An information technology and innovation committee to guide digital transformations

In corporate governance, more dedicated attention to digital transformations is becoming essential. This research applies design science to design an information technology and innovation (IT&I) committee as an integral part of corporate governance for organisations that are engaging in digital transformations. This research builds on the work of Turel and Bart (2014). In our research, we conclude that the seven Dutch studied organisations, which are engaging in digital transformations, have corporate governance challenges for the board of directors related to these transformations. These challenges include the presence of digital capabilities and experience, as well as having sufficient dedication and focus on digital transformation. In most organizations, the audit committee addresses the risks associated with information technology including digital transformations. However, our research shows that the audit committee by default does not focus on business opportunities of digital transformations. Our research proposes a design for an IT&I committee, which enhances corporate governance, as well as the long-term value creation by means of IT, technology, and innovation. The IT&I committee councils and monitors digital transformations and facilitates decision-making by the board of directors. Overall, the results of our research suggest that installing an IT&I committee improves corporate governance for organisations that are engaging in digital transformations.

In corporate governance, more dedicated attention to digital transformations is becoming essential. This research applies design science to design an information technology and innovation (IT&I) committee as an integral part of corporate governance for organisations that are engaging in digital transformations. This research builds on the work of Turel and Bart (2014). In our research, we conclude that the seven Dutch studied organisations, which are engaging in digital transformations, have corporate governance challenges for the board of directors related to these transformations. These challenges include the presence of digital capabilities and experience, as well as having sufficient dedication and focus on digital transformation. In most organizations, the audit committee addresses the risks associated with information technology including digital transformations. However, our research shows that the audit committee by default does not focus on business opportunities of digital transformations. Our research proposes a design for an IT&I committee, which enhances corporate governance, as well as the long-term value creation by means of IT, technology, and innovation. The IT&I committee councils and monitors digital transformations and facilitates decision-making by the board of directors. Overall, the results of our research suggest that installing an IT&I committee improves corporate governance for organisations that are engaging in digital transformations. information technologies (Beulen & Ribbers, 2020 (Gartner, n.d.). They encompass three aspects: organizational, technological, and social (Tratkowska, 2020). Digital transformations include amongst others enriching existing services and products and/or creating new services to improve topline turnover growth by utilizing data and analytics; using mobile devices, leveraging social media, implementing Internet of Things, blockchain, and cloud computing (Bharadwaj,  In the literature, to date, there is very limited attention for corporate governance related to digital transformations. Vermeulen and Fenwick (2019) focus on corporate governance and the technical aspects of digital transformations, where Manita, Elommal, Baudier, and Hikkerova (2020) focus on the impact of the digital transformations of external audits on corporate governance. Furthermore, Correia and Água (2021) link corporate governance and IT governance. An OECD publication includes the suggestion to use blockchain in digital transformations as in corporate governance (Akgiray, 2019), where Hilb (2020) is suggesting to leverage artificial intelligence for both digital transformations and corporate governance.
The remainder of the paper is structured as follows. Section 2 includes the research background addressing corporate governance, audit committee, and applicable Dutch legislation, and introduces the information technology and innovation (IT&I) committee. In Section 3, the data collection and methodology are described, followed by Section 4, which includes the design of the IT&I committee. The artifact entails five principles based on 14 global organisations with a similar committee. The analysis and revision of the initial artifact are detailed in Section 5, which also includes the adjusted artifact. The conclusions are outlined in the final section, in which we also suggest topics for further research and outline practical implications and limitations of our research.

