Career Partners International Presents Leadership Succession Planning for Asian Businesses at SHRM Conference in Chicago

Mr. Anthony Raja Devadoss, SHRM-SCP, SPHRi serves as Managing Director and Regional Head of APAC at Persolkelly Consulting, a Career Partners International firm. Mr. Devadoss previously served as VP of APAC with KellyOCG.  He holds memberships in various local and international associations such as MIM, Human Capital Institute, and is a chapter board member of the HROA APAC.  He has received his bachelor’s degree in Science, MBA in Marketing, and a postgraduate diploma in Computing.

Wealth transfer and wealth preservation are critical topics for discussion on a global basis.  In Asia, succession planning has been ranked among the most important issues faced by family-controlled business, with over $16 trillion of wealth to be passed onto future generations in the next three decades.  According to the Family Business Institute, only 30% of family-owned businesses last into the second generation, with 12% remaining viable into the third generation.  Proper succession planning is essential to ensuring continued growth of family-owned businesses.

“Managing the complexities of succession planning isn’t just about transferring assets, though that can be complicated enough with business structures that cross national and international borders.  There are also convoluted inheritance laws and regulations, in addition to entangled family structures, that can be challenging to unpack.  Having a thorough plan in place that can be executed with precision when necessary can help parties avoid conflict, legal battles, asset depletion, and many unfavorable situations,” explains Mr. Devados.

Mr. Devados will be presenting at the SHRM Conference in Chicago on Monday, June 18th, 2018 from 2 PM to 3:15 PM.  Attendance qualifies for 1.25 SHRM PDC’s.

The post Career Partners International Presents Leadership Succession Planning for Asian Businesses at SHRM Conference in Chicago appeared first on CPIWorld.

Basic Income: A Bold Solution to a Big Problem

Peet van Biljon

While most corporate directors in the United States are focusing on the social and business impact of recent tax reform, some of them have another economic matter on their minds: the concept of universal basic income (UBI). This is our future, says a recent article quoting Silicon Valley’s Ray Kurzweil, Google’s director of engineering. Kurzweil is not alone. Other tech luminaries such as Marc Zuckerberg and Elon Musk have expressed support for it. Meanwhile, public sector leaders from Canada to Kenya are already looking at implementing this economic model.

So, what is UBI? One way to define it is to see what it is not. It was reported recently that Finland has discontinued its year-old UBI pilot. The Finnish government’s discomfort with handing out money with no strings attached got the upper hand. (However, Finland retains its generous unemployment, free college, and universal healthcare benefits.) While Finland is abandoning unconditional income guarantees, it will be lumping all government benefits together in a single monthly sum, a universal social credit. The UK government is following a similar lump-sum approach, the so-called universal credit. But neither is a basic income.

A true UBI is both universal (i.e. paid to every citizen), and unconditional, ( i.e. recipients do not have to meet any obligations to maintain their eligibility). The tax treatment of a UBI is intended to avoid any distortions normally associated with the transition point between social benefits and wage income. This distortion can be a disincentive for benefit recipients to start working. On the other hand, UBI is tax free; only additional income from other sources like wages, called the market income, is taxed. Even as market income goes up, UBI is not taxed. Tax brackets are designed so that a gross income (UBI + market) above a certain level makes an individual a net contributor, meaning what someone pays in taxes will exceed his UBI receipts. For example, with a 33.33 percent flat income tax rate, the recipient of an annual UBI of $12,000 will reach the breakeven point when her taxable market income is $36,000, on which she will be paying $12,000 in taxes balancing out the UBI. Every dollar of market income after that makes her a net contributor of taxes. The system is startling in its simplicity.

The modern idea of a basic guaranteed income has been around since Bertrand Russell made the case for it 100 years ago, but Thomas Paine proposed a form of basic income as far back as 1797. A close variant of UBI is the negative income tax, which entails payments only to those who would be net recipients under the basic income system, like those earning less than $36,000 in the example above.

So, why are so many leaders of institutions (from government and non-governmental organizations to corporations) looking at UBI right now? It is because of the ongoing unemployment trends in recent decades. In countries such as the United States, these trends are better reflected in a 20-year low workforce participation rate and precarious employment than in unemployment claims, which are currently low. There is widespread fear that the elimination of low- and medium-skilled manufacturing and administrative jobs will accelerate as new automation technologies such as artificial intelligence (AI)  spread like brushfire through the economy.

The predictions on the worker dislocation by AI and other automation technologies are piling up: In 2013 Oxford University researchers estimated that 47 percent of U.S. jobs had a high probability of being automated by 2033. This started off a range of estimates and predictions by consultancies, think tanks, and governments. For example, late last year McKinsey estimated that by 2030 between 400 to 800 million jobs worldwide may be lost due to automation, including 73 million lost jobs in the United States. PwC in 2017 estimated that up to 38 percent U.S. jobs are vulnerable to automation by 2030. On the low end is the Organisation for Economic Cooperation and Development’s 2016 measure, which estimated that 9 percent of jobs are highly automatable and another 32 percent have a significant risk of automation. There are also optimistic estimates of millions of new jobs being created by this technology—but most such predictions only offset the job loss. They do not erase the net loss that will surely result.

