© DDN LLC
www.digitaldirectors.network
1
A Boardroom Competency Model For
Director Qualified Technology Experts
(QTE’s)
Bob Zukis, DDN.QTE
Digital Directors Network
Founder and CEO
© DDN LLC
www.digitaldirectors.network
2
Digital Directors Network is the leader in developing the practice and
profession of AI, digital, and cybersecurity oversight in boardrooms
around the world. Through our market-leading Boardroom Certified
Qualified Technology Expert (QTE) masterclass, more than 700
information systems leaders have strengthened their effectiveness and
ability to lead with, or in the boardroom as recognized Qualified
Technology Experts (QTEs).
Copyright © 2026 DDN Press, DDN LLC
A Boardroom Competency Model for Director Qualified Technology Experts (QTEs)
This white paper may be downloaded, shared, and distributed in its complete and
unaltered form for personal, educational, and other non-commercial purposes, provided
that full attribution is given to Bob Zukis/Digital Directors Network and all copyright and
proprietary notices are retained. No part of this publication may be modified, adapted,
republished, sold, licensed, or used for commercial purposes without prior written
permission. Brief quotations used for commentary, criticism, review, or other uses
permitted by applicable copyright law are allowed with proper attribution.
www.digitaldirectors.network
The author makes no representations or warranties with respect to the accuracy or
completeness of the contents of this work and specifically disclaims all warranties,
including, without limitation, warranties of fitness for a particular purpose. Under no
circumstances shall any of the information provided herein be construed as legal advice of
any kind.
Requests for permission or print bulk discounts should be directed to
info@digitaldirectors.network
Suggested reference: Zukis, Bob. A Boardroom Competency Model for Director Qualified
Technology Experts (QTEs). Manhattan Beach, CA: DDN Press, 2026.
© DDN LLC
www.digitaldirectors.network
3
As AI, digital, and cybersecurity systems become foundational to
enterprise value creation and risk, boards face expanding expectations
and increasing challenges in fulfilling their responsibilities to provide
effective oversight of these complex systems. This paper introduces a
standardized boardroom competency model to identify corporate
directors as Qualified Technology Experts (QTEs), helping boards
recognize, develop, and add director technology expertise to the
boardroom to build high-performing systems of governance over these
technologies and their risks.
Executive search and leadership advisory firm Russell Reynolds Associates recently
published its paper, titled The New Qualified Technology Executive: Redefining Board-Level
Technology Expertise in 2026.1
DDN’s competency model for Qualified Technology Experts (QTEs) gives Corporate Board
Chairs and Nominating and Corporate Governance Committee Chairs a practical way to
assess current director capabilities as Qualified Technology Experts, recruit against gaps,
and make useful disclosure of these critical director competencies. Standardizing the
competencies that qualify a corporate director as a QTE also provides investors with clear
information on the board’s ability to effectively oversee information technology-enabled
value creation and risk.
The Compelling Case for Qualified Technology Experts (QTEs) in the Boardroom
When a board has a critical mass of corporate directors with AI, digital, and cybersecurity
expertise, significant business value is created.
MIT research found that companies with corporate boards that have a critical mass of
corporate directors with expertise in AI, digital, and cybersecurity systems realize
significant business value benefits. The benefits identified by MIT include 38% higher
revenue growth, 34% higher market capitalization growth, 34% higher return on assets,
17% higher profit margins, and returns on equity 10.9 percentage points above industry
averages2,3.
MIT identified these benefits when the board was observed to have at least three directors
who have an understanding, tested by experience, of how digital technologies such as AI,
1 Tristan Jervis, Sean Roberts, David Finke, and Ravenna Stafford, The New Qualified Technology Executive:
Redefining Board-Level Technology Expertise in 2026 (Russell Reynolds Associates, 2025).
2 Peter Weill, Stephanie L. Woerner, Tom Apel, and Jennifer S. Banner, “Companies with a Digitally Savvy Board
Perform Better,” MIT CISR Research Briefing 19, no. 1 (January 2019).
