Boards & Governance

Top 10 Insights From NACD’s Master Class in Fort Lauderdale

NACD Blog Feed -

NACD’s thought-leadership forum, Master Class, convened in Fort Lauderdale, Florida, late last year to discuss how corporate governance is adapting to the current operating environment. Dialogue among directors and session leaders at the event revealed 10 insightful takeaways:

  1. Board engagement in strategy development is a sign of healthy board-management engagement. The board’s role is to question the CEO’s strategy assumptions, offer alternatives, and ensure a long-term value creation. Senior management’s job is to execute the strategy.
  1. Given the complexity of today’s operating environment, it is even more important to stay attuned to disruptive competition in the company’s industry. Spend time outside of board meetings learning which changes—in technology, policy, or through stakeholder demands, for example—are emerging and how your company should address those disruptions.
  1. Demonstrate directors’ commitment to continued education in communications with shareholders, employees, and other stakeholders. While your board may feel that current director evaluations and education requirements are sufficient, review your director education program to ensure that board members’ skills are being enhanced to keep pace with the changing operating environment.
  1. Consider taking a few steps to enhance recruitment of and onboarding for new directors:
    • Consider not only the board’s recruitment needs in the next year, but also in the next several years as directors leave the board and as company strategy evolves.
    • Establish a requirement that the director pipeline includes candidates from diverse backgrounds.
    • Provide a welcome letter with job description to new board members.
    • Tailor new-director onboarding programs to individual directors.
    • Convey a sense of your board’s dynamics with each other and with management to both prospective and new directors.
  1. Determine whether the skillset matrix tests for skills that are necessary for the company strategy. While directors currently serving on the board may have had the skills to help the company achieve its prior strategy, realize that the directors sitting on the board today should be measured against the new ruler of current and future strategy expectations.
  1. Review your board’s bylaws and committee charters to determine whether the documents offer any detail about how directors oversee cultural risk. Probe management about culture. Given recent corporate scandals relating to unhealthy corporate culture, consider adding language to your bylaws and charters to demonstrate a commitment to healthy company culture. Take this commitment a step forward by probing management about how the company currently cultivates a healthy, ethical culture.
  1. Look beyond the information management has presented you to determine the company’s cultural dynamics among not only senior management, but also lower- and mid-level managers. Review online employee satisfaction websites to gauge morale and determine whether behaviors incentivized are realistic and healthy.
  1. Question the quality and volume of information being given to the board on enterprise risks. If the board is receiving 1,000 pages of information monthly about risks, ask whether the board can realistically absorb that information. Ask the chief risk officer to provide the board with a more brief and concentrated view of the risks that need to be addressed, and spend time drilling down on the most pertinent risks, including those that may be sleeping giants.
  1. When stumped on strategy, go back to the beginning. Ask often why the company was founded and what problem the company should help clients or consumers solve. Having a renewed vision of the founder’s mission can help provide fodder as to how to revive that vision in light of today’s operating environment.
  1. Dive deep into consumer trends and behaviors, when considering appropriate strategies. While it may be easy to become mired in the highly technical nature of directorship and oversight, realize that great insight can come from aligning company strategy so that it satisfies customers’ needs and wants.

Add your voice to the next critical conversation. View upcoming NACD Master Class dates.

China’s Cybersecurity Law Goes into Effect June 1, 2017—Are You Ready?

NACD Blog Feed -

China’s legislature approved its Cybersecurity Law this past November, solidifying China’s regulatory regime for cyberspace and potentially disrupting foreign companies that use or provide telecommunications networks in China. The law takes effect June 1, 2017, and reflects China’s desire for “cyber-sovereignty” (regulating the Internet in China according to national laws, despite the global nature of the World Wide Web). As the Chinese Communist Party (CCP) faces pressure from slowing economic growth and foreign influence, the Cybersecurity Law is one in a series of laws the Chinese government has implemented recently to uphold state security.