Both job losses and job creation have indeed been part of previous industrial revolutions, but that does not mean serious disruption can be avoided in the transition. We could have one or more lost generations of workers before the system rights itself. Just this past month, Brookings researchers provided a grim warning that with job dislocation around 38 percent (a forecast mean), “Western democracies likely could resort to authoritarianism as happened in some countries during the Great Depression of the 1930s in order to keep their restive populations in check. If that happened, wealthy elites would require armed guards, security details, and gated communities to protect themselves, as is the case in poor countries today with high income inequality. The United States would look like Syria or Iraq, with armed bands of young men with few employment prospects other than war, violence, or theft.”

This is a bleak future we all want to avoid. What’s needed is a policy response equal in size to the disruption. UBI may be a big part of the answer, but the concept is too often met by skepticism or outright hostility from business leaders who have a distaste for anything that smells like socialism.

Concerns for personal responsibility immediately come up when UBI is discussed: Won’t it take away the incentive for people to work? Won’t some people abuse it? Perhaps no one better addressed these concerns than that paragon of free market capitalism, Milton Friedman, in a famous 1968 article titled “The Case for a Negative Income Tax: A View from the Right.” Friedman pointed out that onerous conditions for social assistance interfere with personal freedom and dignity when large numbers of government bureaucrats have to screen and police recipients to make sure they do not violate eligibility requirements. It is also highly inefficient. Friedman argued that replacing the multitude of existing welfare measures with one unconditional payment would be much more efficient, increase the incentive to work, and reduce the number of permanent poor living off government programs.

More practically, if the UBI is set at a low-enough amount, and recipients keep their after-tax income from employment, ample incentives remain for people to find work to improve their status in life. For example, the Ontario pilot UBI for individuals is set at only $13,000 US per year per individual, and $19,000 US per couple. This is hardly enough to live a life of luxury on the dole.

For the same reason, companies need not worry that a modest UBI will drive up wages for low-wage workers, because the UBI might depress the labor supply.  It may do the opposite, that is enable more people to take low-wage jobs similar to the current situation where many low-wage workers in the United States are supported by the Supplemental Nutrition Assistance Program (SNAP, previously known as food stamps) program. It is estimated that U.S. taxpayers already provide working families  with over $150 billion in annual public support through the current patchwork of state and federal programs like SNAP, Temporary Assistance for Needy Families, Medicaid, and the Children’s Health Insurance Program. By design, UBI eliminates the so-called poverty trap in which people are discouraged to take work because they may earn less from wages than from the sum of these benefits. And since everyone from the CEO to janitor will get a monthly UBI directly from the government, there is no regulatory or administrative burden for companies. Furthermore, the UBI becomes a permanent safety net for laid-off employees who have exhausted their termination and unemployment insurance benefits.

Will UBI give struggling people the opportunity to lift themselves up or will it create a permanent underclass? Preliminary anecdotal feedback from the Ontario pilot is that participants are eating healthier, retiring debt, and feeling less stressed, enabling them to focus on economic advancement. This is consistent with the so-called Maslow argument for UBI. Longitudinal data is needed to properly assess the societal welfare effects of UBI and these are scarce, which is precisely why properly designed UBI pilots should be supported. One of the only UBI-like programs to have existed for years is the payment funded by casino royalties (currently about $12,000 annually) to every member of the Eastern Band of Cherokee Indians in North Carolina. The program has been extensively studied by social scientists who found compelling benefits: a 40 percent decrease in behavioral problems among poor children to a level equal to non-poor children, and a 22 percent decrease in minor crimes which means fewer kids in jail, and higher high school graduation rates.

The last big concern is the cost burden of UBI for a country. A full-scale UBI implementation could be partially funded by absorbing many existing programs into the single universal payment. Significant savings will also come from collapsing the large government bureaucracies currently employed in administrating those programs. A tiny new bureaucracy can send every citizen a monthly check or bank transfer, and the existing tax bureaucracy (e.g., the Internal Revenue Service) will process any taxable income and payments as usual. But some incremental public spending will likely be needed, and new revenue sources found for it.

Earlier this month, Canada’s Parliamentary Budget Office estimated the cost of extending the Ontario pilot to every Canadian citizen at the current rates, net of expected savings in existing spending, to be in the order of $23 billion (Canadian). To scale this to other economies like the United States, this is roughly one per cent of gross domestic product, and could be paid for with about three additional points on the federal Canadian general sales tax (GST).

UBI is a bold new mechanism for social support. But so was unemployment insurance and Social Security in their time. There are details to be worked out, and hypotheses to be tested, before rolling out such massive programs nationwide. The best way to do that is to proceed with, and copy, controlled experiments like the current pilot in three cities in the Province of Ontario. Board members and other business leaders would do well to monitor these developments and to keep an open mind on UBI. It may just save our society from the social havoc that could be wreaked by artificial intelligence.

