Challenges for boards in 2013
Boards of directors of public companies face numerous challenges, including economic conditions and health care reform. Colorado boards, however, also face major issues caused by globalization, emerging technologies, cyber-security and IT risks, among others.
To gain a broader perspective and better insight, I recently talked to Mike Bearup, a member of the Advisory Board of the Colorado Chapter of National Association of Corporate Directors (NACD) and Denver Office Managing Partner of KPMG LLP. KPMG regularly hosts events that bring together NACD members with other directors, audit committee members, senior executives and leaders in governance to discuss challenges, emerging trends and leading practices that affect boards and their audit committees.
Mike shared his views on these key 2013 concerns.
How do you see boards of directors reacting to the concern for more risk oversight?
When I speak with Colorado boards of directors today, the consistent theme I hear is that the world is becoming more complex, creating higher expectations for boards. For example, boards of directors are expected to oversee management’s response to a wide variety of factors that could impact their business and financial results, such as digitalization, globalization, cyber-security and IT risks, and increased government regulation and enforcement, to name a few.
Effectively addressing these issues and providing appropriate oversight require specific expertise, which the boardroom has not needed until recently. As a result, I see more board focus on honest self-reflection, meaningful board assessments and continuing director education. As a result, some boards decide that they need fresh perspectives or greater diversity of views in their board candidates. This happens more frequently now than in the past.
What troubles boards the most about social media and new technologies?
One of the most interesting developments over the past few years is the growing awareness at the board level of the strategic importance of social media and information technology as well as the serious risks and opportunities they pose. As a result, boards of directors are pressing their management teams to play both offense and defense.
On the “offense” side, boards are asking questions about the cloud, social media, mobile technologies and “big data” to assess whether management is maximizing these technologies. I hear boards asking management if they are being aggressive enough and carefully watching competitors.
Today, every company must operate like a technology company to stay at the forefront and avoid being left behind by the competition. As to “defense”, there is increasing concern about the reputational risk presented by social media (i.e., who speaks for the company in social media? what are governance policies for employees? is the company monitoring Facebook and Twitter for content that may impact the brand?). In addition, cyber security risks are growing with the increased number of companies digitizing their assets.
This issue arose when we held an Audit Committee Roundtable last fall in Colorado in which a panel of Chief Information Officers (CIOs) made it clear that every company is under attack by hackers and others who are trying to access the company’s networks.
One CIO panelist stated that there are only two types of companies: those who know that they have been hacked and those that don’t know. As a result, directors are increasingly bringing CIOs into their meetings to ensure that the board and management understand the opportunities and risks posed by these emerging technologies.
Is management’s “tone at the top” enough to assure boards that companies are doing all that is needed?
Clearly, we are entering a period of tremendous pressure and change for almost every organization. In this environment, more important than ever, boards of directors must be acutely sensitive to the “tone at the top” and the examples set by leadership, and reinforce the proper governance culture of the organization.
Consider the recent “whistleblower” regulations arising from the Dodd-Frank Act, increased enforcement actions under the Foreign Corrupt Practices Act and the very comprehensive provisions of the UK Bribery Act. Under each of these, the board of directors is in the spotlight. Those from inside and outside of the boardroom are posing questions, such as:
- What processes did the board have in place to oversee the tone at the top and, even more importantly, what is the tone in the trenches?
- What actions did the board take when concerns were raised?
- Did the board approach these issues purposefully, as a meaningful element of its oversight role, or did it view this as a compliance exercise?
- Is the board hearing views from those below senior management and outside the company?
Boards are changing their approach so that they have a good sense of the culture in the company's various operations, especially those far away from Colorado headquarters. Boards recognize that governmental authorities are increasingly aggressive in these areas and the stakes are high, both in terms of penalties paid for violations and in reputational risk.
When you consider that supply chains are now global for almost every company, those companies are more vulnerable than ever to fraud, misconduct and compliance risk. It’s no wonder that boards focus heavily on this area.