may be added for a single meeting and then their access rights revoked. In other words, a big part of board communication is about who sees what and when they see it. Today, that control exists with paper. It may be onerous, expensive and slow, but it works. It is critical then that the portal has an equivalent ability to differentiate access between various users. In the portal this comes in the form of a control matrix and content segregation.

An experience that is better than paper: When you change a long-standing process, you have to offer people an incentive. What you give them has to be better than what they have today. That means the experience for your directors has to be more engaging and satisfying than what exists with paper. This requires an application that takes maximum advantage of the rich graphics and animation of the iPad to improve directors’ entire boardroom experience.

Embrace two-way communication: For years, the board portal was a one-way communication tool. The company secretary distributed materials and directors retrieved it online and rarely communicated back. Now portals are shifting to two-way interactive capabilities that can improve decision-making by providing greater efficiency but also allowing directors to focus on the substantive issues rather than minutiae.

FOREWARNED IS FOREARMED

While hacked nude photos of celebrities and credit card breaches have been grabbing the headlines lately, the high degree of sensitive corporate information that is being compromised on a daily basis goes largely unreported. This is true of board papers as much as it is of executive documents, deal negotiations and unauthorised access to internal email messages.

Initially only available to law enforcement and select forensic organisations, tools like the one used to access the celebrity photos are now in the hands of far more nefarious parties.

As the US Attorney General referenced in a February 2013 White House briefing, there are only two categories of companies affected by trade secret theft: “those that know they have been compromised and those that do not know yet”. And if you think the attackers have not become even better at penetrating corporate secrets in the last 18 months, or that this is not happening in Australia, then you had better think again.

While these threats continue to increase in number and become far more sophisticated, current defences against them remain relatively ineffective, in large measure because too many executives still do not understand the extent and seriousness of these threats.

The enterprise level security challenge is not really the lone hacker but that of highly sophisticated industrial espionage. By way of example, the partners of a small law firm in Washington DC, having found they were victims of an attack, could not understand why the Chinese government could be interested in their documents — until asked if they had a client doing business with a company in China.

There is also a growing occurrence of deliberately targeted and stolen mobile devices — knowing that they belong to a senior executive and will most likely contain sensitive material — therefore any determined attack is more than likely to produce rich results. In addition, there is the ever-present risk of internal exposure through access to a tablet left on a desk.

Even with “good” security enabled, there remain a number of vulnerabilities that are rarely addressed. For example, there is much reliance on an assistant or someone from IT initiating a remote “wipe” of documents on a mobile device, but this offers absolutely no protection when the first thing a knowledgeable thief will do is turn off mobile connectivity.

And with readily available tools, the encryption key — which is stored on the device — can be easily retrieved and then all the documents can be decrypted and transferred for review.  Relying on encryption without safeguarding the key is like buying the best available lock for your front door and then leaving the key under the mat.

Mobile security is about covering all bases and to do that you have to address all the vulnerabilities – and that includes human nature.

Richard Cousins FAICD, chairman, CommandHub