The QTE Competency Model

Boardroom Qualified Technology Experts.

© DDN LLC

www.digitaldirectors.network

1

A Boardroom Competency Model For

Director Qualified Technology Experts

(QTE’s)

Bob Zukis, DDN.QTE

Digital Directors Network

Founder and CEO

© DDN LLC

www.digitaldirectors.network

2

Digital Directors Network is the leader in developing the practice and

profession of AI, digital, and cybersecurity oversight in boardrooms

around the world. Through our market-leading Boardroom Certified

Qualified Technology Expert (QTE) masterclass, more than 700

information systems leaders have strengthened their effectiveness and

ability to lead with, or in the boardroom as recognized Qualified

Technology Experts (QTEs).

Copyright © 2026 DDN Press, DDN LLC

A Boardroom Competency Model for Director Qualified Technology Experts (QTEs)

This white paper may be downloaded, shared, and distributed in its complete and

unaltered form for personal, educational, and other non-commercial purposes, provided

that full attribution is given to Bob Zukis/Digital Directors Network and all copyright and

proprietary notices are retained. No part of this publication may be modified, adapted,

republished, sold, licensed, or used for commercial purposes without prior written

permission. Brief quotations used for commentary, criticism, review, or other uses

permitted by applicable copyright law are allowed with proper attribution.

www.digitaldirectors.network

The author makes no representations or warranties with respect to the accuracy or

completeness of the contents of this work and specifically disclaims all warranties,

including, without limitation, warranties of fitness for a particular purpose. Under no

circumstances shall any of the information provided herein be construed as legal advice of

any kind.

Requests for permission or print bulk discounts should be directed to

info@digitaldirectors.network

Suggested reference: Zukis, Bob. A Boardroom Competency Model for Director Qualified

Technology Experts (QTEs). Manhattan Beach, CA: DDN Press, 2026.

© DDN LLC

www.digitaldirectors.network

3

As AI, digital, and cybersecurity systems become foundational to

enterprise value creation and risk, boards face expanding expectations

and increasing challenges in fulfilling their responsibilities to provide

effective oversight of these complex systems. This paper introduces a

standardized boardroom competency model to identify corporate

directors as Qualified Technology Experts (QTEs), helping boards

recognize, develop, and add director technology expertise to the

boardroom to build high-performing systems of governance over these

technologies and their risks.

Executive search and leadership advisory firm Russell Reynolds Associates recently

published its paper, titled The New Qualified Technology Executive: Redefining Board-Level

Technology Expertise in 2026.1

DDN’s competency model for Qualified Technology Experts (QTEs) gives Corporate Board

Chairs and Nominating and Corporate Governance Committee Chairs a practical way to

assess current director capabilities as Qualified Technology Experts, recruit against gaps,

and make useful disclosure of these critical director competencies. Standardizing the

competencies that qualify a corporate director as a QTE also provides investors with clear

information on the board’s ability to effectively oversee information technology-enabled

value creation and risk.

The Compelling Case for Qualified Technology Experts (QTEs) in the Boardroom

When a board has a critical mass of corporate directors with AI, digital, and cybersecurity

expertise, significant business value is created.

MIT research found that companies with corporate boards that have a critical mass of

corporate directors with expertise in AI, digital, and cybersecurity systems realize

significant business value benefits. The benefits identified by MIT include 38% higher

revenue growth, 34% higher market capitalization growth, 34% higher return on assets,

17% higher profit margins, and returns on equity 10.9 percentage points above industry

averages2,3.

MIT identified these benefits when the board was observed to have at least three directors

who have an understanding, tested by experience, of how digital technologies such as AI,

1 Tristan Jervis, Sean Roberts, David Finke, and Ravenna Stafford, The New Qualified Technology Executive:

Redefining Board-Level Technology Expertise in 2026 (Russell Reynolds Associates, 2025).