Significant Provisions of the Law

Though the wording of the law is vague, it formalizes many current practices and aims to consolidate cybersecurity authority under the Cybersecurity Administration of China. While the government is expected to offer more clarification on the law through implementation rules, how the law is played out in practice will be the ultimate indicator of the law’s severity. These three aspects of the law have the greatest potential to affect multinational companies (MNCs) doing business in China, according to an NACD analysis:

1. Data localization: Article 37 of the law is one of the most contentious and requires that “critical information infrastructure” (CII) operators store personal information and other important data they gather or generate in mainland China to be stored in mainland China. CII operators must have government approval to transfer this data outside the mainland if it’s “truly necessary.” The definition of CII is a catch-all, including public communication and information services, power, traffic, water, finance, public service, electronic governance, in addition to any CII that would impact national security if data were compromised.

Impact: The broad applicability of the CII definition raises the concern that any company using a telecommunications network to operate or provide services in China would be required to store data in mainland China, possibly even affecting those that store data to clouds with servers located outside mainland China.

2. Support for Chinese security authorities: Article 28 requires “network operators” to provide technical support to security authorities for the purposes of upholding national security and conducting criminal investigations. Network operators are broadly defined as those that own or administer computer information networks or are network service providers, which may include anyone operating a business over the Internet or networks.

Impact: The loose definition of “technical support” creates the concern that MNCs will be required to grant Chinese authorities access to confidential information, compromising private information and intellectual property that may be shared with state-owned competitors. Although not stated in the final version of the law, there is also the possibility that companies may be required to provide decryption assistance and backdoor access to authorities upon request.

3. Certified network equipment and products: For network operators, Article 23 indicates that “critical network equipment” and “specialized network security products” must meet national standards and pass inspection before they can be sold or supplied in China. A catalogue providing more specification on these types of products will be released by the government administrations handling cybersecurity. Under Article 35, CII operators are also required to undergo a “national security review” when purchasing network equipment or services that may affect national security.

Impact: Chinese companies and government agencies have historically relied on computer hardware and software manufactured by foreign companies, although this is now shifting in favor of domestic IT products. Opportunities for hacking and espionage put China at risk of losing sensitive information to foreign governments or companies, and China has already started conducting reviews of the IT security products used by the central levels of government. This provision of the Cybersecurity Law demonstrates China’s resolve to mitigate this risk and may pose a significant barrier to foreign IT equipment manufacturers selling products in China.

How Directors Can Prepare

China’s Cybersecurity Law has been criticized by the foreign business community, and, depending on the law’s implementation, it may make doing business in China for MNCs not only more complex but also riskier. Tom Manning, a China specialist at the University of Chicago Law School and director of Dun & Bradstreet, CommScope, and Clear Media Limited, advises boards to consider the effect of the Cybersecurity Law in the greater context of China’s rise: “The Chinese economy is increasingly more self-sufficient. Domestic companies are growing stronger and are more capable, while multinational companies are finding it more difficult to compete.”

Manning suggests boards conduct an overall China risk assessment, with the Cybersecurity Law as the focal point. While some companies may determine the risk of doing business in China is too high, Manning says, others might decide they need to invest more in China to be profitable. Ultimately, creating alliances with domestic firms, who have a greater influence over the government’s implementation of the law, may be key. “Leading domestic companies have a stake in seeing a better definition of the law, and their interests aren’t unaligned with multinational companies,” Manning says. “Chinese Internet companies can explain to the government how the law will affect their business models and be more effective in doing so than Western companies.”

Although how the law will be enforced remains to be seen, boards can consider the following questions when evaluating the impact of China’s Cybersecurity Law:

  • Are we storing information generated or gathered in mainland China on servers in mainland China? Do we need to create separate IT systems for China-specific data? Are we reliant on cross-border data transfers, and how would we approach this need with the Chinese government?
  • What is our risk exposure stemming from the potential loss of intellectual property or encryption information as a result of this law? How would our business be affected should our Chinese competitors gain access to this information?
  • For computer hardware or software manufactures, are we willing to share our source code with the Chinese government?
  • For technology firms, how does the law alter the playing field for our company to compete in China against domestic firms?
  • What additional investments do we need to make in order to comply with this law?