3 Peter Weill, Stephanie L. Woerner, Jennifer S. Banner, and James Moore, “Digitally Savvy Boards: AI
Update,” MIT CISR Research Briefing 25, no. 3 (March 2025).
© DDN LLC
www.digitaldirectors.network
4
social, mobile, analytics, cloud, and the internet of things impact the company. This finding
reflects the need for the board to have directors with a broad set of relevant competencies
that span the wide range of issues needed to understand the risks that exist throughout
the use of complex AI, digital and cybersecurity systems.
Parallel field research from Virginia Tech identified that director cybersecurity expertise
also reduces real levels of cyber risk. Researchers at Virginia Tech concluded that corporate
directors with deep competencies in cybersecurity strengthen the boardroom as a
leadership control in cybersecurity, arriving at these conclusions:
...the overall consensus was that [cybersecurity] expertise enables directors
to provide proactive, value-added oversight of cybersecurity risk that
wouldn’t be possible without it.
We find that although nonexpert directors may genuinely seek to provide
diligent [cybersecurity] oversight, without [cybersecurity] expertise their
efforts lack substance and therefore are mostly symbolic, even when they
perform the same oversight activities as expert directors.
Lack of [cybersecurity] expertise leads to superficial, check-the-box oversight.
For example, board members may simply not give adequate attention to
cybersecurity, since directors naturally focus on things they know best. They
may ask the CISO naive or off-the-shelf questions that don’t cut to the heart
of the company’s cybersecurity risks.4,5
This evidence draws a sharp line between director literacy and expertise. Director expertise
creates business value as it enables thoughtful judgment, critical thinking, and the
appropriate assessment of management’s strategic and operational decisions and controls
and whether they are fit for purpose. Literacy on an issue enables informed participation in
board discussions.
Literacy is not a substitute for expertise when oversight of unique, complex and material
risk is required as it is with AI, digital and cybersecurity systems.
The growing body of evidence makes clear that board effectiveness is materially
strengthened by the presence of director Qualified Technology Experts (QTEs). Director
technology expertise, gained through substantial applied knowledge, enables the Board to
function as a meaningful boardroom leadership and governance control to oversee how
these technologies successfully and securely create business value.
4 Michelle Lowry, Marshall Vance, and Anthony Vance, letter to Vanessa Countryman, September 8, 2022,
regarding “S7-09-22 Cybersecurity Risk Management, Strategy, Governance (RSG), and Incident Disclosure.”
5 Lowry, Michelle R., Anthony Vance, and Marshall D. Vance. 2025. “Inexpert Supervision: Field Evidence on
Boards’ Oversight of Cybersecurity.” Management Science. Published online May 23, 2025.
https://doi.org/10.1287/mnsc.2023.04147
© DDN LLC
www.digitaldirectors.network
5
A standardized competency model for director Qualified Technology Experts (QTEs) gives
corporate boards a clear, defensible mechanism to identify, develop, and sustain that
expertise.
General vs. Specific Corporate Director Competencies
Every corporate director needs the general competencies required to fulfill the
responsibilities of directorship. Boards also need directors who bring certain specific
competencies to bear to effectively oversee the wide range of issues facing the
organization, now and into the future.
These general and specific director competencies are established by accepted practice and
board self-determination. Ensuring that this mix is sufficient to effectively oversee the
organization is the primary responsibility of the board’s Nominating and Corporate
Governance Committee Chair.
Under U.S. SEC disclosure rules, companies have a basic requirement to disclose director
experience. This takes the form of individual summary descriptions that are usually
accompanied by a director skills matrix included in the firm’s proxy. The list of director
experiences and the specific competencies included in the matrix are self-determined by
the issuer, with one exception.
There is no universal standard for general director competencies, but these core aptitudes
are generally widely accepted. Each corporate director should be expected to possess most
if not all of these baseline, general competencies.