2 Peter Weill, Stephanie L. Woerner, Tom Apel, and Jennifer S. Banner, “Companies with a Digitally Savvy Board

Perform Better,” MIT CISR Research Briefing 19, no. 1 (January 2019).

3 Peter Weill, Stephanie L. Woerner, Jennifer S. Banner, and James Moore, “Digitally Savvy Boards: AI

Update,” MIT CISR Research Briefing 25, no. 3 (March 2025).

© DDN LLC

www.digitaldirectors.network

4

social, mobile, analytics, cloud, and the internet of things impact the company. This finding

reflects the need for the board to have directors with a broad set of relevant competencies

that span the wide range of issues needed to understand the risks that exist throughout

the use of complex AI, digital and cybersecurity systems.

Parallel field research from Virginia Tech identified that director cybersecurity expertise

also reduces real levels of cyber risk. Researchers at Virginia Tech concluded that corporate

directors with deep competencies in cybersecurity strengthen the boardroom as a

leadership control in cybersecurity, arriving at these conclusions:

...the overall consensus was that [cybersecurity] expertise enables directors

to provide proactive, value-added oversight of cybersecurity risk that

wouldn’t be possible without it.

We find that although nonexpert directors may genuinely seek to provide

diligent [cybersecurity] oversight, without [cybersecurity] expertise their

efforts lack substance and therefore are mostly symbolic, even when they

perform the same oversight activities as expert directors.

Lack of [cybersecurity] expertise leads to superficial, check-the-box oversight.

For example, board members may simply not give adequate attention to

cybersecurity, since directors naturally focus on things they know best. They

may ask the CISO naive or off-the-shelf questions that don’t cut to the heart

of the company’s cybersecurity risks.4,5

This evidence draws a sharp line between director literacy and expertise. Director expertise

creates business value as it enables thoughtful judgment, critical thinking, and the

appropriate assessment of management’s strategic and operational decisions and controls

and whether they are fit for purpose. Literacy on an issue enables informed participation in

board discussions.

Literacy is not a substitute for expertise when oversight of unique, complex and material

risk is required as it is with AI, digital and cybersecurity systems.

The growing body of evidence makes clear that board effectiveness is materially

strengthened by the presence of director Qualified Technology Experts (QTEs). Director

technology expertise, gained through substantial applied knowledge, enables the Board to

function as a meaningful boardroom leadership and governance control to oversee how

these technologies successfully and securely create business value.

4 Michelle Lowry, Marshall Vance, and Anthony Vance, letter to Vanessa Countryman, September 8, 2022,

regarding “S7-09-22 Cybersecurity Risk Management, Strategy, Governance (RSG), and Incident Disclosure.”

5 Lowry, Michelle R., Anthony Vance, and Marshall D. Vance. 2025. “Inexpert Supervision: Field Evidence on

Boards’ Oversight of Cybersecurity.” Management Science. Published online May 23, 2025.

https://doi.org/10.1287/mnsc.2023.04147

© DDN LLC

www.digitaldirectors.network

5

A standardized competency model for director Qualified Technology Experts (QTEs) gives

corporate boards a clear, defensible mechanism to identify, develop, and sustain that

expertise.

General vs. Specific Corporate Director Competencies

Every corporate director needs the general competencies required to fulfill the

responsibilities of directorship. Boards also need directors who bring certain specific

competencies to bear to effectively oversee the wide range of issues facing the

organization, now and into the future.

These general and specific director competencies are established by accepted practice and

board self-determination. Ensuring that this mix is sufficient to effectively oversee the

organization is the primary responsibility of the board’s Nominating and Corporate

Governance Committee Chair.

Under U.S. SEC disclosure rules, companies have a basic requirement to disclose director

experience. This takes the form of individual summary descriptions that are usually

accompanied by a director skills matrix included in the firm’s proxy. The list of director

experiences and the specific competencies included in the matrix are self-determined by

the issuer, with one exception.