For an English version of China’s Cybersecurity Law, China Law Translate provides a free, unofficial translation. 

How Are Public Company Boards Transforming Themselves?

NACD Blog Feed -

The National Association of Corporate Directors (NACD) released the 2016–2017 NACD Public Company Governance Survey late in 2016. The survey, which NACD has administered for two decades, helps directors affirm that their governance practices are effective, fit for purpose, and clearly communicated to shareholders. Our members find value in benchmarking their companies’ approach in areas such as board structure, composition, education, recruitment, and evaluation year over year, and they use the results to identify opportunities for improvement and validate board priorities for the coming year.

What did we learn about changes to public company governance in the previous year?

Although we did not see any seismic shifts in how public companies govern themselves, the data indicate that corporate boards are slowly adapting to heightened expectations about their contributions and performance.

Let me share 10 key takeaways of this report and visualize some of the changes we have observed in our analysis.

1. Overseeing Uncertainty Economic uncertainty and business-model disruption are among the top concerns for corporate boards in 2017. Respondents also report that major industry changes, growing regulatory demands, and cyberattacks will significantly affect their companies over the next 12 months. Global economic uncertainty was selected by 60 percent of respondents as one of the five trends that will have the great­est impact on their companies over the next 12 months, most likely in light of ongoing economic turbulence that includes the fallout from Brexit, emerging markets volatility, and the protectionist trade stance of the new US administration.

2. Deeper Board Engagement with Strategy Setting Growing external uncertainty seems to accelerate the momentum for increased board leadership in strategy. For more than half of boards, active involvement in the development of strategy is a goal for major improvement over the next 12 months. Recognizing that successful strategy setting and execution in this volatile environment are challenges, boards are eager to move from the traditional review-and-approve process to more active strategy engagement earlier and on an ongoing basis, allowing directors to examine underlying assumptions, competitive dynamics, and alternatives.

3. The Tyranny of Short-Termism Maybe the most important structural barrier to board engagement in strategy setting is the intense short-term performance pressure placed on both boards and management. Seventy-five percent of respondents report that management’s focus on long-term value creation has been compromised by pressure to deliver short-term results, while 29 percent report that pressure on boards to focus on short-term performance inhibits their ability to effectively oversee long-term strategy development.

4. Risk Oversight Moves to a Higher Standard Board risk oversight is becoming a robust practice, with a large number of boards looking beyond a review of the top risks to consider the linkage between risk and strategy, the impact of incentives, and the strength of their company’s risk culture. Many boards now receive frequent reports on key components of risk management, including summaries of top risks, emerging risks, and their mitigation. According to our survey, 63 percent of them perform in-depth reviews of specific top risks. Perhaps in response to the recent corporate debacles in the auto industry and banking sector, more than 57 percent of boards now assess whether incentives used in the company’s compensation structure could inadvertently create or exacerbate risks.

5. Struggling to Meet the Cybersecurity Challenge Directors continue to wrestle with effective oversight of cyber risk. Many of them lack confidence that their companies are properly secured and acknowledge that their boards do not possess sufficient knowledge of this growing risk. Fifty-nine percent report that they find it challenging to oversee cyber risk, and only 19 percent of respondents report that their boards possess a high level of knowledge about cybersecurity. While 37 percent of respondents feel confident and 5percent feel very confident that their company is properly secured against a cyberattack, many of their boards may lack sufficient expertise or adequate information to confidently assure that cybersecurity defenses are indeed effective.

6. Managing a Growing Board Agenda The average director time commitment has stayed relatively flat at 245 hours per year, with more time spent on preparations and less time on travel compared to last year. The average number of meetings has also remained flat. Facing ever-expanding agendas, boards struggle to effectively prioritize their scarce meeting time. When asked about time allocation over the last 12 months, more than a third of respondents indicate that their boards spent too little time on director education, executive leadership development, cyber-risk oversight, board succession planning, sustainability, CEO succession, and information technology oversight.