Peet van Biljon is founder and CEO of BMNP Strategies LLC. He advises clients on strategy, innovation, and new business building. He focuses on Industry 4.0 and transformative technologies such as artificial intelligence, digitization, fintech, and the Internet of Things. He previously managed McKinsey’s global innovation practice from 2010 to 2015. Peet is an adjunct professor at Georgetown University, where he teaches a graduate course on innovation. He co-chairs the General Principles Committee of the IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems (A/IS). Peet authored a book on business ethics, Profit with a Higher Purpose, and has developed Ethics-driven Innovation, an innovation process to help clients meet the highest ethical standards. He is an electrical engineer, licensed as a professional engineer in Ontario, and also has degrees in accounting and economics. All thoughts expressed here are his own and do not necessarily reflect those of NACD.

How Does Your Board Define Age Diversity?

Paula Loop

Age diversity is an important factor to achieving diversity of thought. That’s how 91 percent of directors responded in our 2017 Annual Corporate Directors Survey. They even rated age diversity higher than any other element of diversity, including gender and race. However, we noticed that more than half (52%) of directors said they have age diversity on their board and don’t need any more of it. Herein lies the disconnect: Our definition of age diversity differs from that of most directors.

So what does age diversity mean to corporate directors? Maybe it means their board has directors who are in their 50s, 60s and 70s. Or perhaps they have one director who is 55 and one who is 80. With an average age of 63 for independent directors on S&P 500 boards (and going up), what it likely means is that they don’t have many directors who are 50 or younger. In fact, there are more directors aged 75 or older in S&P 500 boardrooms than there are 50 or under, according to our new research paper, Board composition: Consider the value of younger directors on your board. That figure demonstrates that there really isn’t a broad definition of age diversity.

To find out more about age diversity on US public company boards, we analyzed the population of directors aged 50 or under serving on boards of S&P 500 companies as of the end of 2017. We wanted to see who these directors are and what their board service looks like. What we found out is that there really aren’t many of them at all: According to our analysis of BoardEx data, directors aged 50 or under make up only 6 percent of the seats on S&P 500 company boards.

What does this mean for your board? First, if it hasn’t already, your board should consider age diversity and determine what it means for your company. Second, you might consider adding a younger director or two to the board. Most younger directors (96%) have active jobs or roles, so they can bring critical workforce skills and know-how back to the boardroom. They are more likely to have hands-on experience with newer technologies like artificial intelligence or the internet of things, technologies that companies are investing in and adopting to get ahead and stay competitive. And, in many cases, younger directors are closer to the consumers that their companies are targeting. They’re also closer to millennials, whose spending habits and workplace expectations are turning traditional marketing and human resources processes and plans on their heads.

We know that board composition and refreshment is a hot topic today, and the topic of age diversity is a good conversation for boards to have. Though there’s not one accepted dictionary definition of what age diversity is, boards may also want to develop an agreed-upon understanding about what it means to their board—and why all aspects of diversity make for healthy board discussions and better board performance.

One of the most interesting data points that came out of our new report details how companies made room for younger directors. For 62 percent of the S&P 500 board seats held by independent directors 50 and under, companies increased their board size to accommodate them. The board did not wait for traditional succession planning tools to play out, such as a director leaving the board due to retirement or term limits. Increasing board size to bring younger directors on as soon as possible indicates a real desire for and appreciation of the value those individuals would bring to the boardroom. That alone should tell you that age diversity is something to consider for your board.

Leading Change

Martin Coyne

Each of us can look back and be baffled by how much change is possible in a short amount of time. Remember landlines? Flip phones? How about the BlackBerry? It’s human nature to be resistant to change: boards and corporate directors are no different. Maintaining the status quo is more comfortable than change. Especially because leading the change requires a straightforward vision, strong leadership, and clear communication. In the words of the cartoon Dilbert: “Change is good, you go first.”

But change is necessary for company growth and success. And the National Association of Corporate Directors is one organization that not only talks about change but gives board members and leaders the tools to help boards model and implement change. At NACD’s Global Board Leadership Summit this fall, we’ll discuss how we as board directors can embrace our leadership role, set a positive example, and encourage change.

Oversight Is No Longer Enough

Emerging technologies and new customer demands are now constant threats to established products and business models. These threats affect sustainable and profitable growth, but boards can counter these issues by continuously helping management to evolve their business models, investments, and skill sets.

Expectations of capitalism and acceptable corporate behaviors are also changing, forcing a better balance of achieving profits and having a positive societal impact. A good example is a company’s focus on reducing its environmental footprint. This means that we are now seeing the focus on shareholders shift to include all stakeholders, such as employees, suppliers, customers, and communities.

All this is part of taking an active role in creating the optimal organizational mission and culture. Changing our behavior, processes, and interactions from oversight and support to an active leadership model is crucial to ensure success in our evolving world.

Leading Change Is Necessary

External pressures, rapidly changing governance requirements, and differing stakeholder expectations are all good reasons to call for change.

Failure to change may jeopardize not only a company’s performance, but also its very survival. Poor performance impacts everyone, but proper board and director performance can create a competitive advantage that increases value for all stakeholders. Stagnation is the enemy and change will keep your organization sustainable and on the lookout to avoid pitfalls.