Corporate governance
In our research, we focus on the board of directors and include organisations with a one-tier, as well as organisations with a two-tier board. Engaging in digital transformations triggers corporate governance challenges and requires more in-depth IT experience of internal (executive) directors and long-term serving chief information officers (CIOs) on the board of directors (Benaroch & Chernobai, 2017). Also, legislators underpin the importance of these challenges by adding specific digital legislation, e.g., Australia's Digital Continuity 2020 Policy (Adams & Bennett, 2018) and in Europe General Data Protection Regulation and cyber security (ecoDa, 2020). Governance of enterprise information and technology is an integral part of board governance (Valentine, De Haes, & Timbrell, 2016). Board-level information technology governance (ITG) can be defined as "the board's actions to ensure that the organization's IT sustains and extends the organization's strategies and objectives" (Turel & Bart, 2014, p. 224 Bédard & Gendron, 2010) and the responsibilities are detailed in the audit committee charter. This charter also describes authority, direction, and discipline for the audit committee (Carcello, Hermanson, & Neal, 2002). Additional challenges for an audit committee, including effectiveness, are detailed by Wu, Habib, and Weil (2012).
Installing a committee, such as an audit committee or a remuneration committee, does not reduce the accountability of the board of directors, or in the case of a two-tier board, the supervisory board. Installing a committee ensures executives with specific expertise can spend ample time on a topic (Jonas & Young, 1999). An effective audit committee, therefore, improves corporate governance. It has qualified members with the authority and resources to protect stakeholder interests by ensuring reliable financial reporting, internal controls, and adequate risk management through its diligent oversight efforts (DeZoort, Hermanson, Archambeault, & Reed, 2002, p. 41).
This will strengthen the separation between corporate management and shareholders, where boards protect the interests of shareholders. Agency theory suggests that shareholders require protection because corporate management (agents) may not always act in the interests of the shareholders (principals) (Fama, 1980;Fama & Jensen, 1983;Jensen & Meckling, 1976). To deal with this agency problem, the board of directors assumes an oversight role that typically involves monitoring the corporate management, approving strategies, and monitoring the control system (Aguilera & Cuervo-Cazurra, 2004). However, increased use and importance of information and information technology (Adams & Bennett, 2018), as well as digital transformations, result in a more challenging role for the board of directors. The board might require stewardship to compensate for agency characteristics (Glinkowska & Kaczmarek, 2016;L'Huillier, 2014), as stewardship is focused on pro-organizational behavior (Muth & Donaldson, 1998)

Audit committee -the Netherlands
The level of coercive pressure to install an audit committee is highest in Anglo-Saxon countries, but also includes countries such as the Netherlands, which have adopted the principle "comply or explain" in Section 2.3.2 "Establishment of committees" (p. 23), of the Dutch Corporate Code of Governance (Monitoring Committee, 2016a), similar to Australia and the UK, whereas an audit committee is obligatory, for example, in the US.
The Dutch Corporate Code of Governance includes specific references to digital transformations and information technology "the application of information and communication technology by the company, including risks relating to cybersecurity" and related to long-term value creation, innovation, and new business models (Monitoring Committee, 2016a, p. 16). The best practice in the initial proposal for revisions of the Dutch Corporate Governance Code in 2016 included the obligation to have at least one nonexecutive board member with specific expertise in the field of technology innovation and new business models (Monitoring Committee, 2016b, p. 27). Due to feedback from VNO-NCW (Confederation of Netherlands Industry and Employers) and NCD (Dutch Association of Commissioners and Directors) after consultation, this initial proposal has been transformed into a more generic best practice on expertise in Section 2.1.4 which uses a more generic description: "Each supervisory board member and each management board member should have the specific expertise required for the fulfilment of his duties. Each supervisory board member should be capable of assessing the broad outline of the overall management" (

Information technology and innovation committee
To further improve corporate governance, an IT&I committee, as an integral part of corporate governance, is needed for organisations that are engaging in digital transformations. Organisations can institutionalize the focus on digital transformations by involving and adding (non)-executive board members with the right profile to their corporate governance. Some organisations have already implemented a specific committee to address these challenges. This is in line with Premuroso and Bhattacharaya's (2007) specialization argument and suggestion to install a technology committee, and Caluwe and De Haes's (2019) appeal for exploring board-level IT governance. Furthermore, Adams and Bennett (2018) stress the importance of information governance in the digital economy. Also, Weill, Apel, Woerner, and Banner (2019) argue in favour of a digitally savvy board. Furthermore, Price and Lankton (2018) assessed and developed boardlevel information technology committee charters. However, there are only a handful of organisations with such a committee, which authorities and responsibilities are not fully understood. This becomes more pressing due to the challenges associated with digital transformations. The design of this committee is detailed in our research.

DATA AND METHODOLOGY
Design science started in engineering and the sciences of artifacts (Simon, 2019). In information technology, design science has also been adopted (

Fourteen global organizations with similar committees
We defined corporate governance with supervision on technology and innovation as our research domain. The audit committee, based on the ACE framework (DeZoort et al., 2002), and the evolving committee focused on technology are the foundation of this research. This includes combined desk research of charters of similar committees of fourteen global organisations, which are listed in Appendix B, and a literature review. As the charter documents are part of the disclosure of corporate governance arrangements and therefore publicly accessible, a Google internet search has been made for "IT committee charter", "board of directors digital transformation", "innovation committee" and "technical committee". In the selection of the charters for the design of the artifact, the authority and purpose described in the charters, as well as professional judgement, have been used to ensure only relevant charters are included in this research. In our design, we didn't differentiate for the corporate governance system, including country specifics, nor for the organisation performance or profiles of executives and non-executives.