7. Information Rich, Insight Poor Boards receive much information from management but express concerns about the quality of that information. While directors noted an average increase of 12 hours for document review in preparation for meetings, roughly 50 percent of respondents noted a glaring need for improvement in the quality of information provided by management.

8. Increased Shareholder Engagement Boards are increasing their shareholder engagement, but their level of preparedness to address activist challenges is uneven. This year, 48 percent of respondents indicate that a representative of their board held a meeting with institutional investors over the past 12 months, compared to 41 percent in 2015. Only 25 percent of respondents have developed a written activist response plan, which may be a critical tool to effectively address a forceful challenge from an activist.

9. The Increasing Reliance On Search Firms for Director Recruitment Boards no longer primarily rely on personal networks to recruit new directors, signaling increased professionalism and a desire to tap into a wider network of candidates. For the first time since NACD began to survey its members on this issue, search firms were the leading source boards used to identify their most recently recruited director.

10. Only a Minority of Boards Conduct Individual Director Evaluations Only 31 percent of respondents report that improving the board evaluation process is an important or very important priority for their boards in the next 12 months. In fact, just 41 percent of boards now use individual board evaluations, and an even smaller number use the results of these evaluations to make decisions about replacing directors.

To learn more, visit a previous blog with an infographic of the survey’s findings

D100 Honorees Ruminate On What’s to Come

NACD Blog Feed -

Nominations to the 2017 NACD Directorship 100 are open until March 31. And while we tally this year’s annual list of the most influential people in boardrooms and corporate governance, we’re sharing responses to questions from 2016 honorees about their perspectives on directorship.

Honorees underscored the importance of creating a strategic-asset board, reflected on the joy of their life’s work, and shared why board leadership can be fun. Selected responses from the 2016 D100 class follow, complemented by photos from the D100 gala held at New York City’s Gotham Hall on Nov. 30, 2016.

To review the entire listing of honored directors and governance professionals, visit the November/December 2016 web edition of NACD Directorship magazine.

What do directors need to keep top of mind in the next five years?

Deborah DeHaas Vice chair, chief inclusion officer, and national managing partner, Center for Corporate Governance, Deloitte LLP

“Often the most effective boards draw on a diverse set of individual strengths, skills, and experiences from their directors. When brought together with the right leadership, diverse talent in the boardroom can help the company address almost any governance challenge. Such capability doesn’t just happen. It takes rigorous commitment to the principles of board composition, refreshment, and accountability to reach the level of top-performing boards. It also requires a deep understanding of current issues and challenges, anticipating those in the future, and determining what critical skill gaps need to be addressed among directors.”

Stephen R. Howe, Jr. U.S. chair and managing partner, Americas Leading Partner, Ernst & Young LLP

“Complacency with a company’s current strategy may open companies to long-term vulnerabilities. Boards must constantly assess and anticipate competitive forces and threats and drive enterprise-wide cultures of innovation and agility. They must recognize that digitalization and sector convergence will continue to disrupt business models and markets. They must oversee organizations grappling with increasingly complex and global forces resulting from ever-shifting political and regulatory agendas such as those getting underway in the United States following this year’s elections.”

Daniel Laddin Founding partner, Compensation Advisory Partners

Do not be afraid to stick out and use a less typical design if you believe it is in the best interests of shareholders. I believe we are going to see that many of the best performing companies have unique compensation designs linked to their strategies that do not necessarily fit neatly into the paradigm into we see today.”

Paula Loop Leader, PwC Governance Insights Center

“Boards will need to stay current, and that alone will be hard work. They will need to be up to date on consumer trends and technological changes, to geopolitical and other risks, to name a few. Even those directors who are immersed in all of this disruption and change are finding it hard to keep up. The board of the future will have to fully understand the landscape the company is operating in and recognize the potential disruptors that could affect the company and its strategy. To do that, directors will have to spend a lot more time educating themselves, and boards may have to consider reaching out and finding their own advisors from time to time.”