Necessary Board Components for Success

When I look back over my career as a board member, these four pieces are critical to effectively lead and enact change:

  1. Boards need to be comprised of directors who understand and have effectively led change management;
  2. A board’s culture of embracing change should be a model for the entire company;
  3. Board information and processes need to align with and support the new culture to achieve its goals; and
  4. A board’s composition should reflect and support its new evolving culture and behavioral design.

Key Takeaways to Remember

To start leading change in your boardroom, define and describe the mission, values, and culture that you want your company to embody. Boards should assess what the organization needs to retain and what aspects would be most beneficial to change.

Build off of the strengths in your company and initiate change management plans to achieve your new vision. This includes evaluating the current board composition, leadership and processes and taking action to make changes in a timely manner. Once initial changes have been made, continually assess progress towards your vision and course correct as needed. Don’t be afraid of needing to shift direction in the future.

If there’s one constant, it’s that change will always continue. It never stops. Change impacts all of us, and for boards and company leadership to be successful, effective change management should be a required element in the makeup of every board.

Like our cartoon friend Dilbert challenges us, are you ready to go first, lead, and create an inspiring vision for sustainable value creation for your constituencies? I’m looking forward to discussing change, the ever evolving transformation of our world and more at the 2018 Global Board Leaders’ Summit September 29 through October 2 in Washington, DC. Register now and join me there.

Martin Coyne is a director of EyeNuk. Coyne is the chair and founder of the CEO Learning Network and he is the chair emeritus of the National Association of Corporate Directors’ New Jersey Chapter.

The Future-Ready Workforce: Lead the March

Brian Baker

Some claim that seven million jobs will be lost, and more than half of jobs will be replaced. Others claim that 2.3 million jobs will be created, exceeding the 1.8 million that it will removed. These are just some of the forecasts pundits are making about the impact artificial intelligence (AI), automation, robotics, and more will have on jobs and the changing nature of work in the United States.

When taken together with many other forecasts, there is really only one conclusion. We really don’t know what the impact will be. What we do know is this: change is happening and it’s happening fast. And beware, we humans tend to underestimate the amount of change that will happen in the next 5 years. Don’t get caught. One of the single biggest questions the board needs to be asking of their CEOs is, “Is our workforce strategy built for the future of work?”

Despite all of the rhetoric about advanced and emerging technologies creating massive job losses, our economy will continue to function as the “human operating system” that will power organizations of all sizes. The most adept leaders will recognize advanced technologies as opportunities to unlock the full potential of humans rather than considering those technologies as simply a way to replace jobs and reduce costs. Our capacity for curiosity, customer devotion, empathy, problem-solving, relationship building, and more will be difficult to replace.

Technology, automation, robotics, AI, side-by-side with the human operating system, is the new currency in a workforce prepared for the future of work. Importantly, 62 percent of organizations rate themselves as ineffective at this type of workforce planning.

Board members in companies of all sizes should be asking, therefore, the following questions of the C-Suite.

What should our workforce look like in five and 10 years, and what is our plan to achieve that end state? So far, only one in five human resources leaders have begun implementing strategies to develop their workforce for tomorrow. While this figure is surprisingly low given the urgency with which company leaders need to act, it’s these leaders who are positioning their companies ahead of the curve and widening their competitive moat against those who choose to delay or take no action at all.

What are the external trends defining the future of work that we are harnessing for success? Which ones could prevent us from delivering on our goals? Mercer’s 2018 Global Talent Trends report is a good starting point to learn more.

Is the leadership team and workforce ready for the speed of change required to win? Only 18 percent of C-Suite leaders describe their organization as agile enough today to succeed through change.

Should we be measuring the long-term health of our company differently than just earnings or stock price given the changing nature of work? What are we doing to develop and retain talent? Does our mission statement reflect the need for customer devotion and a purpose-driven culture? How are we measuring whether or not we are delivering on our mission?

What are we doing to upskill and reskill our workforce to improve their digital literacy? Only 15 percent of company leaders consider themselves leaders a digital organization, with 53 percent reporting they have not yet begun their journey or have a long way to go. That makes it even more surprising that only 15 percent of C-Suite leaders believe that upskilling and reskilling employees for new and changed roles, driven by digital and technology, will make a sizable difference to business performance.

Today’s board members and leaders can’t afford to wait any longer. The technology innovation curve is a hockey stick and many believe we are about to hit the elbow as AI and other technology capabilities begin to approach and surpass human intelligence. Those leaders who embrace the pace with urgency will set themselves up for accelerating growth while those who don’t will find that the notion of being able to catch up has vanished.

No business is immune, and how the workforce will morph and adjust needs to be at the center of gravity in all board room discussions. Think about these facts from the World Economic Forum:

  • 35 percent of the core skills of today could change by 2020
  • 65 percent of the jobs our own children in elementary school will be doing in the future do not yet exist

These are just a couple of data points that capture the significant change ahead. Are you ready? If you believe your C-Suite is behind in developing a workforce strategy to compete in the digital age, now is the time to leap forward. If you believe they are ahead, it’s time to invest in accelerating their march.