Seven Dutch case studies engaging in digital transformations
The design of the IT&I committee has been tested by case studies. The main goal of the case studies in this research is to describe an emerging phenomenon (Eisenhardt & Graebner, 2007), which is one of the three main goals of case studies (Eisenhardt, 1989) -the corporate governance of information technology. As suggested by Venable, Pries-Heje, and Baskerville (2016), case studies are used to provide a naturalistic evaluation in design science, embracing all the complexities of human practice in real organizations. The ex-post use of naturalistic evaluation methods, such as case studies in design science, leads to stronger internal validity. In this research, we conducted seven in-depth Dutch case studies concerning organisations that are engaging in digital transformations, with six paired interviews of executive and non-executive directors whose responsibilities include information technology. The seventh case study is based on a single interview with an interviewee being the executive board member responsible for information technology.
All case study interviews are supplemented with publicly available documents such as annual reports and corporate publications. The case study analyses do not include a cross-case study analysis due to the different business characteristics of the seven case studies. The studied organisations were selected based on the accessibility to the interviewees for the researchers, however, they are representative of the Netherlands in terms of company size and sector diversity. The case studies represent private-held firms, publicly-held corporations, and governmentcontrolled organisations.
The interviews were conducted in January-April 2020 -in person as well as in video conferences. The case study characteristics are detailed in Table C The appropriate research method was to generate an "exploratory-descriptive" case study (Yin, 2018). This enables one to elicit data and information from informants with the purpose of building a new model rather than testing an existing model (Myers & Avison, 2002). The interviews took 45 minutes to an hour each and were taped and transcribed. In the semi-structured interviews, six open questions were used to investigate how corporate governance supervising digital transformations is organised (see Appendix D). The interview transcripts were read and reread to identify the enabling role of committees in this field by capturing the ideas and phenomena described by interviewees.
In the analyses, we specifically focused on digital strategy and transformations, and engagement, and meeting frequency within the corporate governance. Data analysis was conducted in three stages: preliminary analysis, formal analysis, and final data analysis (Rubin & Rubin, 1995, p. 226). Of these, the preliminary analysis was already carried out during the interviews. Afterward, the information obtained was subjected to an interpretative analysis in order to structure it so that it would match the research question. This meant coupling concepts with the empirical data collected. The consolidated conclusions of all interviews were then used as input for the final data analysis, as detailed in this article. This involved an iterative process that relied on the use of "descriptive, interpretative and pattern" codes (Miles & Huberman, 1994, p. 57) and revisiting the analysed charters of the fourteen global organizations with similar committees. In addition to this iterative process, the interviewees have provided feedback on the adjustments of the designed artifact. Their feedback has been included in Section 5 -Analysis and revision of IT&I committee design, and Section 6 -Conclusion.

Principle 1: Authority and purpose
In the analysed charters, the IT&I committee assists and advises the board of directors in fulfilling corporate governance responsibilities and has a focus on one or more of the following topics: 1) information technology, 2) digital transformations, and 3) technology innovations. This includes providing oversight, review, risk assessment, and advice on this domain, to ensure that these subject domains are given sufficient attention at the board level, given their importance and associated risks. Eventually, board resolutions can be prepared and decided upon by the full board of directors.
In organization 1, the IT&I committee is a decision-making committee, where in organization 7 the IT&I committee has delegated authority for approving a new or changed project budget. In the design, a delegation of the board of directors decisions to the IT&I committee is excluded, since it is important to adhere to the corporate governance principle that each individual member of the full board of directors always remains responsible for all decisions taken.

Principle 2: Mandate and responsibilities
In most of the analysed charters, the list of responsibilities was quite extensive, as well as quite diverse. In this design, the purpose of the IT&I committee is the starting point.
Some of the charters were remarkably detailed and operational, which might hinder the effectiveness. For instance, in the charter of organization 1, the responsibility for new systems to ensure they are meeting the requirements and specifications of the users, was included. In this design, the IT&I committee has a strategic, instead of an operational, lens.
Four different domains of responsibilities are defined in the design to outline the authority and purpose of the IT&I committee as described in principle 1. An important aspect of the strategic lens was included in the charters of organizations 2 and 13, which had explicitly included responsibility for the IT&I committee to make recommendations on technology-related projects with respect to their competitive position. Also, organization 5 included new product development in the charter. In the design, these responsibilities are labelled as technology innovation under 2A, as well as investments under 2B in Table 1. Investments have to be aligned with the IT strategy and setting priorities for the IT project portfolio is important. This is explicitly included in the charter of organization 7. Therefore, this is also included in the design under 2B in Table 1.
Organisations 3 and 6 have explicitly included the monitoring of the impact of technology on sustainability in the charter. This is an important topic but not explicitly included in the design because this is considered part of the corporate strategy as a whole and should not be addressed solely in the IT strategy. As a result, monitoring sustainability is thus implicitly embedded in the design.
Similarly, assessing the information technology operations, which is also more tactical in nature, has been included in the design under 2D in Table 1. However, a risk assessment is important and was mentioned in all assessed charters. Six charters (organisations 1, 4, 6, 7, 10, and 12) include specific responsibilities regarding (cyber)security, compliance risks, IT operations, and/or business continuity risks. Furthermore, with regards to risks, the relationship with the audit committee is detailed in principle 3.