Michael McGuire CEO, Grant Thornton

“Directors need to keep the probability of rapid disruption top of mind, and then marshal the right resources and habits of mind to stay ahead of it. What are those resources? Imagination. Curiosity. Agility.”

 

Deborah D. Rieman Director, Corning and Neustar

“Boards are inherently risk averse and may devote too much of their attention to avoiding mistakes. In a slower world, that may have sufficed, but today, slow and steady can be fatal. Successful boards in the years ahead will be the ones that encourage the disruption of their own businesses, because if you don’t disrupt your own market, somebody else will.”

 

James K. Wolf Managing partner, Meridian Compensation Partners

“Regulations and statutes should continue to protect a board’s business judgment, but boards should understand that the general public will have increasingly more information from which to reach their own evaluations and verdicts about a board’s governance.”

What’s the most fun you have had while serving as a director?

Mary Ann Deacon Director, Lakeland Bank

“It has been exciting to be a part of Lakeland’s success. Our accomplishments over the years have given me enormous admiration for our wonderful employees, who make it all possible. And by far, the most fun has been interacting with all the members of the Lakeland family. It’s important for directors to step out of the boardroom and connect with people. I think of this as leadership by walking around—letting employees, shareholders, and customers know that the board is interested in and fully engaged with their needs.”

Edward B. Rust, Jr. Director, Caterpillar, Helmerich & Payne, and S&P Global

“Growing up during the initial buildout of the interstate highway system, I became fascinated with big earth-moving equipment. Later in life, I started buying antique Caterpillar tractors to restore. Joining the Caterpillar board was a natural move. I had a connection to my past but also a fascination with the rapidly changing world of manufacturing. The real fun is when we tour the proving grounds and have the opportunity to operate some of the really big equipment. ‘Getting in the dirt’ is a joy for an old farm boy, and even a director.” 

What was the greatest challenge you’ve faced in your career?

James W. DeLoach Managing partner, Protiviti

 “I never worked harder in my life to build the Protiviti brand. But the most gratifying part of the experience for me personally was working side-by-side, shoulder-to-shoulder with men and women who were as committed to our collective success as I was. Protiviti’s market presence today is one of the treasures of my working life.”

A Well-Tailored Story of Shareholder Activism

NACD Blog Feed -

From left: Shelley Broader, David Walker, Jan Fields, and Lauren Smith

Chico’s FAS, parent company of the Chico’s, White House Black Market, and Soma brands, made headlines in 2016 when an activist investor dropped its bid for board seats at the company. Chico’s FAS was one of the largest U.S. companies targeted in a 2016 proxy contest. The company’s victory was credited to a number of factors, including the new CEO’s clear vision and the board’s preemptive work on governance.

NACD’s Florida Chapter recently convened a program at the Chico’s FAS headquarters in Fort Myers, hearing insights from NACD Florida Chapter Board member and Chico’s FAS Chair David Walker; Jan Fields, chair of the company’s corporate governance and nominating committee; and Chief Executive Officer and President Shelley Broader.

To set the stage for the discussion, the group shared details about the company’s situation in 2015, prior to hearing from the activist:

  • In the spring of 2015, the company was coming off a weak earnings announcement. The stock was languishing.
  • Fields recognized the situation and began to put together a plan in her new role as head of the company’s corporate governance and nominating committee.
  • Walker became the chair of the Chico’s FAS board.
  • As the prior CEO retired, Broader was identified and slated to join in December of 2015.
  • She quickly assessed and provided the company with a four-pillar strategy that was underpinned by the philosophy that the customer is looking for an excellent experience.