General Director Competency
Competency Definition
Business Judgement
Ability to make or approve sound decisions in the best interests of the
company.
Critical Thinking
Can evaluate information rigorously and has the capability to test
assumptions.
Independence of Mind and
Ability to Work Collegially
Applies objective judgment and constructive skepticism while working
effectively with others.
Integrity and Good Faith
Acts ethically, honestly, and in the company’s best interests.
Due Care and Diligence
Prepares thoroughly, stays current and informed, exercises attentive and
responsible oversight.
Governance Literacy
Understands corporate governance, board roles, duties, and oversight
responsibilities.
Beyond these general director competencies, individual directors bring specific
competencies and expertise shaped by their unique backgrounds and experience. These
specific director competencies are typically what is disclosed in the director’s skills matrix.
© DDN LLC
www.digitaldirectors.network
6
Unlike general director competencies, specific director competencies are highly contextual
to the individual and each board. Corporate governance standards usually set principles-
based expectations for corporate directors to have the relevant competencies needed to
effectively oversee the organization, but the detailed nature of these specific director
competencies is usually left to board self-determination.
However, in one particular competency domain, specific director expertise has been forced
into place in the U.S. and become a standard for almost all corporate boards—director
financial expertise.
The Precedent For Specific Director Competencies: Financial Expertise
The Sarbanes-Oxley Act of 2002 (SOX) forced all public company boards in the U.S. to add
director financial expertise to the boardroom. While SOX did not require every board to
add a director financial expert to the board, it required boards to identify if they had an
“audit committee financial expert” on the board or explain why not.
This approach to transparency and accountability worked. Rather than attempting to
defend the lack of director financial expertise in the boardroom and create potential
liabilities because of its absence, boards rapidly added director financial expertise to the
boardroom.
Every U.S. public company boards now has, and discloses, at least one director financial
expert on the board. And this specific boardroom competency has become a standard and
sometimes regulated presence around the world on both private and public company
boards.
SOX also drew a useful distinction between director literacy and expertise. All audit
committee members now had to be financially literate, but only one needed to qualify as
an audit committee financial expert.
The SEC’s SOX disclosure rule made director financial expertise a board level competency
requirement, but not a specific expert competency requirement for every director.
Nominating and Corporate Governance Committee Chairs should manage specific director
competencies and their levels of literacy or expertise as a portfolio. This portfolio of
director competencies needs to be broad enough to effectively oversee the organization’s
entire risk profile, and deep enough to be an effective leadership control where risk is most
pervasive, material or required by regulation to be governed by director expertise.
Standards bodies are becoming more explicit about the need for more depth of specific
director expertise in AI, digital and cybersecurity systems. For example, The Philippines
Stock Exchange has proposed guidance on cyber resilience, “That [the Board] collectively
© DDN LLC
www.digitaldirectors.network
7
possesses the appropriate balance of skills, knowledge and experience to understand and
assess the cyber risks.”6
The European Central Bank (ECB) has gone further. For the banks it supervises, the ECB
expects corporate directors with digital and cybersecurity expertise, stating several clear
objectives.
...when assessing the collective suitability of the members of the
management body [board], their knowledge, skills and experience relating to
ICT and security risks should be considered. To this end, the management
body should have at least one non-executive member with relevant and
recent knowledge of, and expertise in, ICT and security risks (experience has
shown that five years of relevant practical experience is an adequate
threshold to ensure good management and decision making at board level).
The ECB also expects broader board ICT and security literacy amongst all directors.
Finally, as a good practice all members of the management body should
undertake regular training (at least once a year) to ensure that individual
members possess sufficiently up-to-date knowledge and skills to allow them
to understand and assess a bank’s business and its main ICT and security
risks.7
The Reserve Bank of India has also imposed specific director technology expertise
requirements that came into effect in 2024 for Regulated Entities in the financial sector. In
addition to requiring the establishment of a board level IT Strategy Committee (ITSC), this
three-person Committee must have an independent Chair who is a technology expert and
each committee member must also be technically competent. The Chair should “...have
substantial IT expertise in managing/guiding information technology initiatives.”