Principle 3: Relationship IT and innovation committee vs. audit committee
In a large number of charters, the relationship of the IT&I committee with the audit committee is not specified (organizations 1, 2, 3, 5, 6, 7, 8, 9, and 13). However, in the charters of organizations 4, 6, 10, 11, 12, and 14, the relationship is explicitly detailed. As the audit committee is responsible for supervision on the enterprise risk management framework, including the risks addressed in the IT&I committee, detailing the relationship between the two committees is important and therefore included in the design.
The IT&I committees respond to risk-related requests and recommendations of the audit committee. This was explicitly included in the charter of organization 6, as well as in the design, as this cooperation between two committees strengthens corporate governance.

Principle 4: Composition of IT&I committee and chair
The investigated charters all provided guidance related to the minimum number of directors. In most of the charters, the number of directors was at least three directors. There were three chapters indicating a higher minimum -organization 6 (7 to 9 directors) and organization 7 (at least 7 directors), where organization 10 indicated a range (3 to 9 directors). Most chapters indicate a combination of executives and non-executives, where organization 5 details non-executives only, and organisation 11 states that the majority of the members have to be non-executives.
Having, at minimum, two non-executives in the IT&I committee ensures both agency and stewardship characteristics for the discussions with executive members, broadens the context of the committee, and also ensures business orientation. Organizations 6, 7, and 11 include ex officio roles -think chief information officer, chief digital officer and/or chief technical officer. Ex officio roles in the IT&I committee ensure a proper linking pin to the management level, which positively contributes to corporate governance. Therefore, the inclusion of ex officio roles has been included in the design.
In the analysed charters, the board of directors appoints the directors for the IT&I committee, except for organization 1 (appointed by the CEO) and organizations 8 and 13 (appointed by the nomination committee). None of the charters indicate a minimum level of knowledge and working experience, except for organisation 2. However, appointing directors being able to bring knowledgeable stewardship to the dialogue in the board of directors is important in achieving good corporate governance. In the design, a minimal working experience level is included, either gained in executive or non-executive roles.
In the charters of organisations 1, 2, 3, 5, and 10, the IT&I committee has the power, in its discretion, to retain at the organization's expense, external advisors and other experts as it deems necessary or appropriate to carry out its duties. This has been included in the design as it is important that the organisation shall provide adequate resources to support the IT&I committee's activities. This is important but not a design element, as this is not explicit for this committee only, but valid for all committees and even the full board of directors.
The charters of five organisations (organisations 4, 5, 9, 11, and 14) have very detailed guidance on the minimum attendance requirements for the IT&I committee, all over 50%, except for organisation 11, which has the number of present members at a minimum of two members. Also, rules on voting are described in several charters. Regardless of a quorum attending the meeting and the necessity for voting to decide in a committee, the responsibility for corporate governance decisions remains within the full board of directors, as per principle 1. Therefore, attendance, as well as voting, is not included in the design.

Principle 5: Frequency, agenda, and minutes of meetings and reporting
The analysed charters include a large diversity of meeting frequency, ranging from not specified (organization 1) to at least one meeting per annum (organization 5), to at least 2 (organizations 2, 8, and 9), or to as deemed necessary (organisations 11,12,13). The charters of the remaining organisations indicate at least 4 meetings per annum. Due to the importance and rapid developments in the domain, the design includes a minimum number of 4 meetings per annum.
In all charters, the IT&I committee reports to the board of directors, making available its agenda, meeting documents, and the minutes of its meetings to facilitate and support the collective responsibility within the board of directors.

Principles for an information technology and innovation committee
Based on our research of the charters, we designed the following principles for the IT&I committee: The committee reviews, advises, and approves on the following matters: A. Strategies and policies regarding information technology, digital transformations, and technology innovations. B. Major information technology and technology innovation investments (including acquisitions, and significant system development and software maintenance projects). C. Assess information technology and technology innovation project portfolio including the projected budget, forecasted expenditures, risk profile, and review of their financial and completion status. D. Assess information technology operations including security, compliance, and business continuity including the projected budget, forecasted expenditures, and risk profile. 3 Relationship IT&I committee vs. audit committee The committee reports risks to, and works closely with, the audit committee as input for the enterprise risk management effort as part of the annual enterprise risk management calendar.
The committee responds to risk-related requests and recommendations of the audit committee.