Based on the actions the board took during this period, the panelists shared key steps that every company should consider—not just to fend off activists but, more importantly, to ensure the board and management are looking after all of the company’s shareholders:

  • Ask the question, “What makes us so appealing to an activist?” Think about operations, capital allocation, governance, etc.
  • Know your shareholders. The stock of Chico’s FAS is widely held, so having a strong and engaged investor relations group is a critical element in the company’s success.
  • Identify a team to help point out weaknesses and prepare for challenges. This team could include legal, public relations, proxy advisors, investment banks, etc.
  • Use the newly-formed team to help you look at the company like an activist shareholder might, and be willing to make tough decisions when performance lags. Look at your company against its peers and review what analysts are saying.
  • Utilize a skills and experience matrix to ensure the board has the talent it needs to provide oversight to the company. To avoid directors rating themselves as expert in all areas of the skills matrix, ask each director to rate his or her top three areas of strength. Consider term and age limits. Recruit “rock stars” when you need new board members and make sure they are filling any gaps identified in your matrix.

When the activist challenge arose, the Chico’s FAS board agreed on the key members who would focus on the issue, and management did the same thing, ensuring that all but a small group at the company would continue to devote themselves entirely to advancing the company’s four-pillar strategy and running the day-to-day business during the proxy fight.

For those tasked with meeting personally with an activist, Broader repeatedly stressed the need to actively listen to the activist.  Be sure to understand the activist’s point of view without reacting or prejudging any ideas or suggestions.

Though settling with an activist can sometimes be in the best interest of shareholders, leadership at Chico’s FAS determined that a fight to the proxy stage was warranted. A select group went on a roadshow, visiting significant investors, and creating tailored presentations based on the investor’s particular interests. The group also met with proxy advisory firms by phone.

The meetings proved highly valuable, with these firms ultimately siding with the company. In all of its meetings, the company articulated its strategic plan, introduced its slate of board candidates, and explained in detail why both were better options than those being proposed by the activist.

Lessons learned from Chico’s brush with an activist investor follow.

  • Shareholder relationships are like a vaccine. Maintain robust, ongoing engagement.
  • Be open to change after a vulnerability review. Taking action to address vulnerabilities can result in a stronger defense if one is needed.
  • Be willing to consider settlement but don’t settle if it is not in the company’s best interests.
  • Adopt corporate governance best practices. For example, director independence both by definition and in thinking is critical, and executive pay should be tied to performance. A board must continually hold itself accountable. (It is worth noting that Chico’s FAS is a full board member of NACD.)

What does the future hold for the company? Broader says that interesting times are ahead for retail in general, and innovation and design will be important drivers of her company’s success. While others are taking resources away from brick and mortar stores, Chico’s FAS recognizes the storefront as a key component of its omni-channel approach. No matter the path, the company’s board and management team have now learned a great deal about staying ahead of activists.

NACD Florida would like to thank the team at Chico’s FAS, for hosting the program and the panelists for sharing their experiences with attendees.

Kimberly Simpson is an NACD regional director, providing strategic support to NACD chapters in the Capital Area, Atlanta, Florida, the Carolinas, North Texas and the Research Triangle. Simpson, a former general counsel, was a U.S. Marshall Memorial Fellow to Europe in 2005.

Five Key Steps for Building a Climate Competent Board

NACD Blog Feed -

Veena Ramani

Last month, Exxon Mobil Corp. appointed a leading climate scientist to its board. Exxon’s move underscores the growing pressure shareholders are exerting on the issue of climate competent boards.

Climate competency of boards—and broader corporate attention to escalating climate change risks—isn’t just a hot topic for one set of shareholders and one oil company. It is a key investor imperative for all sectors of the economy.

Look no further than the new guidelines from the G20’s Task Force on Climate-related Financial Disclosure to understand how profoundly expectations are shifting. The task force, chaired by Michael R. Bloomberg, was created by the Financial Stability Board at the request of the G20 ministers to help companies identify and disclose which climate risks have a financially relevant impact on their business. The task force’s very first recommendation focuses on the governance practices of companies for climate change, including deeper board engagement on the topic.

So what does it mean for boards to be climate competent? Climate competency means much more than just getting one person with expertise on a corporate board. So while we applaud the important step that Exxon has taken, it’s only a first step.