Brian Baker is a Partner in Mercer’s New York office and the US Digital Workforce Leader. He is focused on helping business leaders determine and build their Workforce for the Future strategy and execution plans.

Tone at the Top: Making the Music Match the Words

Roger O. Goldman

“What would you do if I sang out of tune? Would you stand up and walk out on me? Lend me your ears and I’ll sing you a song, and I’ll try not to sing out of key. Oh, I get by with a little help from my friends.”

When The Beatles first recorded that song in 1967, it’s a safe bet they weren’t thinking about corporate governance and the role of the board of directors. Yet, as I’ve pondered the array of corporate scandals over the past decade, I found these fifty-one-year-old lyrics floating to the forefront of my mind.

Here’s why.

Whenever there is a highly publicized failure of corporate governance, the first question that’s typically posed is, “Where was the board?” However, in my experience—after 20-plus years of service in public and private companies, both in the for-profit and nonprofit sectors—that question rarely gets to the heart of the matter because process isn’t the primary culprit. A better question is, “What happened and why?”

Conventional wisdom examines whether the board had sufficient information, process, and the right reports. What often doesn’t get scrutinized is whether the board had the right people in the right places and if the chair or lead director is doing his or her job setting the tone at the top.

In this rapidly changing, complex world, it is incumbent upon the chair or lead director to continuously improve both the process and substance of governance, even in the strongest and healthiest of companies. This is where The Beatles’ lyrics come into play.

The Complexities of Conducting

The role of the chair or lead director is similar to that of an orchestra conductor. The conductor’s primary duties are to interpret the musical score of the composer via an ensemble of players. Using indications within the score, the conductor sets the tempo, shapes the phrasing, and guides the players to perform in concert. While it sounds simple enough, it’s a task of enormous complexity.

The sheet music that an orchestra is given can be likened to the committee charters and board responsibilities. The paper needs to contain the “right tune” and the right mix of notes, etc., but those same notes can be played beautifully or poorly, in harmony or in discordance. Even if individual performers are playing well, one bad violinist can wreck the whole orchestra if his or her part is not minimized or if the conductor doesn’t have the power or influence to get rid of the bad player. Taking the analogy further, the conductor also has to spot the talented players (i.e. board members), even if they are hidden away or young, and feature them.

Then there’s the pacing of the score—think board process. Whether it’s played loudly, softly, fast or slow, is a matter of feel. That’s what the conductor is expressing with his or her gestures and baton-waving. And, of course, the conductor has to be ahead of the music, so the sound carries to the audience, as well as anticipate what’s next.

So, you can have all the scores (or board processes) you want, but if the conductor can’t make the band of sterling musicians work together, the net result is less than stellar performance.

It’s doubly challenging in cases where the board doesn’t have an independent chair because the power of the lead director is usually quite limited, leaving him or her to conduct solely through influence versus explicit authority. In the corporate realm, these are some of the factors that must be considered when making governance better.

Soft Yet Hard

In its recent report, the NACD Blue Ribbon Commission on Culture as a Corporate Asset aptly stated, “While it is often perceived as a ‘soft issue,’ [culture] is actually a hard issue—both in the sense of having concrete impact, and in the sense of being difficult to assess.” The same is true of tone at the top. It can be incredibly hard to assess because it’s ethereal in nature, like the orchestra conductor filling the concert hall with melodious music.

But it does come down to the interactions among the board and its committees, and the transparency of information flow between management and the board at all levels. The responsibility for the “tone” of these interactions, i.e., getting the music to sound good, resides with the board chair or lead director.

In the collective interest of corporations and shareholders everywhere, there’s much to be gained by the ongoing tuning of this tone. Regularly posing the following questions is one example:

  • Are your governance processes appropriate for the speed of change today?
  • Is there sufficient clarity about the roles and responsibilities of the directors and management?
  • Are the right people in the right places for today and tomorrow?
  • Is the orchestra playing in concert in the eyes of the audiences, i.e.. customers, employees, shareholders and the broader community?

The answers are less important than asking the questions and bringing this kind of curiosity to the board room now.

As the aforementioned NACD Blue Ribbon Commission reported, even for companies with healthy cultures, resting on laurels isn’t an option. The stakes are simply too high and the operating environment too volatile not to seek continuous improvement.

It concluded that, “Performed properly, culture oversight not only can be embedded into directors’ existing activities, but also can significantly improve the quality and impact of the board’s work overall.” This notion of making the music match the words when setting the tone at the top goes right along with the Commission’s finding. That, and a little help from friends, might even mean singing on key.

Roger O. Goldman is chair of the executive committee of American Express National Bank, lead director of Seacoast Bank, and former chair of the board for Lighthouse International. Opinions are his own.

Talk to Your Auditors About Cybersecurity

Cindy Fornelli

If you’ve ever seen a television ad for a prescription drug, chances are you heard a soothing voice urging you to “talk to your doctor” about the treatment in question.

Now, I may not have a silky voice fit for TV, but I do have a similar message for the distinguished readers of the NACD Board Leaders’ Blog: Talk to your auditors about cybersecurity.