Composition of IT&I committee and chair
The committee has at least three members, including the responsible executive for information technology, consists of a minimum of two non-executive members, is chaired by a non-executive member, and all members are appointed by the board of directors. Members have 5 years or more working experience as an executive board member in the area of IT and innovation in similar or large organizations in the last 10 years or having served for 2 years or more as a non-executive board member in the area of IT and innovation in similar or large organizations in the last 5 years.

Frequency, agenda, and minutes of meetings and reporting
The committee meets at least four times per annum and the outcomes are summarized and discussed in the next board of directors meeting. The committee reports to the board of directors, makes available its agenda, meeting material, and the minutes of its meetings to facilitate and support the collective responsibility within the board of directors.

ANALYSIS AND REVISION OF INFORMATION TECHNOLOGY AND INNOVATION COMMITTEE DESIGN
To test the design, the corporate governance, in the context of the digital transformation of seven Dutch organisations, has been studied. The studied organisations are detailed in Appendix C, In the subsections below, the analyses have been structured by the five principles, detailed in the previous section. The insights shared by the interviewees have resulted in an adjusted artifact, as detailed in Table 2. Based on the studied organisation analyses, one principle has been added and principles have been adjusted. The changes in design are summarized in subsection 5.7.

Analysis -Principle 1: Authority and purpose
All studied organisations had a clear focus on the risks and opportunities related to digital transformations. Organizations D, which is in financial services, and E, which offers mobility products and services, are engaging with a strategy consulting firm to determine the digital roadmap, including implementation of organizational changes. The most significant change is the introduction of agile ways of working -organisations B, C, D, E, and G. Most case study organisations (A, B, C, D, F, and G) stress the importance of data in digital transformations. The board of directors of organisation C, which operates in the transportation sector, is explicitly looking for synergies across countries, including Germany and the UK.
In addition, four of the seven studied organisations are in the middle of adopting new business models. These business models are information technology-centric and innovationdriven. Organisation B, which is responsible for land registration, is transforming their organisation by adding information technology-driven services to the market, which is beyond their traditional customers, being landowners and governmental bodies.
Organisation D, a pension fund service provider, is facing significant regulatory changes impacting its market position. In the near future, it might happen that employers can select their pension fund of choice, thus they are no longer obligated to contract with a sector-specific pension fund. This requires significant changes to their business model. Organisation E is engaging with a large number of external organisations and participates in many ecosystems, to create new business models related to their mobility products and services. They demonstrate a true entrepreneurial spirit. The profit and loss responsibility is held within each of the 80 business units. This is instrumental in the creation of new business models.
On the other hand, organisation A, which provides capital-intensive professional services, clearly states that no new business models are expected. The focus of the digital transformation of this organisation is on achieving efficiencies of their existing business processes. A good example is their vessel tracking platform which provides insights for allocation of vessels to dredging projects, as well as a competitive advantage. Nevertheless, "adopting new business models" has been added as a topic to assist and advise the board of directors in fulfilling corporate governance responsibilities. Revisiting of the charters researched revealed that organisation 10 includes "testing and adoption of new business models" as a responsibility of the IT&I committee.
The interviewees of all organisations confirmed the adjusted principle 1, as detailed in Table 2.

Analysis -Principle 2: Mandate and responsibilities
This principle consists of four responsibilities. The first responsibility, strategies, and policies (2A), is already addressed in the analysis of the first principle, and also requires expanding this second principle. The second responsibility, monitoring information technology investments (2B), is recognized by all seven organisations. For example, for organisation C, the board of directors approved a significant budget to upgrade and refresh the information technology prior to embarking on digital transformations. Organisation D acquired a data company to incorporate digital capabilities, and organisation E invested in the integration of acquisitions.
The projects related to these investments have to be closely monitored (third responsibilitymonitoring project portfolio (2C)), which is also recognized by all seven organisations. Similar to monitoring the information technology operations is the fourth responsibility (2D). Security was reported by organisation A, as their global operations also include geographies with less internet bandwidth and less reliable connectivity. Organisation B is reporting on artificial intelligence and blockchain usage, where organisation G has a dashboard in place to track the digital key performance indicators, such as the number of online hospital appointments and the number of video consults.
The interviewees of all studied organisations confirmed the adjusted principle 2, as detailed in Table 2.