They define substantial IT expertise as:
...meaning the person has a minimum of seven years of experience in
managing information systems and/or leading/guiding technology/
cybersecurity initiatives/projects. Such a member should also understand the
business processes at a broader level and the impact of IT on such
processes.
6 Philippine Stock Exchange, Inc., “SEC’s Proposed Guidance for Regulated Entities on Establishing and
Maintaining a Cyber Resilience Framework,” Memorandum CN No. 2024-0014, February 27, 2024
7 European Central Bank, “New Policy for More Bank Board Expertise on ICT and Security Risks,” Supervision
Newsletter, February 21, 2024.
© DDN LLC
www.digitaldirectors.network
8
“Technical competence,” the Indian standard for all ITSC committee members, is defined as
“the ability to understand and evaluate information systems and associated IT/cyber risks.”8
These regulators all make the same point. Literacy is useful for directors, but it is not a
substitute for expertise on the board and the ability to effectively oversee these complex
technology domains.
As companies become more dependent upon AI and digital systems for economic growth
and output and as the risks surrounding these technologies expand and evolve, it is
becoming a leading practice for boards to have one or more directors who are considered
Qualified Technology Experts to effectively oversee these complex domains, whether self-
regulated or increasingly forced by government regulation.
While literacy in AI, digital or cybersecurity is also a common and good practice for all
directors, corporate directors who are Qualified Technology Experts will ultimately
determine the board’s effectiveness as a leadership control capable of successfully and
securely overseeing business value creation with these technologies.
A Boardroom Competency Model for Director Qualified Technology Experts
What qualifies a director as a QTE?
DDN defines a Qualified Technology Expert as a corporate director or director candidate
who possesses the general competencies expected of any director, together with the
specific competencies and applied knowledge developed through relevant education and
experience needed to understand how complex AI and digital systems create and amplify
risk, how cybersecurity systems mitigate and manage that risk, and how these systems
should be governed to create and protect business value.
The term Qualified Technology Expert, or QTE, is derived from language used when
implementing the Sarbanes-Oxley Act of 2002 (SOX) and the requirement for an audit
committee financial expert. With SOX, the SEC recognized that director financial expertise is
a critical boardroom control needed to reassure investors by strengthening the ability and
accountability of the board in their oversight of financial reporting risk in response to the
financial reporting frauds of the time.
Use of the term “qualified” refers to the skills and capabilities that would fulfill the SEC
definition of an expert capable of performing this oversight function; creating the
commonly used short-hand label of “qualified financial expert.”
The SEC’s final rules for the Sarbanes-Oxley Act defined an audit committee financial
expert, or qualified financial expert, as an individual who possesses all five of the following
competencies:
8 Reserve Bank of India, “Master Direction on Information Technology Governance, Risk, Controls and
Assurance Practices,” November 7, 2023,
https://www.rbi.org.in/scripts/BS_ViewMasDirections.aspx?id=12562#5
© DDN LLC
www.digitaldirectors.network
9
• An understanding of GAAP and financial statements;
• The ability to assess the application of such principles in the context of
accounting for estimates, accruals and reserves;
• Direct or supervisory experience preparing, analyzing, evaluating, or auditing
comparable complex financial statements;
• An understanding of internal controls and procedures for financial reporting;
• An understanding of audit committee functions.9
The SEC’s framework for expertise requires both domain knowledge and significant applied
experience. To qualify, the identified competencies need to present in one director for the
individual to be considered an “audit committee financial expert” under SEC rules.