There is no universal standard for general director competencies, but these core aptitudes

are generally widely accepted. Each corporate director should be expected to possess most

if not all of these baseline, general competencies.

General Director Competency

Competency Definition

Business Judgement

Ability to make or approve sound decisions in the best interests of the

company.

Critical Thinking

Can evaluate information rigorously and has the capability to test

assumptions.

Independence of Mind and

Ability to Work Collegially

Applies objective judgment and constructive skepticism while working

effectively with others.

Integrity and Good Faith

Acts ethically, honestly, and in the company’s best interests.

Due Care and Diligence

Prepares thoroughly, stays current and informed, exercises attentive and

responsible oversight.

Governance Literacy

Understands corporate governance, board roles, duties, and oversight

responsibilities.

Beyond these general director competencies, individual directors bring specific

competencies and expertise shaped by their unique backgrounds and experience. These

specific director competencies are typically what is disclosed in the director’s skills matrix.

© DDN LLC

www.digitaldirectors.network

6

Unlike general director competencies, specific director competencies are highly contextual

to the individual and each board. Corporate governance standards usually set principles-

based expectations for corporate directors to have the relevant competencies needed to

effectively oversee the organization, but the detailed nature of these specific director

competencies is usually left to board self-determination.

However, in one particular competency domain, specific director expertise has been forced

into place in the U.S. and become a standard for almost all corporate boards—director

financial expertise.

The Precedent For Specific Director Competencies: Financial Expertise

The Sarbanes-Oxley Act of 2002 (SOX) forced all public company boards in the U.S. to add

director financial expertise to the boardroom. While SOX did not require every board to

add a director financial expert to the board, it required boards to identify if they had an

“audit committee financial expert” on the board or explain why not.

This approach to transparency and accountability worked. Rather than attempting to

defend the lack of director financial expertise in the boardroom and create potential

liabilities because of its absence, boards rapidly added director financial expertise to the

boardroom.

Every U.S. public company boards now has, and discloses, at least one director financial

expert on the board. And this specific boardroom competency has become a standard and

sometimes regulated presence around the world on both private and public company

boards.

SOX also drew a useful distinction between director literacy and expertise. All audit

committee members now had to be financially literate, but only one needed to qualify as

an audit committee financial expert.

The SEC’s SOX disclosure rule made director financial expertise a board level competency

requirement, but not a specific expert competency requirement for every director.

Nominating and Corporate Governance Committee Chairs should manage specific director

competencies and their levels of literacy or expertise as a portfolio. This portfolio of

director competencies needs to be broad enough to effectively oversee the organization’s

entire risk profile, and deep enough to be an effective leadership control where risk is most

pervasive, material or required by regulation to be governed by director expertise.

Standards bodies are becoming more explicit about the need for more depth of specific

director expertise in AI, digital and cybersecurity systems. For example, The Philippines

Stock Exchange has proposed guidance on cyber resilience, “That [the Board] collectively

© DDN LLC

www.digitaldirectors.network

7

possesses the appropriate balance of skills, knowledge and experience to understand and

assess the cyber risks.”6

The European Central Bank (ECB) has gone further. For the banks it supervises, the ECB

expects corporate directors with digital and cybersecurity expertise, stating several clear

objectives.

...when assessing the collective suitability of the members of the

management body [board], their knowledge, skills and experience relating to

ICT and security risks should be considered. To this end, the management

body should have at least one non-executive member with relevant and

recent knowledge of, and expertise in, ICT and security risks (experience has

shown that five years of relevant practical experience is an adequate

threshold to ensure good management and decision making at board level).

The ECB also expects broader board ICT and security literacy amongst all directors.

Finally, as a good practice all members of the management body should

undertake regular training (at least once a year) to ensure that individual

members possess sufficiently up-to-date knowledge and skills to allow them

to understand and assess a bank’s business and its main ICT and security

risks.7

The Reserve Bank of India has also imposed specific director technology expertise

requirements that came into effect in 2024 for Regulated Entities in the financial sector. In

addition to requiring the establishment of a board level IT Strategy Committee (ITSC), this

three-person Committee must have an independent Chair who is a technology expert and

each committee member must also be technically competent. The Chair should “...have

substantial IT expertise in managing/guiding information technology initiatives.”