Analysis -Principle 3: Relationship of IT&I committee vs. audit committee
In the case study analysis, only organisations E and F are taken into account, as the remaining studied organisations have implemented bilateral governance between the non-executive and executive board members in the board of directors. In both organisations, there is information exchange between the IT&I and the audit committee. In this collaboration, the focus is on risks.
The interviewees of all studied organisations confirmed principle 3.

Analysis -Principle 4: Composition of IT&I committee and chair
Similar to the analysis of principle 3 in the case study analysis, primarily organisations E and F, are taken into account for analysing this principle. The committee of organisation E consists of two non-executive supervisory board members, and the chief executive officer, the chief finance officer, and the chief information officer. The majority of the members of the committee are executive members, which might be related to the decentralised structure of the organisation (+80 business units, each with their own P&L (profit and loss) responsibility). The committee of organisation F consists of two non-executives and one executivethe chief information officer. Both organisations have no explicit criteria in terms of the number of years of working experience for members of the committee.
All studied organisations have (started) programs to increase digital transformation literacy, this includes a study trip to US tech companies (organisation G), as well as partnerships with universities (organisation D). Furthermore, input from technology partners is welcomed by organisations A, B, E, and F, where information technology outsourcing is an explicit topic for the audit committee of organisation A.
The interviewees of all studied organisations confirmed principle 4.

Analysis -Principle 5: Frequency, agenda, and minutes of meetings and reporting
The meeting frequency of the information technology committees and bilateral governance between the non-executive and executive board members of the board of directors of most studied organisations is at least four times per annum. Organisation F has a quarterly standing meeting. Case study D organizes a meeting several times per annum when this is deemed necessary. For organisation B, the corporate governance of digital transformations is covered in the audit committee, previously there was a standing monthly meeting. If required, the chief information officer is invited by the board of management, as for organisations D and G. In addition, for organisation G, there is a quarterly update from the chief information officer and his team to the responsible non-executive board member.
The interviewees of all studied organisations confirmed principle 5.

Analysis -Principle added: Corporate development contribution
In the interviews with members of the board of directors from the studied organisations, we observed that engaging in digital transformations results in a big impact on their organisation. This also requires significant management attention. This topic of corporate development, however, is much wider than the mandate of the IT&I committee, since this also includes the business management, as well as the back-office elements of the organisation. All studied organisations have embedded the responsibility for corporate development as an important element in their corporate governance.
Corporate development focuses on technology literacy of staff and adoption in the organisation thereby improving the capabilities to implement digital transformation. We observed two key areas within corporate development, being: 1) enterprise data management and 2) talent development and acquisition.

Data enterprise management
Data and analytics are important in implementing and obtaining value from digital transformations. Five of the seven studied organisations devote special attention to enterprise data management. Organisation A has set up a separate business unit to analyse enterprise data, including open data such as vessel tracking and weather reports, to optimize the utilisation of the dredging fleet and improve their calculation capabilities which are heavily used in their sales proposals. The land registration data is monetized by organisation B, where enterprise data management and implementing an agile way of working are at the heart of their digital transformation. Similar to organisation F, enterprise data management is pivotal in their data exchange and analytics. To enter harbors safely and facilitate efficient cargo planning and handling enterprise data management is essential. Furthermore, it is a cornerstone in the efforts of this organisation to participate in the arising platform economy of global smart digital logistic services. Organisation C uses data for further optimizing the rail transport service, including the planning of staff, trains, passengers, and their maintenance schedules. Data is also used to inform the train passengers about the actual schedules, delays, and disturbance of services, and beyond this, e.g., actual and predicted occupation rates of train compartments. Part of the enterprise data is shared as open data with external service providers, who are using this to offer various valueadded services. Also, organisation D has a clear focus on data and analytics. They recently bought a data science company to enhance the organisations capabilities and explore new value-added services. Organisation E also focuses on data management, but due to its decentralised nature, less of a focus on enterprise data management is considered somewhat less important than found within the other studied organisations. This is similar in organisation G, however, their focus on enterprise data management is evolving rapidly due to increasing regulatory requirements.
Finally, we reviewed the responsibilities in the charters of the 14 global organisations on the occurrence of objectives for "enterprise data management". The charters of organisations 4 ("enterprise data strategy"), 6 ("data governance"), and 10 ("the data management framework") include the responsibility for enterprise data management.