The Importance of Communicating About Cybersecurity

Unlike a blockbuster pharmaceutical, there is no magic pill that can solve the big, complex, and evolving issue of cybersecurity. In recent years, however, the key elements of a sound approach to cybersecurity have become clearer, and one of those elements is communication.

Regulators certainly recognize the importance of communication from businesses to investors. In September 2017, Securities and Exchange Commission (SEC) Chair Jay Clayton stated, “I recognize that even the most diligent cybersecurity efforts will not address all cyber risks that enterprises face. That stark reality makes adequate disclosure no less important.”

Accordingly, the SEC remains strongly focused on ensuring the adequacy of public company disclosures of cybersecurity risks and how those risks are managed. Likewise, investor groups, such as the Council of Institutional Investors, have also asked company boards to strive for transparency in reporting efforts around cyber threats.

At companies, communication is no less critical between and among boards of directors, company management, external auditors, and internal auditors. Each group has a role to play, and each must have a grasp of the others’ roles. Ongoing dialogue fosters this understanding.

CPA Firms and Cybersecurity: Bringing Expertise and Values

Before jumping into a dialogue with external auditors, a board member might wonder, “Why talk to an accounting firm about cybersecurity?” It’s a fair question, with two simple answers.

  • Deep expertise. Not only do certified public accounting (CPA) firms provide independent assurance services in both the financial statement audit and a variety of other subject matters, they have played a role in assisting companies with information security for decades. In fact, four of the leading 13 information security and cybersecurity consultants are public accounting firms.
  • Strong values: CPAs bring to bear strong values that have defined and guided the profession for over a century. Foremost among these values are independence, objectivity, and skepticism.

Key Topics to Discuss with Your Auditor

So, having established that a conversation with a CPA firm about cybersecurity is a good idea, what is there to talk about with your auditors? The Center for Audit Quality (CAQ) has recently released a cybersecurity tool for board members to guide these conversations. The tool, which leverages resources from NACD and others, covers areas including the following important topics.

How the Financial Statement Auditor Considers Cybersecurity Risk

An essential starting point in the dialogue is to get clarity on the current roles and responsibilities of the financial statement auditor when it comes to cybersecurity. This conversation may include, if applicable, the audit of the effectiveness of a company’s internal control over financial reporting (ICFR).

A talk with the external auditor might involve the following questions.

  1. How does the financial statement auditor’s approach include the consideration of cybersecurity risks when identifying and assessing risks of material misstatement for the financial statement and ICFR audits?
  2. If, as part of understanding how the company uses information technology in the context of its financial statements and ICFR, the financial statement auditor identifies a cybersecurity risk, how does that risk get addressed in the audit process?
  3. Why don’t the financial statement auditor’s procedures on an ICFR audit address all of the company’s enterprise-wide cybersecurity risks and controls?
  4. What impact does a cybersecurity breach have on the financial statement auditor’s assessment of ICFR?
  5. In the event of a cybersecurity breach that results in a potential need for a contingent liability that could be material, what is the audit response of the financial statement auditor?

How CPA Firms Can Assist Boards in Cyber-Risk Oversight

Although cybersecurity risk management practices are typically beyond the scope of a typical financial statement audit, the CPA profession’s commitment to continuous improvement, public service, and increased investor confidence has resulted in a greater focus on this area.

One example is the cybersecurity risk management reporting framework developed by the American Institute of CPAs (AICPA). The voluntary framework, known as SOC for Cybersecurity, enables CPAs to examine and report on management-prepared cybersecurity information, thereby boosting the confidence that stakeholders place on a company’s initiatives.

Here are seven questions to ask CPA firms about these initiatives.

  1. How can the AICPA framework be used as a self-assessment tool to help management or the auditor (via a readiness engagement) identify opportunities for improvement in the company’s cybersecurity risk management program?
  2. How is the AICPA’s cybersecurity risk reporting framework used by auditors as part of an attestation service to evaluate management’s description of its cybersecurity risk management program? How does it determine whether controls within the program were effective at achieving the company’s cybersecurity objectives?
  3. What technical expertise do CPA firms possess that qualify them to perform a readiness engagement or an examination to validate effectiveness of controls specific to a company’s cybersecurity risk management program?
  4. The SOC for Cybersecurity examination cannot prevent or detect a cybersecurity threat or breach. Accordingly, what is the goal of the cybersecurity examination?
  5. What factors should be considered by the company and the CPA firm prior to engaging its financial statement auditors to perform the readiness assessment or examination for entities subject to SEC independence rules?
  6. What is the audit profession doing to help address cybersecurity risks from third party vendors or service providers?
  7. What other types of engagements are available to help board members with cybersecurity risk oversight?

These questions, of course, are just a starting point. I urge you to read the CAQ tool for more ideas on how you can—and here I switch to my smoothest TV-announcer voice—talk to your auditors about cybersecurity.

Cindy Fornelli is a securities lawyer and has served as the Executive Director of the Center for Audit Quality since its establishment in 2007.

