Elevating Board Performance in the New Era of Extreme Innovation and Risk

When NACD was founded more than 40 years ago, one of our mantras was “nose in, fingers out.” John Nash, Ron Zall, and other director education pioneers at NACD were teaching directors to oversee management without getting too involved in it. Governance (also known as oversight) was considered to be very different from management (also known as operations). Directors were to keep their hands off the company’s steering wheel.

During that same era, in perfect parallel, federal securities rules (under Section 14a of the Securities Exchange Act, to be exact) identified certain topics as off-limits for proxy resolutions because they were deemed to be about ordinary business and not proper for shareholder votes. When companies have asked for permission to exclude such proposals, they have received assurances that the US Securities and Exchange Commission (SEC) would not take action in so-called no-action letters.

However, in recent years the formerly sharp separation between governance and management has blurred. To keep pace, NACD’s courses today focus on a wide range of topics, and the agendas of our educational events, in-boardroom programs, and local chapter events are rooted in helping directors lead with confidence in the boardroom. While our programs historically focused primarily on the core duties and responsibilities of directors, our programs today help translate the unknown into the merely uncertain, and no topic is off-limits for our educational programs if it matters to long-term company value. For their part, regulators have taken the stance that shareholders should be able to propose resolutions on any topic of strategic importance; these are no longer excludable under Section 14a.

What happened? From my standpoint, the sharp increases in both innovation and risk moved the needle for board involvement. This is why discussions with corporate directors about topics such as the intersection and convergence of cloud, mobile, and social media have evolved from “those are management topics” to “I need to know how emerging technologies are impacting our business.”

We’ve seen how Airbnb has transformed the hospitality industry, how Uber and Lyft have transformed the transportation industry, and how Amazon has transformed retail and health care via its acquisition of Whole Foods Market and their partnership with JPMorgan Chase & Co. and Berkshire Hathaway. All of these stories exemplify innovation.

The plot thickens when we add regulation to the mix. Many of our discussions with boards and directors today are focused on understanding the convergence and intersection of innovation, risk, and regulation. Consider Getaround, which is leveraging the sharing economy to enable car owners to rent their cars to others for income and provides on-demand car rental insurance. To accomplish this goal, the founders of Getaround needed to work with financial services regulators to create insurance policies that would enable their business model. Getaround’s model is now working, so to the directors who oversee Hertz, Enterprise Rent-A-Car, and National Car Rental are now asking management, “How are you going to evolve?”

Finally, we have seen how cryptocurrencies and blockchain—which are rooted in the intersection and convergence of innovation, risk, and regulation—are creating, disrupting, and enabling industries. In response, we are seeing how both the SEC and board members are playing catchup.

All of these examples are reflected in a recent NACD survey showing that industry disruption tops directors’ lists of business concerns. In such an environment, directors may well keep their hands off the wheel, but they will be standing at the tiller right beside management, offering encouragement and wisdom, and asking more than a few questions.

What’s next for directors and boards? My suggestion is to keep learning.

It’s Lonely at the Top; CEOs Benefit From Executive Coaching

Among top talent in executive offices, the vast majority of leaders have proven themselves to be intelligent.  That’s a given.  The difference between success and failure as a leader often comes down to soft skills, those traits that aren’t found on a resume.  Based on an anonymous survey, Harvard Business Review notes that 68% of surveyed CEOs did not feel adequately prepared for their position, largely due to poor preparation of interpersonal skills.

Career Partner’s International (CPI) has over thirty years of experience developing leaders, preparing them to manage themselves and their teams effectively and efficiently.  CPI executive coaches work with clients and leaders, employing wide variety of assessments and tools to harness a leader’s strengths and identify areas for improvement.  CPI utilizes a custom process and framework to ensure leaders are developing and client’s goals are being met.  No two coaching sessions are the same, every engagement is specifically tailored to meeting a unique business case.

Thousands of executives around the globe have found success in their roles with the support of CPI.  “My coach helped me develop self-awareness, allowing me to better communicate with my staff.  She challenged my own paradigms and helped me to think with a new focus which created more success in my business.”  -CEO

Forward thinking organizations use coaching as a core component of their leadership development strategy.  Through coaching, leaders’ personal and interpersonal skills are enhanced, allowing them to focus on and drive continued business growth.  CPI programs are designed to deliver measurable results that meet and exceed the organization’s goals.

The post It’s Lonely at the Top; CEOs Benefit From Executive Coaching appeared first on CPIWorld.

It’s Lonely at the Top; CEO’s Benefit From Executive Coaching

Among top talent in executive offices, the vast majority of leaders have proven themselves to be intelligent.  That’s a given.  The difference between success and failure as a leader often comes down to soft skills, those traits that aren’t found on a resume.  Based on an anonymous survey, Harvard Business Review notes that 68% of surveyed CEO’s did not feel adequately prepared for their position, largely due to poor preparation of interpersonal skills.

Career Partner’s International (CPI) has over thirty years of experience developing leaders, preparing them to manage themselves and their teams effectively and efficiently.  CPI executive coaches work with clients and leaders, employing wide variety of assessments and tools to harness a leader’s strengths and identify areas for improvement.  CPI utilizes a custom process and framework to ensure leaders are developing and client’s goals are being met.  No two coaching sessions are the same, every engagement is specifically tailored to meeting a unique business case.