They define substantial IT expertise as:

...meaning the person has a minimum of seven years of experience in

managing information systems and/or leading/guiding technology/

cybersecurity initiatives/projects. Such a member should also understand the

business processes at a broader level and the impact of IT on such

processes.

6 Philippine Stock Exchange, Inc., “SEC’s Proposed Guidance for Regulated Entities on Establishing and

Maintaining a Cyber Resilience Framework,” Memorandum CN No. 2024-0014, February 27, 2024

7 European Central Bank, “New Policy for More Bank Board Expertise on ICT and Security Risks,” Supervision

Newsletter, February 21, 2024.

© DDN LLC

www.digitaldirectors.network

8

“Technical competence,” the Indian standard for all ITSC committee members, is defined as

“the ability to understand and evaluate information systems and associated IT/cyber risks.”8

These regulators all make the same point. Literacy is useful for directors, but it is not a

substitute for expertise on the board and the ability to effectively oversee these complex

technology domains.

As companies become more dependent upon AI and digital systems for economic growth

and output and as the risks surrounding these technologies expand and evolve, it is

becoming a leading practice for boards to have one or more directors who are considered

Qualified Technology Experts to effectively oversee these complex domains, whether self-

regulated or increasingly forced by government regulation.

While literacy in AI, digital or cybersecurity is also a common and good practice for all

directors, corporate directors who are Qualified Technology Experts will ultimately

determine the board’s effectiveness as a leadership control capable of successfully and

securely overseeing business value creation with these technologies.

A Boardroom Competency Model for Director Qualified Technology Experts

What qualifies a director as a QTE?

DDN defines a Qualified Technology Expert as a corporate director or director candidate

who possesses the general competencies expected of any director, together with the

specific competencies and applied knowledge developed through relevant education and

experience needed to understand how complex AI and digital systems create and amplify

risk, how cybersecurity systems mitigate and manage that risk, and how these systems

should be governed to create and protect business value.

The term Qualified Technology Expert, or QTE, is derived from language used when

implementing the Sarbanes-Oxley Act of 2002 (SOX) and the requirement for an audit

committee financial expert. With SOX, the SEC recognized that director financial expertise is

a critical boardroom control needed to reassure investors by strengthening the ability and

accountability of the board in their oversight of financial reporting risk in response to the

financial reporting frauds of the time.

Use of the term “qualified” refers to the skills and capabilities that would fulfill the SEC

definition of an expert capable of performing this oversight function; creating the

commonly used short-hand label of “qualified financial expert.”

The SEC’s final rules for the Sarbanes-Oxley Act defined an audit committee financial

expert, or qualified financial expert, as an individual who possesses all five of the following

competencies:

8 Reserve Bank of India, “Master Direction on Information Technology Governance, Risk, Controls and

Assurance Practices,” November 7, 2023,

https://www.rbi.org.in/scripts/BS_ViewMasDirections.aspx?id=12562#5

© DDN LLC

www.digitaldirectors.network

9

• An understanding of GAAP and financial statements;

• The ability to assess the application of such principles in the context of

accounting for estimates, accruals and reserves;

• Direct or supervisory experience preparing, analyzing, evaluating, or auditing

comparable complex financial statements;

• An understanding of internal controls and procedures for financial reporting;

• An understanding of audit committee functions.9

The SEC’s framework for expertise requires both domain knowledge and significant applied

experience. To qualify, the identified competencies need to present in one director for the

individual to be considered an “audit committee financial expert” under SEC rules.