Talent development and acquisition
In addition to enterprise data management, talent development and acquisition is also key, but corporate development also includes revamping the organizational design and adjusting business processes, enabling organisations to achieve their objectives.
As corporate development is indeed an organisation wide topic, the IT&I committee only provides recommendations to the board of directors. This will avoid potential conflicts of interest. A good example is organisation A, which has a focus on data science, which requires different skillsets across the entire organisation. Furthermore, in organisation A there is a focus on ramping up online learning required to implement and maintain the zero-incident policy. Again, a much wider domain than IT&I only, but both require guidance from the IT&I committee. The domain is also for studied organisation B, which is transforming into a digital organisation, much wider, their transformation is impacting the entire organisation.
Organisation C implements new ways of working across the organisation, as well as new IT competencies (digital DNA) to ensure their staff is ready to deliver successful digital transformations. Organisation D has adopted agile and DevOps and is fully focusing on integrating the IT professionals and the business representatives in combined teams. Furthermore, this organisation is expanding its relationships with higher education and technology partners.
In addition to studied organisation D, organisations E and F introduced earlier on an agile way of working. The chief information officer is a community builder, which is a prerequisite for successful digital transformations. In organisation E, large organisation-wide training programs are launched to improve digital awareness and skills. In organisation F, the initial focus of the training programs was on agile ways of working and has nowadays shifted towards expanding the client portfolio.
Finally, organisation G is driving the digital transformation by appointing digital leaders decentralised -in the business but supported and guided centrally, the "hub and spoke" model. Finally, we reviewed the responsibilities in the charters of the 14 global organisations on the occurrence of objectives for "talent development and acquisition". The charter of organisation 13 includes the responsibility for talent acquisition and development.
Also, Matt, Hess, and Benlian (2015) and Vial (2019) argue that focusing on talent development and acquisition is crucial in digital transformations.
In summary, in addition to these references, in all studied organisations the aspect of corporate development was observed. The recommendations from the IT&I committee to the board of directors will improve and ensure an adequate functioning corporate governance. Therefore, this principle is added to the design. The interviewees of all seven studied organisations confirmed this added principle.

Adjusted artifact
Based on the analyses of the interviews of the seven studied organisations, two changes have been applied.
The first change is an expansion of the areas of assistance and advice to the board of directors in fulfilling corporate governance by adding "the adoption of new monetisation models". This is a quite straightforward addition to principle 1 and 2A.
The second change is adding the new principle of corporate development contribution. This is closely related to the responsibilities detailed in the second principle; however, this is not the full responsibility of the IT&I committee. Therefore, this is considered to be a separate principle. Since the first two principles are subject matter related, where the other principles are describing the modus operandi of the committee, this principle is inserted as new principle 3. As a consequence, the number of the initial principles 3-5 will be adjusted, e.g., principle 3 becomes principle 4, etc. The updated principles are listed below in Table 2. The committee reviews, advises, and approves on the following matters: A. Strategies and policies regarding information technology, digital transformations, adoption of new business models, and technology innovations. B. Major information technology and technology innovation investments (including acquisitions, and significant system development and software maintenance projects). C. Assess information technology and technology innovation project portfolio including the projected budget, forecasted expenditures, risk profile, and review of their financial and completion status. D. Assess information technology operations including security, compliance, and business continuity including the projected budget, forecasted expenditures, and risk profile. 3

Corporate development contribution
The committee contributes to corporate development with recommendations regarding digital transformations and technology literacy, adoption, and maturity. This includes enterprise data management and talent development and acquisition as well as necessary organisational capabilities and adaption of organizational design and business processes.

4
Relationship IT&I committee vs. audit committee The committee reports risks to, and works closely with, the audit committee as input for the enterprise risk management effort as part of the annual enterprise risk management calendar.
The committee responds to risk-related requests and recommendations of the audit committee.

Composition of IT&I committee and chair
The committee has at least three members, including the responsible executive for information technology, the committee consists of a minimum of two non-executive members, is chaired by a non-executive member, and all members are appointed by the board of directors. Members have 5 years or more working experience as an executive board member in the area of IT and innovation at a similar or large organization in the last 10 years or having served for 2 years or more as a non-executive board member in the area of IT and innovation at a similar or large organization in the last 5 years. 6 Frequency, agenda, and minutes of meetings and reporting The committee meets at least four times per annum and the outcomes are summarized and discussed in the next board of directors meeting. The committee reports to the board of directors, makes available its agenda, meeting material, and the minutes of its meetings to facilitate and support the collective responsibility within the board of directors.