The SEC also explained how “audit committee financial expertise” could be acquired
through one, or more, of the following means:
• education and experience as a principal financial officer, principal accounting
officer, controller, public accountant or auditor or experience in one or more
positions that involve the performance of similar functions;
• experience actively supervising a principal financial officer, principal
accounting officer, controller, public accountant, auditor or person
performing similar functions;
• experience overseeing or assessing the performance of companies or public
accountants with respect to the preparation, auditing or evaluation of
financial statements; or
• other relevant experience.
A director who merely takes a course in accounting or finance would not qualify as a
financial expert under this model. Additionally, mere hierarchical oversight would not be
enough to qualify as a financial expert as meaningful participation in relevant accounting
and financial issues and systems is needed. The SEC explicitly addressed this by writing:
A principal executive officer should not be presumed to qualify [as an audit
committee financial expert]. A principal executive officer with considerable
operations involvement, but little financial or accounting involvement, likely
would not be exercising the necessary active supervision. Active participation
in, and contribution to, the process, albeit at a supervisory level, of
addressing financial and accounting issues that demonstrates a general
expertise in the area would be necessary.10
9 Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, § 407, 116 Stat. 745, 789–90 (2002).
10 Securities and Exchange Commission, Disclosure Required by Sections 406 and 407 of the Sarbanes-Oxley Act
of 2002, 68 Fed. Reg. 5110, 5115 (Jan. 31, 2003)
© DDN LLC
www.digitaldirectors.network
10
Applying this model to a Qualified Technology Expert, a director QTE would be expected to
possess significant functional applied experience related to complex AI, digital or
cybersecurity systems in order to be qualified.
The SEC even reflected this experience-based standard in their proposed cybersecurity
disclosure rules of 2022 when they proposed director cybersecurity expertise disclosure
based on the following non-exclusive criteria:
• Whether the director has prior work experience in cybersecurity, including,
for example, prior experience as an information security officer, security
policy analyst, security auditor, security architect or engineer, security
operations or incident response manager, or business continuity planner;
• Whether the director has obtained a certification or degree in cybersecurity;
and
• Whether the director has knowledge, skills, or other background in
cybersecurity, including, for example, in the areas of security policy and
governance, risk management, security assessment, control evaluation,
security architecture and engineering, security operations, incident handling,
or business continuity planning.11
Although the SEC dropped this proposed director cybersecurity expertise disclosure
requirement from the final rules, leading boards continue to recruit and add Qualified
Technology Experts with deep cybersecurity competencies to the boardroom.
In addition, the SEC has been clear that industry affiliation or general experience is not
enough to qualify as an expert. A CFO of a SaaS company would not necessarily qualify as a
QTE just by working in the industry although he or she could, based upon the individual’s
particular applied knowledge and experience
Likewise, a course on AI, digital or cybersecurity issues may improve director literacy, but
by itself it would not be sufficient to establish expertise. Relevant applied knowledge is
the key pre-requisite and standard for director expertise in any domain.
Regulators emphasize the distinction and importance of directors with substantive applied
knowledge, i.e., expertise, while also encouraging broad based director literacy on issues as
a standard approach to board effectiveness.
This delineated approach between expertise and literacy makes sense as the goal should
be to strengthen the board as a control within the AI, digital and cybersecurity systems
enabling the modern business with directors who can not only ask the right questions, but
who can understand and assess the quality of management’s answers only happens with
director expertise.
11 Securities and Exchange Commission, Cybersecurity Risk Management, Strategy, Governance, and Incident
Disclosure, 87 Fed. Reg. 16,590, 16,602 (proposed Mar. 23, 2022).
© DDN LLC
www.digitaldirectors.network
11
The Qualified Technology Expert (QTE) Competency Model for Directors
As technology becomes the primary driver of both enterprise growth and enterprise risk,
boards need a more rigorous standard for deciding whether a corporate director is truly
capable and qualified to oversee AI, digital, and cybersecurity systems.
The shorthand of calling a board “tech- or digitally-savvy” is not sufficient to inform
investors and other stakeholders of the board’s ability to effectively oversee these complex
issues. Boards need clearer standards to identify and assess director competencies to
avoid risk and liability that can come from overstating or misunderstanding director
capabilities in these areas.