Thousands of executives around the globe have found success in their roles with the support of CPI.  “My coach helped me develop self-awareness, allowing me to better communicate with my staff.  She challenged my own paradigms and helped me to think with a new focus which created more success in my business.”  -CEO

Forward thinking organizations use coaching as a core component of their leadership development strategy.  Through coaching, leaders’ personal and interpersonal skills are enhanced, allowing them to focus on and drive continued business growth.  CPI programs are designed to deliver measurable results that meet and exceed the organization’s goals.

The post It’s Lonely at the Top; CEO’s Benefit From Executive Coaching appeared first on CPIWorld.

How Lead Directors Are Helping Their Boards Keep Pace

The demands on the board’s time and agenda continue to mount as a host of critical issues—from technology and business model disruption to investor scrutiny, and from regulatory and political uncertainty to geopolitical risk—collide and reshape the business landscape.

As the business and risk environment becomes more complex, how are lead directors helping their boards add value and raise their game? What are their key areas of focus?

Discussing these questions with a number of lead directors in the past several years, I’ve heard recurring themes: the importance of the lead director’s role in setting the board agenda, the lead director’s relationship with the CEO, CEO/leadership succession, and shareholder communications. But virtually all the lead directors emphasized the importance of two additional topics that need to be top-of-mind: board composition and diversity, and enhancing board operations and oversight processes.

Board composition and diversity

Institutional investors continue to focus on board composition and diversity, expressing concern about low director turnover and whether board directors can guide the company and its strategy in the future. As Vanguard Chair and CEO William McNabb wrote in a 2017 letter to public company directors, the board “is one of a company’s most critical strategic assets,” and it should be “a high-functioning, well-composed, independent, diverse, and experienced board with effective ongoing evaluation practices.”

Developing and maintaining a high-performing board requires close coordination between the lead director and the nominating and governance committee chair—whose responsibilities for board composition may be similar or perhaps overlap. Determining the company’s current and future needs is the starting point for board composition, but a broad range of related issues require leadership and coordination—including succession planning, director recruitment, age and term limits, diversity, board and individual director evaluations, removal of underperforming directors, and board refreshment, as well as disclosures on these issues. As one governance observer has noted, the quality of board governance begins with board composition.

Enhancing board operations and oversight processes

Operations and oversight processes are also top-of-mind for lead directors today. This includes coordination across committees to focus on the issues most critical to the company’s success and long-term value creation, such as strategy, innovation, disruption and strategic risks, capital allocation, performance, leadership, and talent.

To devote more time to these issues while also remaining focused on compliance, operations, and so-called “rear-view mirror items,” many boards have significantly increased their time commitment in recent years. But that alone is insufficient, and lead directors and nominating and governance committee chairs are now focused on how they can improve board operations and oversight processes—and the nature of their engagement with management teams and among directors—to devote more time to these critical issues.

The steps lead directors are taking include:

  • Crafting board agendas to devote more time to key issues
  • Assigning board committees to take deeper dives into issues that require more focus and attention
  • Improving communication between the board and its committees
  • Considering the quality of information flow and boardroom discussions
  • Reassessing committee structure, including the need for additional committees (e.g., finance, technology, or risk)
  • Encouraging greater engagement among directors between board meetings
  • Tapping individual directors to take the lead on specific issues
  • Developing an effective process to “connect the dots” and help ensure talent, compensation, culture, risk appetite, and controls align with strategy

In short, the important, and difficult, question lead directors are asking today is whether management and the board have the right governance structure and processes in place to drive critical business activities—to manage risk and calibrate strategy in a coordinated way.

Survey Demonstrates Room for Change at Private Companies

No doubt private company directors have felt the ache of overburden for some time. Much like their public company peers, private company directors’ roles have become increasingly difficult for years. The pace at which the business environment is evolving shows no sign of pause, with cybersecurity and other critical risks becoming more complex and forcing the board agenda to expand. It is not surprising that in these conditions private company directors and executives have dedicated themselves to learning more about the state of private company governance.

NACD recently published the 2017–2018 NACD Private Company Governance Survey. We asked directors and senior executives at nearly 400 private company to share their perspective on a wide variety of governance issues. While the results of our survey showed no upheaval in private company governance, there are several important findings to share.

This year we took a careful look at what boards should do to remain fit for purpose. This built off guidance in the Report of the NACD Blue Ribbon Commission on Building the Strategic-Asset Board, which urged boards to ensure that resources are dedicated to continuous improvement. Unfortunately, the results are largely disappointing. Notably, board agendas continue to grow to oversee the impact and opportunity presented by fast-moving and disruptive forces. Unfortunately, this is often at the expense of activities such a board education and board succession that are critical for long-term board performance. Though many boards recognize opportunities for improvement, relatively few have acted to make those changes.