The SEC also explained how “audit committee financial expertise” could be acquired

through one, or more, of the following means:

• education and experience as a principal financial officer, principal accounting

officer, controller, public accountant or auditor or experience in one or more

positions that involve the performance of similar functions;

• experience actively supervising a principal financial officer, principal

accounting officer, controller, public accountant, auditor or person

performing similar functions;

• experience overseeing or assessing the performance of companies or public

accountants with respect to the preparation, auditing or evaluation of

financial statements; or

• other relevant experience.

A director who merely takes a course in accounting or finance would not qualify as a

financial expert under this model. Additionally, mere hierarchical oversight would not be

enough to qualify as a financial expert as meaningful participation in relevant accounting

and financial issues and systems is needed. The SEC explicitly addressed this by writing:

A principal executive officer should not be presumed to qualify [as an audit

committee financial expert]. A principal executive officer with considerable

operations involvement, but little financial or accounting involvement, likely

would not be exercising the necessary active supervision. Active participation

in, and contribution to, the process, albeit at a supervisory level, of

addressing financial and accounting issues that demonstrates a general

expertise in the area would be necessary.10

9 Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, § 407, 116 Stat. 745, 789–90 (2002).

10 Securities and Exchange Commission, Disclosure Required by Sections 406 and 407 of the Sarbanes-Oxley Act

of 2002, 68 Fed. Reg. 5110, 5115 (Jan. 31, 2003)

© DDN LLC

www.digitaldirectors.network

10

Applying this model to a Qualified Technology Expert, a director QTE would be expected to

possess significant functional applied experience related to complex AI, digital or

cybersecurity systems in order to be qualified.

The SEC even reflected this experience-based standard in their proposed cybersecurity

disclosure rules of 2022 when they proposed director cybersecurity expertise disclosure

based on the following non-exclusive criteria:

• Whether the director has prior work experience in cybersecurity, including,

for example, prior experience as an information security officer, security

policy analyst, security auditor, security architect or engineer, security

operations or incident response manager, or business continuity planner;

• Whether the director has obtained a certification or degree in cybersecurity;

and

• Whether the director has knowledge, skills, or other background in

cybersecurity, including, for example, in the areas of security policy and

governance, risk management, security assessment, control evaluation,

security architecture and engineering, security operations, incident handling,

or business continuity planning.11

Although the SEC dropped this proposed director cybersecurity expertise disclosure

requirement from the final rules, leading boards continue to recruit and add Qualified

Technology Experts with deep cybersecurity competencies to the boardroom.

In addition, the SEC has been clear that industry affiliation or general experience is not

enough to qualify as an expert. A CFO of a SaaS company would not necessarily qualify as a

QTE just by working in the industry although he or she could, based upon the individual’s

particular applied knowledge and experience

Likewise, a course on AI, digital or cybersecurity issues may improve director literacy, but

by itself it would not be sufficient to establish expertise. Relevant applied knowledge is

the key pre-requisite and standard for director expertise in any domain.

Regulators emphasize the distinction and importance of directors with substantive applied

knowledge, i.e., expertise, while also encouraging broad based director literacy on issues as

a standard approach to board effectiveness.

This delineated approach between expertise and literacy makes sense as the goal should

be to strengthen the board as a control within the AI, digital and cybersecurity systems

enabling the modern business with directors who can not only ask the right questions, but

who can understand and assess the quality of management’s answers only happens with

director expertise.

11 Securities and Exchange Commission, Cybersecurity Risk Management, Strategy, Governance, and Incident

Disclosure, 87 Fed. Reg. 16,590, 16,602 (proposed Mar. 23, 2022).

© DDN LLC

www.digitaldirectors.network

11

The Qualified Technology Expert (QTE) Competency Model for Directors

As technology becomes the primary driver of both enterprise growth and enterprise risk,

boards need a more rigorous standard for deciding whether a corporate director is truly

capable and qualified to oversee AI, digital, and cybersecurity systems.

The shorthand of calling a board “tech- or digitally-savvy” is not sufficient to inform

investors and other stakeholders of the board’s ability to effectively oversee these complex

issues. Boards need clearer standards to identify and assess director competencies to

avoid risk and liability that can come from overstating or misunderstanding director

capabilities in these areas.