In the cybersecurity related SolarWinds shareholder derivative class action lawsuit,12
Delaware Court of Chancery Vice Chancellor Sam Glasscock III articulated the foundational
requirement for director competency models with the statement “...evaluation of business
risk, [is] the quintessential board function.”
Effective information systems oversight requires more than general business judgement. It
requires directors with the technology expertise to understand how AI, digital and
cybersecurity systems function to enable business value, along with their risks.
Expertise in financial reporting risk, does not transfer to understanding risk in complex
digital systems. Effective director oversight requires comprehensive knowledge of
information systems informed by experience so that directors can identify and determine
what is material, challenge management intelligently, and independently judge whether
controls and reporting are fit for purpose in the specific technology system at issue.
The Qualified Technology Expert (QTE) competency model is rooted in applied knowledge
authenticated through experience, for how AI, digital and cybersecurity systems are
implemented and maintained to create business value, along with the risks they embody
and create.
A broad collection of competencies across distinct yet highly interrelated knowledge
domains create and protect modern information systems. A data scientist has different
competencies than a cybersecurity expert, however both could be Qualified Technology
Experts (QTE). CIOs and CISOs have some overlapping and unique competencies specific to
each role, they both can be QTEs.
DDN’s DiRECTOR™ framework is useful as a QTE competency model because it treats
modern digital systems as complex interconnected systems with a focus on systemic risk
and the discrete risk domains inherent within these information systems.
12 Construction Industry Laborers Pension Fund v. Bingle, C.A. No. 2021-0940-SG (Del. Ch. Sept. 6, 2022) (Glasscock,
V.C.) (memorandum opinion).
© DDN LLC
www.digitaldirectors.network
12
DiRECTOR is a leading practice derived systemic risk identification framework that helps
corporate boards and information systems leaders understand, identify and assess
systemic risks throughout these complex systems.
Long tenured IT executives can possess deep and broad competencies in many of these
interrelated risk domains. The QTE competency model is structured to identify expertise
and literacy in each of the core risk domains that comprise complex digital systems. This
aligns the model to the reality of the breadth of the roles and competencies that exist
throughout the IT industries. This also ensures that the pool of director candidates who can
qualify as QTEs is sufficiently large enough to ensure that there are enough potential
director QTEs to meet the need for private and public directorship.
The QTE competency model reflects a systems model focused on the key systemic risk
domains reflected in the discrete yet interrelated knowledge domains of AI and digital
business systems. Boards should refer to these domains to assess director literacy and
expertise with a goal to identify the board’s collective ability to understand risk throughout
these systems.
Any director who has specific expertise, authenticated through experience, in one or more
domains of a complex digital system, would be identifiable as a Qualified Technology
Expert (QTE) under the QTE competency model.
Specific QTE Director Competency
QTE Director Competency Definition
Data Management
Understands how data supports strategy, oversight, and risk
management including analytics, quality and data lifecycle issues.
Information Architecture
Understands how systems, applications, and information flows are
structured across the enterprise and external ecosystem.
Risk Communications
Can translate digital and technical risks into business value and
governance terms, understands risk communications from
implementation to board reporting and disclosure.
Emerging Technology
Understands the opportunities and risks created by new technologies,
including AI models and systems, and how they can enable and enrich
the organization’s value proposition strategically and operationally.
Cybersecurity
Understands the active and inherent threat environment, trends,
security operations and tools required to build and maintain
operational resilience, incident readiness and response.
Third-Party Risk
Understands inherent and active systemic risks created by vendors,
partners, and external dependencies throughout the system.
IT Operations
Understands the processes, skills, management, and effectiveness of
core technology operations to build, integrate and maintain high
performing secure and resilient systems.
Regulations
Understands the regulatory environment affecting AI, digital and
cybersecurity systems.