At the end of the day, a climate competent board is one that can make thoughtful decisions on climate risks and opportunities that a company is facing. When trying to set up a climate competent board, companies should think holistically about what needs to be done for boards to achieve competent, informed decision-making on this issue.

Based on a recent Ceres report I wrote on this topic, View from The Top: How Corporate Boards can Engage on Sustainability Performance, here are a few key steps boards should take.

1.) Put board systems in place for climate change oversight. Boards need to have a committee that is assigned formal responsibility to oversee climate change. By doing so, companies can ensure that boards oversee how climate risks are integrated into operations and decision-making on an ongoing basis. Numerous companies have dedicated board sustainability or environment committees that can be leveraged for this purpose. Companies like Citigroup, Ford, and PG&E have specifically identified climate change as a key focus area in the charters of their board public affairs or sustainability committees. Having the issue identified in such an explicit manner ensures it will be discussed systematically in committee meetings.

2.) Include directors with expertise in climate change on boards. When climate change is a material risk to a company, boards should recruit directors with expertise on that material issue. Such companies should also explicitly identify climate change expertise as a board qualification. This means making it a part of board skill matrices. It’s worth noting that two of the country’s largest pension funds, CalPERS and CalSTRS, recently amended their global governance guidelines to ask portfolio companies to recruit directors with climate change expertise.

3.) Train the full board on climate change. Boards and management should provide climate-related training opportunities to all board members, or, at a minimum, to relevant committee members. Organizations like The Co-operators have detailed systems in place to train its board on sustainability issues that are crucial to their businesses, including leveraging external experts for this purpose. Certain groups offer education curriculums where issues like climate and sustainability are addressed.

4.) Consult stakeholders and shareholders to inform directors’ understanding of climate change. Internal training sessions are key, but it’s just as important that directors reach out to external stakeholders, including investors, to share firsthand the company’s different approaches to climate change learn from voices outside of management. Investors in particular are critical groups to engage. Having this broader multi-stakeholder perspective can help directors make better-informed decisions. In 2016, shareholders filed a record 172 shareholder resolutions on climate change and sustainability. Given that directors are fiduciaries to investors, director-investor dialogues on climate trends will provide an important context to board discussions on this issue.

5.) Be more transparent. Finally, and perhaps most importantly, we need more transparency on climate-related board decisions. We need to know whether boards are prioritizing climate change as a material issue. Companies have to do a better job of disclosing how climate trends are affecting corporate strategies and risks that are relevant to investors.

Market and shareholder scrutiny of board engagement on climate issues is only going to grow sharper with time. While companies will be impacted differently by these risks, few industries are immune. Climate change affects 72 out of 79 industries and 93 percent of the capital markets, according to SASB’s Technical Bulletin on Climate Risk.

The key for board members now is to ensure that they’re well positioned to exercise informed oversight so that they can make thoughtful decisions on this escalating issue.

Veena Ramani is program director, Capital Market Systems, at Ceres.

10 Practices for Improving the Risk Assessment Process

NACD Blog Feed -

Jim DeLoach

Effective risk assessment is fundamental to the management and oversight of risk. While the risk assessment process must be tailored to the individual needs of each organization, the hallmark of a successful risk assessment is one that helps directors and executive management identify emerging risks and face the future confidently. Rather than shuffle “known knowns” around on a risk map, a risk assessment should help decision makers understand what they don’t know.

To that end, 10 practices are summarized below that will help management and directors maximize the value derived from the risk assessment process.

1. Involve the appropriate people. Surveys we have conducted over the years indicate, without exception, that viewpoints and perspectives about risk often differ across a broad range of senior executives, operating units, and functional leaders. Therefore, it is important to involve appropriate stakeholders across the C-suite and vertically into the organization in the risk assessment process to ensure relevant points of view are heard.