In the cybersecurity related SolarWinds shareholder derivative class action lawsuit,12

Delaware Court of Chancery Vice Chancellor Sam Glasscock III articulated the foundational

requirement for director competency models with the statement “...evaluation of business

risk, [is] the quintessential board function.”

Effective information systems oversight requires more than general business judgement. It

requires directors with the technology expertise to understand how AI, digital and

cybersecurity systems function to enable business value, along with their risks.

Expertise in financial reporting risk, does not transfer to understanding risk in complex

digital systems. Effective director oversight requires comprehensive knowledge of

information systems informed by experience so that directors can identify and determine

what is material, challenge management intelligently, and independently judge whether

controls and reporting are fit for purpose in the specific technology system at issue.

The Qualified Technology Expert (QTE) competency model is rooted in applied knowledge

authenticated through experience, for how AI, digital and cybersecurity systems are

implemented and maintained to create business value, along with the risks they embody

and create.

A broad collection of competencies across distinct yet highly interrelated knowledge

domains create and protect modern information systems. A data scientist has different

competencies than a cybersecurity expert, however both could be Qualified Technology

Experts (QTE). CIOs and CISOs have some overlapping and unique competencies specific to

each role, they both can be QTEs.

DDN’s DiRECTOR™ framework is useful as a QTE competency model because it treats

modern digital systems as complex interconnected systems with a focus on systemic risk

and the discrete risk domains inherent within these information systems.

12 Construction Industry Laborers Pension Fund v. Bingle, C.A. No. 2021-0940-SG (Del. Ch. Sept. 6, 2022) (Glasscock,

V.C.) (memorandum opinion).

© DDN LLC

www.digitaldirectors.network

12

DiRECTOR is a leading practice derived systemic risk identification framework that helps

corporate boards and information systems leaders understand, identify and assess

systemic risks throughout these complex systems.

Long tenured IT executives can possess deep and broad competencies in many of these

interrelated risk domains. The QTE competency model is structured to identify expertise

and literacy in each of the core risk domains that comprise complex digital systems. This

aligns the model to the reality of the breadth of the roles and competencies that exist

throughout the IT industries. This also ensures that the pool of director candidates who can

qualify as QTEs is sufficiently large enough to ensure that there are enough potential

director QTEs to meet the need for private and public directorship.

The QTE competency model reflects a systems model focused on the key systemic risk

domains reflected in the discrete yet interrelated knowledge domains of AI and digital

business systems. Boards should refer to these domains to assess director literacy and

expertise with a goal to identify the board’s collective ability to understand risk throughout

these systems.

Any director who has specific expertise, authenticated through experience, in one or more

domains of a complex digital system, would be identifiable as a Qualified Technology

Expert (QTE) under the QTE competency model.

Specific QTE Director Competency

QTE Director Competency Definition

Data Management

Understands how data supports strategy, oversight, and risk

management including analytics, quality and data lifecycle issues.

Information Architecture

Understands how systems, applications, and information flows are

structured across the enterprise and external ecosystem.

Risk Communications

Can translate digital and technical risks into business value and

governance terms, understands risk communications from

implementation to board reporting and disclosure.

Emerging Technology

Understands the opportunities and risks created by new technologies,

including AI models and systems, and how they can enable and enrich

the organization’s value proposition strategically and operationally.

Cybersecurity

Understands the active and inherent threat environment, trends,

security operations and tools required to build and maintain

operational resilience, incident readiness and response.

Third-Party Risk

Understands inherent and active systemic risks created by vendors,

partners, and external dependencies throughout the system.

IT Operations

Understands the processes, skills, management, and effectiveness of

core technology operations to build, integrate and maintain high

performing secure and resilient systems.

Regulations

Understands the regulatory environment affecting AI, digital and

cybersecurity systems.

