Faculty of law blogs / UNIVERSITY OF OXFORD

Corporate Governance and Technological Risks


Time to read

2 Minutes

Technology has become so critical to organizational performance that it is now a major boardroom issue, even for firms whose products are not themselves ‘tech’. Technology of ever-increasing sophistication and connectivity is used in production processes, supply chains, and to coordinate the work of employees. At the same time, data has become an ever-more-important asset class, creating both the potential to create value and – if security is mishandled – a potentially existential reputational risk. This project is concerned with exploring the implications for corporate governance practices of the ways in which smart technology is changing how firms operate.

Four such changes are as follows. First, ‘tech assets’ have an opaque character. This may be because products or processes are kept secret by the firm for competitive reasons, or because they rely on compiled code that cannot readily be reverse engineered. Asset opacity is a well-known phenomenon in the financial sector because financial assets are hard to observe compared to physical assets, generating opportunities for fraud and cheating. The growth in value residing in tech assets, or tech components of physical assets, will likewise make valuations harder to achieve and may create possibilities for fraud and cheating (for example, the ‘defeat’ code programmed into VW diesel cars to put them on ‘best behaviour’ for emissions tests), or simply of unintended social harms (think here of the algorithms driving the delivery of internet advertising via ‘news’ postings on social media platforms) across a far wider range of firms. To what extent should higher standards of scrutiny be applied to code-intensive sectors or processes? Can these be mixed and matched within a firm that pursues multiple lines of business? 

Second data assets’ can create existential risks for firms. Data misuse, or breaches, can be destructive of corporate reputations, as many firms including Yahoo have experienced. What are the determinants of the consequences of data breaches for corporate reputation? What policies should firms employ regarding data assets to guard against such breaches? 

Third, structural choices in technological systems have a constitutive effect on organisations. Performance monitoring and augmented decision-making systems embed and encode ways of doing things in a fashion over which human participants have little control. What is the extent of the scope for this? How should organisations go about assessing such choices, both in an ideal environment and in a practical decision-making context?

Fourth, automated systems have the capacity to reduce the sum of human agency within an organisation. By reducing the number, and monitoring more closely the actions, of human agents, automation increases productive efficiency as defined in terms of organisational goals. At the same time, it increases the importance of the definition of those goals, and the specification of systems of data capture from human agents. In short, management decisions will have greater leverage, and so will matter more to organizational outcomes. These factors will in turn will have a number of important impacts on how we think of corporate governance.

Corporate governance is commonly understood as the range of mechanisms employed to ensure that those managing the firm do so in a way that reflects the (long term) interests of its shareholders It is conventionally thought that high-powered financial incentives to maximize the stock price will deliver such outcomes. However, such incentives have a well-known potential to corrode ethical considerations. The concern with the depletion of the ethical component of human capital within the organisation is that the checks on cheating are further reduced: opaque assets, more-perfect execution of management goals and absence of whistleblowers makes for a wider set of feasible ‘cheats’. Combine this with strong incentive pay that tracks the stock price and the implications are (a) that managers in firms that are technologically-adapted are likely to face greater temptations to cheat; and (b) the persons cheated are unlikely to be the shareholders. This project’s objective will be to explore ways in which the mechanisms of corporate governance should respond to these new challenges.