Adena Johnston, PhD: Doctor of Management in Strategic Leadership

Career Partners International (CPI) is proud to announce the academic achievement of a key team member. Yes, Adena Johnston, Vice President and Practice Leader for CCI, a Career Partners International firm in Greater Philadelphia, has completed the requirements for the Doctor of Management in Strategic Leadership and will formally receive her degree and doctoral honors on May 6th from Thomas Jefferson University.

Johnston is a part of the school’s first graduating cohort and is thrilled to be a contributing member of the program. Johnston articulates, “Being the first cohort of a program is an opportunity to blaze the trail for others and to conduct research that is both relevant for leaders facing disruption and for practitioners who devote time and attention to organizational development. My research applied a design thinking and systems thinking intervention to re-envision talent management for the 4th Industrial Revolution. The results showed that applying my practitioner-method helps pave the way for organizations to compete in a rapidly shifting landscape.”

As a Practice Leader for Talent Development, Adena knows that talent management is a complex blend of many factors and that organizations that get it right proudly demonstrate their high performance. The research that Adena completed will enable her team to not only examine deeper leadership development channels, but also assist clients in leading the change that organizations need to become successful in the future. “CPI is a very client-centric organization. We are routinely asked to consult on issues of organizational concern such as employee engagement and enhancing the employee experience. There is a lot of conjecture about the future world of work. Adena’s research gives us a validated view of what leaders predict and what the related emerging issues may be. Creating innovative and strategic programs to pave the way forward for our clients is our goal,” states Sharon Imperiale, President of CCI.

Adena is a highly skilled consultant; in addition to her recent doctoral studies in leadership strategy, she holds a M.S. in Organizational Dynamics from the University of Pennsylvania as well as certification as an Organizational Consultant and Executive Coach. In addition to her academic credentials, she is an adjunct professor teaching Sociology, Culture in the Workplace, Psychology, Leadership and Organizational Development. Adena’s expertise is as vast as her desire to assist clients with developing and reaching all their goals.

The post Adena Johnston, PhD: Doctor of Management in Strategic Leadership appeared first on CPIWorld.

The Relevance of Sustainability Performance to Board Risk Oversight

Jim DeLoach

Jim DeLoach

As discussions of sustainability move beyond financial performance, they tend to spawn divergent views. Many frame the term as what constitutes responsible behavior in driving continued development and growth without deteriorating the environment, depleting natural resources, or creating conditions that destabilize the economy and vital social institutions. Still others prefer to cleave to the traditional view of the corporation and remove external stakeholders and the environment all together to focus solely on the sustainability of the business and its profits.

The type of short-term thinking applied when formulating policy and the kinds of long-term thinking driving sustainability development discussions are like oil and water, and looking to the business world, short-termism on the part of senior management is a sustainability killer. Without a long-term outlook in both the private and public sectors, the sustainability discussion will continue to be over before it begins.

Straight talk about sustainability leads to acknowledgement of several important realities:

  • Sustainability performance without acceptable financial performance is untenable. The two must be integrated, and neither is a substitute for the other. Overreach in pursuing either preempts long-term progress.
  • Many directors and senior executives believe the focus on sustainability is inevitable and, of necessity, strategic. Some constituencies believe that investments on the environmental, social, and governance fronts are incompatible with positive near term returns.
  • Reasonable people can differ in their views as to the appropriate sustainability objectives for a given organization, based on the industry, stakeholder interest, and long-term outlook, as well as the time frame in which the entity should pursue those objectives.
  • A meaningful impact is only possible through the collective efforts of multiple entities in the private sector, sound policies in the public sector, cross-border global cooperation, and investors committed to the sustainability agenda.

The concept of selective investing offers a set of standards for a company’s operations that socially conscious investors use to evaluate investment alternatives. As professionally managed funds deploying environmental, social, and governance (ESG) factors to screen investments have increased assets under management into the trillions of dollars, directors and executives have taken notice. Earlier this year, the CEO of BlackRock issued a letter to chief executives calling for a “positive contribution to society” beyond financial performance in realizing their organization’s full potential, with emphasis on “understand[ing] the societal impact of [their] business as well as the ways that broad, structural trends—from slow wage growth to rising automation to climate change—affect [its] potential for growth.” As these and other related demands have increased from the investor community, so have requests for increased transparency.

Governance—the “G” in “ESG”—has steadily emerged as a significant differentiator and, increasingly, a make-or-break factor for investors. Bad corporate behavior during the Enron era at the turn of this century, reckless risk-taking precipitating the 2007-2008 financial crisis, catastrophic cyber breaches, egregious violations of laws and regulations, and wanton disregard of safety considerations in addressing cost and schedule pressures have accentuated the importance of effective governance and the strong organizational culture it encourages. As important as these matters are, they’re mere table stakes. The focus on sustainability raises the bar further, with the BlackRock letter calling for a “new model for corporate governance.”

There are other reasons why ESG is important. Younger generations place high importance on sustainability issues. A recent survey noted that 56 percent of public company directors believe that a corporate social responsibility policy increases a company’s ability to attract and retain employees. Also, deploying cost-effective technologies to increase process efficiencies and develop environmentally friendly products and services has become attractive in many sectors. While there is a long road to travel littered by brutal politics and more questions than answers, world opinion has been coalescing around achieving the goal of sustainable development.