© DDN LLC

www.digitaldirectors.network

13

What Nominating and Corporate Governance Committee Chairs Should Do Next

Chairs should use these QTE domains to assess director literacy, director expertise and

identify where neither is present.

The objective is to identify the collective competency of the board to effectively oversee risk

throughout the interdependent domains of complex digital systems as step 1 in building a

reasonable system of oversight on the board. Recommended actions include:

Have each director self-assess their individual technology literacy and expertise in

each domain using the QTE competency list above, supported by clear criteria to

distinguish literacy from expertise.

Validate self-assessments through the Nominating and Corporate Governance

Committee with internal or third-party expertise as needed.

Develop a director curriculum to address literacy gaps through full-board training

with annual refreshers across all domains.

Where expert gaps exist, assess their materiality based on the organization’s digital

dependency and risk profile.

Recruit or succession-plan for Qualified Technology Expert (QTE) directors to be

added to the board to address critical expert gaps.

Make disclosure of individual directors who are Qualified Technology Experts (QTEs)

and describe the boards approach to ensuring its director effectiveness at

overseeing AI, digital, and cybersecurity systems.

Disclosure Statement: Director Qualifications

The following draft disclosure is for information purposes only. All regulatory disclosures

should be reviewed by legal counsel.

The Board recognizes that AI, digital, and cybersecurity systems are

increasingly integral to the Company’s strategy, operations, and risk profile.

Accordingly, the Board, through the Nominating and Corporate Governance

Committee, has adopted the DiRECTOR framework to assess and maintain

appropriate director literacy and expertise across key domains of complex AI

and digital business systems. This framework informs the annual director

education program, board composition, and succession planning and is

designed to develop directors with adaptive, effective and relevant oversight

competencies required of information technology-enabled value creation

and risk. The Board periodically reviews these competencies and considers

the results in connection with its governance practices to ensure that the

Board maintains the collective capabilities necessary to fulfill its oversight

responsibilities.

© DDN LLC

www.digitaldirectors.network

14

Addition To The Director Skills Matrix Proxy Disclosure

We recommend that each skill disclosed in the proxy skills matrix identify the

director’s competency level in that skill. This leading practice is already required for

director financial expertise in the U.S. and provides useful investor information to

communicate relative director competency depth in each area disclosed. Victoria’s

Secret (NYSE: VSCO) takes this approach.

Director Competency/Level

Director 1

Director 2

Director 3

Director 4

AI, Digital, and Cybersecurity Systems:

Experience with one or more domains of a

complex digital business system including their

risks and how they function to create business

value.

E

L

L

E

E – Expertise acquired through at least 5 years of applied knowledge and experience in one or more domains of

relevant complex AI, digital, or cybersecurity business systems.

L – Basic knowledge and understanding of the risks related to complex AI and digital systems.

An Internal QTE Skills Matrix For Director Assessment

D1 Name

D2 Name

QTE Director Competency/Level

E

L

E

L

Data Management

Information Architecture

Risk Communications

Emerging Technology

Cybersecurity

Third-Party Risk

IT Operations

Regulations

E – Expertise acquired through at least 5 years of applied knowledge and experience in one or more domains of

relevant complex AI, digital, or cybersecurity business systems.

L – Basic knowledge and understanding of the risks related to complex AI and digital systems.

© DDN LLC

www.digitaldirectors.network

15

Conclusion

Overall boardroom effectiveness will increasingly be determined by the depth of expertise

that directors possess to understand the far-reaching business ramifications of these

technologies, not just in governing these technologies but in governing the entire

organization given the pervasive nature of these tools.

Given the significant economic and competitive implications at stake, investors and other

stakeholders will increasingly hold boards to higher standards of accountability and

performance for their ability to effectively oversee these risks.

Leading corporate boards are already holding themselves to a higher standard of

performance by addressing their need for director Qualified Technology Experts (QTEs).

For more information contact:

info@digitaldirectors.network