© DDN LLC
www.digitaldirectors.network
13
What Nominating and Corporate Governance Committee Chairs Should Do Next
Chairs should use these QTE domains to assess director literacy, director expertise and
identify where neither is present.
The objective is to identify the collective competency of the board to effectively oversee risk
throughout the interdependent domains of complex digital systems as step 1 in building a
reasonable system of oversight on the board. Recommended actions include:
•
Have each director self-assess their individual technology literacy and expertise in
each domain using the QTE competency list above, supported by clear criteria to
distinguish literacy from expertise.
•
Validate self-assessments through the Nominating and Corporate Governance
Committee with internal or third-party expertise as needed.
•
Develop a director curriculum to address literacy gaps through full-board training
with annual refreshers across all domains.
•
Where expert gaps exist, assess their materiality based on the organization’s digital
dependency and risk profile.
•
Recruit or succession-plan for Qualified Technology Expert (QTE) directors to be
added to the board to address critical expert gaps.
•
Make disclosure of individual directors who are Qualified Technology Experts (QTEs)
and describe the boards approach to ensuring its director effectiveness at
overseeing AI, digital, and cybersecurity systems.
Disclosure Statement: Director Qualifications
The following draft disclosure is for information purposes only. All regulatory disclosures
should be reviewed by legal counsel.
The Board recognizes that AI, digital, and cybersecurity systems are
increasingly integral to the Company’s strategy, operations, and risk profile.
Accordingly, the Board, through the Nominating and Corporate Governance
Committee, has adopted the DiRECTOR framework to assess and maintain
appropriate director literacy and expertise across key domains of complex AI
and digital business systems. This framework informs the annual director
education program, board composition, and succession planning and is
designed to develop directors with adaptive, effective and relevant oversight
competencies required of information technology-enabled value creation
and risk. The Board periodically reviews these competencies and considers
the results in connection with its governance practices to ensure that the
Board maintains the collective capabilities necessary to fulfill its oversight
responsibilities.
© DDN LLC
www.digitaldirectors.network
14
Addition To The Director Skills Matrix Proxy Disclosure
We recommend that each skill disclosed in the proxy skills matrix identify the
director’s competency level in that skill. This leading practice is already required for
director financial expertise in the U.S. and provides useful investor information to
communicate relative director competency depth in each area disclosed. Victoria’s
Secret (NYSE: VSCO) takes this approach.
Director Competency/Level
Director 1
Director 2
Director 3
Director 4
AI, Digital, and Cybersecurity Systems:
Experience with one or more domains of a
complex digital business system including their
risks and how they function to create business
value.
E
L
L
E
E – Expertise acquired through at least 5 years of applied knowledge and experience in one or more domains of
relevant complex AI, digital, or cybersecurity business systems.
L – Basic knowledge and understanding of the risks related to complex AI and digital systems.
An Internal QTE Skills Matrix For Director Assessment
D1 Name
D2 Name
QTE Director Competency/Level
E
L
E
L
Data Management
Information Architecture
Risk Communications
Emerging Technology
Cybersecurity
Third-Party Risk
IT Operations
Regulations
E – Expertise acquired through at least 5 years of applied knowledge and experience in one or more domains of
relevant complex AI, digital, or cybersecurity business systems.
L – Basic knowledge and understanding of the risks related to complex AI and digital systems.
© DDN LLC
www.digitaldirectors.network
15
Conclusion
Overall boardroom effectiveness will increasingly be determined by the depth of expertise
that directors possess to understand the far-reaching business ramifications of these
technologies, not just in governing these technologies but in governing the entire
organization given the pervasive nature of these tools.
Given the significant economic and competitive implications at stake, investors and other
stakeholders will increasingly hold boards to higher standards of accountability and
performance for their ability to effectively oversee these risks.
Leading corporate boards are already holding themselves to a higher standard of
performance by addressing their need for director Qualified Technology Experts (QTEs).
For more information contact:
info@digitaldirectors.network