2. Reduce the danger of groupthink. The risk assessment process should encourage an open, positive dialogue among key executives and stakeholders for identifying and evaluating opportunities and risks. As a safeguard against executives forming opinions or reaching conclusions without robust debate or considering dissenting views, management should ensure that all perspectives are heard from the right sources and considered in the process. Accordingly, anything an executive truly fears should be out in the open and any concerns about opportunities missed should be aired. The board should set the tone for this kind of open process.

3. Focus comprehensively on the distinctive dimensions of strategic risk. According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), there are three dimensions to strategic risk: the implications from the strategy; the possibility of strategy not aligning with an organization’s mission, vision and core values; and the risks to executing the strategy. All three dimensions need to be addressed if the company expects to avoid unintended consequences that could lead to lost opportunities or an unacceptable loss of enterprise value.

4. Understand the assumptions underlying the strategy. Boards and executives that are navigating the risk assessment process should consider how the organization’s strategy and risk appetite work in tandem, and how it will drive behavior across the organization in setting objectives, allocating resources, and making key decisions. Are risks evaluated in the context of their impact on the organization’s strategy and operations? Is adequate consideration given to macroeconomic issues? Is there a business intelligence process for monitoring the environment to ensure that critical assumptions remain valid? Is the board informed when assumptions are no longer valid? Are strategic assumptions stress-tested?

5. Consider the impact of disruptive change. The rapid pace of change in the global business environment is risky for entities of all types. Change alters risk profiles. The unique aspect of disruptive change is that it represents a choice: On which side of the change curve does an organization want to be? With the speed of change and constant advances in technology, rapid and innovative responses to new market opportunities and emerging risks can be a major source of competitive advantage. Conversely, failure to remain abreast or ahead of the change curve can place an organization in a position of becoming captive to events rather than charting its own course. The risk assessment process must be dynamic enough to account for significant change.

6. Consider appropriate criteria to assess “high impact, low likelihood” risks. When considering extreme risk scenarios, the operative question is: How resilient is our organization in the event one or more of these scenarios occurs? Velocity of the impact as the scenario evolves, persistence of the impact over time, and the entity’s response readiness are useful risk criteria to consider when answering this question.

7. Understand the sources of risk. One of the most difficult tasks in risk management is translating a risk assessment into actionable steps in the business plan. Risk owners often don’t know what to do to address significant risks based on risk assessments displayed on the traditional two-dimensional graph. Accordingly, it may make sense to source the root causes of the most significant risks to better understand them and design more effective risk responses. Therefore, the process should be designed to identify patterns that connect potential interrelated risk events—risks that are not necessarily mutually exclusive.

8. Inform the board of the results in a timely manner. Directors should agree with management’s determination of the organization’s significant risks and incorporate those risks into the board’s risk oversight process. In addition, significant risk issues warranting combined attention by executive management and the board should be escalated to directors’ attention in a timely manner. A process for identifying emerging risks should be in place to supplement the ongoing risk assessment process.

9. Integrate risk considerations into decision-making. As important as the risk assessment process is, it may be just as important to consider the impact of major decisions on the organization’s risk profile. If risk is understood to be the distribution of possible outcomes over a given time horizon due to changes in key underlying variables, it should be noted that major decisions either create new or different outcomes, some of which may be unintended, or alter previously considered outcomes. Significant decisions, therefore, should involve the board’s understanding of the organization’s appetite for risk and consider how those decisions impact the entity’s risk profile.

10. Never end with just a list. Following completion of a formal or informal risk assessment, management should designate the appropriate risk owners for newly identified risks so that appropriate responses and accountability structures can be designed for their execution. “Enterprise list management” is aimless, loses its novelty over time, and can lead to trouble if risks are identified and nothing is done to address them.

An effective risk assessment process lays the foundation for executives and directors to navigate a changing business environment with confidence. The above practices can assist organizations in defining their most important risks and enable the board to ensure that its risk oversight is appropriately focused.

Jim DeLoach is managing director of Protiviti. 

Subscribe to Lonergan Partners aggregator - Boards & Governance