CONCLUSION
Digital transformation opportunities and associated risks drive the need for strengthening the corporate governance structure. The board of directors has to deal with unprecedented challenges, as the speed of change is accelerating as never before. Technology innovations and new business opportunities as well as the introduction of new business models are happening at a pace. Digital transformations are here to stay and are distinctly different from the involvement of IT directors and CIOs pre-digital transformations. Only in exceptional circumstances, such as Year 2000 (Y2K) challenges, CIOs were invited on a regular, often monthly, basis to report to the board of management. Nowadays digital transformations require a seat at the table for CIOs at the board of management, as an executive board member.
In addition, there is an increased realisation that driving business value with information technology and innovation is becoming more vital. This results in the adoption of the composition and required profiles in the board of directors. Also, responding to these challenges requires significantly more time on the board's agenda. Therefore, digital transformations require the permanent adaption of corporate governance in the form of an IT&I committee. In our research, there is evidence in two case studies (E and F), which have an operational IT&I committee (or equivalent). In both case studies, corporate governance on the digital transformations was significantly improved by the existence of such an arrangement.
The current legislation in the Netherlands, and in many other countries, doesn't require a legal adjustment to add the IT&I committee to corporate governance.
Alignment between the IT&I committee and the audit committee within the board of directors is essential. This alignment needs to be embedded in the charters of the board of directors and the associated committees.
The risk DNA is very present in most boards of directors and committees, such as the audit committee. In the selection of executives for the IT&I committee technology and innovation, adding value to the board of directors in terms of working experience, as well as focus on value creation, are important to supervise and counsel management whilst engaging in digital transformations. Furthermore, their ability to contribute to corporate development is essential to ensure that the technology and innovation perspective is at hand for the executive board members. This requires new skills and profiles compared to what is common practice. This enriched and combined DNA of members of the IT&I committee will make boards of directors ready to engage in digital transformations and eventually to disrupt and/or avoid being disrupted.
In addition to the above conclusions, we have identified two important topics for further research: 1) the implications of becoming part of dynamic and increasingly complex ecosystems, 2) combining value creation and innovation, including economic, social, and governance sustainability (ESG).
Currently, many organisations are engaging in digital transformations, and as a consequence, they are operating in dynamic and increasingly complex ecosystems instead of traditional value chains. This requires, in addition to agency theory, much broader adoption of and adherence to the stakeholder theory (Freeman, 1984;Freeman, Harrison, & Zyglidopoulos, 2018). Due to digital transformations, the collaboration between organisations is more dynamic and requires much more supervision and counselling at the board of directors level. The shareholder perspective is no longer sufficient, the broader stakeholder perspective is needed. This requires stewardship of the board of directors towards management.
In addition to the organizational aspects, the management angle in corporate governance also requires further interpretation. The main focus of corporate governance research is on risk. Digital transformations also require a focus on value creation including innovation. Future research is needed for better understanding. Potentially, this also addresses ESG (Scherer & Voegtlin, 2020) as part of the contribution to corporate development. This will result in competitive value and is also identified as to agenda for future research by Caluwe and De Haes (2019, p. 279). In revisiting the charters fourteen global organisations with charters of similar committees we found that the global organisations 3 and 6 have already addressed ESG in the charters of their similar committees.
In addition to the research implications, we also identified practical implications. Corporate governance continues to get more emphasis, which is in line with increasing complexity and risk levels, internationalization of doing business, and increasing compliance requirements. In addition to the audit committee, organizations are adding technology committees to ensure they are in control.
In the introduction of the IT&I committee, collaboration with the audit committee is also essential. In the charters of both committees, this collaboration has to be addressed and linking pin(s) in both committees have to be assigned.
Introducing an IT&I committee requires not only buy-in from the board of directors in order to be successful but conducting a digital maturity assessment is also instrumental. An outside-in view initiated by the chief information officer or the chief digital officer will not only set the agenda of the IT&I committee for the first six to twelve months but will also drive the characteristics of the profiles required, which need to be set by the board of directors. The recruiting will imply the identification of the right candidates within the board of management, combined with external non-executives. Organisations will benefit from understanding the profiles required for the IT&I committee better. Furthermore, future research in converting the principles into a charter is required. The availably of a template charter for the IT&I committee will be of tremendous value for organisations. A Delphi method-based study involving international executive and non-executive board members might be a suitable approach for identifying the key clauses of a template charter.
Finally, there are three limitations that could be addressed in future research. Our research has the following limitations: 1) the limited number of global organisations used for the design (14 global organisations), as well as the limited number of studied organisations for the analysis (7 Dutch organisations), 2) due to the limited number of studied organisations it was not viable to differentiate in the context, for the design nor the analysis (e.g., country specifics for the global organisations), and for both sectors, performance and profiles of involved executives, and 3) no differentiation between organisations with one-tier and a two tier-board.