Perhaps this is because the world around us all is changing so much. Advanced technologies make feasible what was impossible a decade ago. Global population growth continues to explode, and changing demographics and resource scarcity affect operations. Businesses are left to ask themselves what they are to do in the face of these changes, and corporate directors have a role in leading their companies to action.

Directors should ensure that management answers the question, “What does the organization do about sustainability?,” based on the nature of the entity’s industry, culture, markets, stakeholder priorities, regulatory environment, appetite to lead and invest, intrinsic challenges from an execution standpoint, and long-term outlook. Approaches to consider might include the following:

  • Articulate sustainability guiding principles and core values;
  • Assess current ESG performance to identify gaps and opportunity areas;
  • Conduct an assessment of opportunities to improve performance and address the risks of inaction;
  • Assess the entity’s current policies, processes, organizational structure, reporting, methodologies, and systems supporting the pursuit of sustainability objectives;
  • Based on the above, formulate a sustainability strategy and road map of key initiatives supporting that strategy;
  • Establish accountability for results by setting targets, assigning executive sponsorship, defining initiative ownership, specifying the appropriate performance metrics, and integrating those metrics with operational performance monitoring and the reward system; and
  • Establish disclosure controls and procedures to ensure reliable internal and external ESG reporting.

The strategy taken by investors in this age of sustainable development is challenging perceptions of the role of the corporation in society. The questions around sustainability—and how hard companies should be working to drive it as a goal—require serious reflection for executive management and the board. A strong commitment to sustainability places an emphasis on actions, not words; on disruptive innovation, not “business as usual”; and, most importantly, on leadership, collaboration, and transparency.

Jim DeLoach is managing director of Protiviti. 

What New Directors Should Expect from Cybersecurity Briefings

Tom Turner

As a member of your company’s board, you know that cybersecurity is a critical risk that simply cannot be ignored, and that should be reported on regularly by the appropriate executives. According to the 2017 NACD Director’s Handbook on Cyber-Risk Oversight, 89 percent of public-company directors say cybersecurity is discussed regularly in board meetings, and 72 percent of private-company directors say the same. Most companies are clearly moving in the right direction.

However, not all directors are familiar with cybersecurity operations and how to assess the associated risks. If you’re a newer member of your company’s board, you may wish to review some of the following topics that you should expect from security and risk teams in their cybersecurity presentations.

Navigating Your First Briefing

If this is your first time listening to a cybersecurity presentation at a board meeting, you can expect the chief information security officer, or CISO, to provide a short background on the company’s cybersecurity practices and how they define cybersecurity in their organization. They’ll also discuss how the board should approach oversight of cybersecurity. The most effective CISOs talk in terms of risk management, which means cutting out technical jargon and focusing on business value. They may also draw the board’s attention to cybersecurity’s impact on stock price and bottom line to establish a common language.

Below are some of the topics you can expect to be reviewed:

  • How the company generally approaches cybersecurity, including the organizational structure.
  • The company’s security performance benchmarked against industry peers.
  • Risks to the company’s cybersecurity environment.
  • The types of data that security teams think is most critical or sensitive to your company’s continued operations.
  • The critical operations that could be impacted by a cyber incident.
  • Some of the key external threats, insider threats, and third-party risks the CISO believes the company faces. This may include examples of cyber incidents that have occurred in other organizations in your sector or beyond.
  • How they envision board member involvement in cyber-risk oversight and to which types of issues the board should be involved in the response.
  • The cybersecurity and risk management programs the organization has in place.
  • How employees are trained on security internally.
  • The cybersecurity policies the company has in place today and the effectiveness of compliance with those policies.
  • They type of information they plan to share in future presentations.

What to Expect Going Forward

Now that you’ve experienced your first cybersecurity presentation as a board member, you can expect that the CISO will continuously educate you and the rest of the board on critical issues. You can expect to be briefed on the effectiveness of the risk management tactics the company is employing. In other words, you should know where and how the company is succeeding or failing (and how that compares to previous quarters), as well as any areas that need strategic improvement.

Here are some topics you can expect from the CISO in their ongoing security presentations to you and the rest of the board:

  • Technology that the company has purchased and integrated—with a focus on what it is doing for the organization.
  • Technology the CISO wants to purchase and why.
  • The accountability metrics the security team has created, categorized in the following ways, and followed by questions directors should ask the reporting CISO:
    • Audit & Compliance Metrics
      • Are we ISO-27001 compliant?
      • Do we have a vendor risk management program?
      • Do we have any outstanding high-risk findings open from our last audit or assessment?
      • What percentage of the NIST framework are we implementing?
    • Operational Effectiveness Metrics
      • How quickly can we remove employee network access?
      • How quickly can we (or our vendors) identify and respond to incidents?
      • What percentage of our users click on spear-phishing training emails?
      • How did we compare to our peers across certain time spans?

There is a lot to consider and process when listening to an effective cybersecurity presentation. Be sure to prepare yourself beforehand so that you know what to expect and can contribute to future meetings accordingly.

 

Tom Turner is CEO and President of BitSight.