1. Little has changed since last year. More than one-third of responding boards have no tenure-limiting mechanism, and slightly more than one fifth have term limits—about the same proportion as those that report age limits for board service. This showed little change from last year and is below what public company boards report. Similar to last year, 71 percent of boards say that their strategy oversight is not or just slightly compromised by short-term pressures. Sixty-three percent of boards discuss customers’ changing needs, and 61 percent have assessed the organization’s competitive environment. This is indicative of a broad stasis across many of the questions asked in our survey.

2. Disruptive forces are top of mind. Given the rapid pace at which technology changes, the speed at with competitors are able to deploy new products to market, and the skills employees need to do both, director perspectives on the key trends impacting their business are not a Change, disruption, and cyber risk top the list. We asked participants to list the five trends that they expect to have the most impact on their business. As you can see in the figure below, the facets of overseeing the management of operations in a complex business environment dominate the concerns among private company boards

3. Boards are focusing on strategic considerations. To meet the demands of a quickly changing operating environment, private company directors are turning their energies to better understanding the risks and possible rewards that are immediately impacting the company’s performance. Further, these directors are seeking to play a more active role in developing the organization’s strategy. Private company directors clearly see themselves, and their boards, as a strategic asset to the organization. They aim to be more active, more involved, and know more about the ways in which management intends to lead the company.

4. Other improvements are being deferred. While improving strategic oversight by adding to the board agenda may feel necessary, it leaves little room for other important agenda items. Now, some boards have been able to find room for board education, evaluations, and other critical activities. One indication of this that we observed is a slight increase in the average number of director education hours, from 18.7 in 2016 to 21.0 in 2017. However, 58 percent of boards told us that they do not believe they allocate enough there. Further, half of boards are not satisfied with the time they spend on the board’s own succession planning or director evaluations. Each is an activity critical to ensuring that the board has the right composition—the mix of skills and diversity of background—to make its time spend on risk oversight as effective as possible.

Private companies operate in an exciting, dynamic environment full of risks and opportunity. Boards are right to focus their energies on activities to improve oversight in these areas, but should take care to reserve time to ensure that the board itself is fit for this purpose.

How Automation is Disrupting (and Accelerating) InfoSec

Automation is changing the shape of just about every job in every major industry. For knowledge workers—that is, workers who process or make use of information for their work—the wave of automation sweeping the global economy is creating new opportunities to apply their creativity and think more strategically about their organizations and their roles. Though the concept of automation tends to evoke fear, the fact is that automation is making humans—and knowledge workers in particular—more relevant than ever.

The field of information technology (IT) security, or InfoSec, is no exception. Automation is altering the face of both criminal activity—as those attacking IT infrastructures take advantage of automation—and our defenses. Today’s corporate security personnel are looking to apply automation to help detect and respond to existing threats more quickly, while freeing up resources from previously manual tasks so they can apply human intuition and smarts to hunt down the very latest cyber-threats.

Automating security operations and processes is no longer a “nice-to-have”—it’s a “need-to-have.” Boards must understand the basics of InfoSec and its automation to make informed decisions on their organization’s IT security. Here’s what you need to know.

The benefits of automation

Automation is having such a significant impact on InfoSec, as well as everywhere else, because of its major benefits:

  • Greater efficiency for processes: Automation performs routine tasks more rapidly and at greater scale than human workers can execute alone, saving valuable person-hours.
  • Better-quality products and services: Whether helping to create software, make cars, or provide services to customers, automation reduces errors, reliably repeating results without the types of mistakes humans often introduce.
  • Better-performing workers: While automation may perform rote tasks more efficiently and reliably than humans, people excel at creative work—and they can focus on it when freed by automation. The result is more engaged workers who have more interesting work to do.
  • Faster innovation: Without routine tasks on their plate, workers can spend more time generating the new ideas essential to innovation, then execute them.

How automation helps cyber-attackers

Automation provides plenty of benefits to legitimate businesses, but these also apply to criminal activity—particularly in the increasingly lucrative area of hacking for profit and political gain. Some of the specific ways cyber-attackers use automation include:

  • Speeding up the process of identifying vulnerable systems: Automated systems can relentlessly ping networks and individual devices day and night to search for
  • Penetrating vulnerable systems: Once identified, vulnerable systems are then open to automated attacks to give hackers entry.
  • Performing initial reconnaissance once inside a system: Much of the work of determining the extent of the information available for exploitation can also fall to automation.
  • Creating botnets: Software can automatically and stealthily add a computer to a network of compromised systems churning out more attacks, stealing data, and more.

How automation helps defenders

Fortunately, automation can also greatly aid our cyber-defenders. Key to automation here is the concept of orchestration.

Orchestration is a way to connect different tools to integrate security and IT systems that might not otherwise share information. With its streamlined connecting layer, orchestration might even be thought of as the engine that makes security automation go, since no single security solution is likely to provide adequate defense against every foreseeable type of threat.

Given the sheer number of threats and attacks today and the myriad tools available for detecting and responding to them, orchestration has become an important capability for IT and security organizations of just about any size.

Especially when enhanced by orchestration, security automation helps defenders:

  • Keep up with the deluge of attacks from automated systems by identifying those attacks more quickly and reliably than humans can by themselves.
  • Build automated processes that unite people, processes, and technology across security, IT, and development teams, resulting in shared visibility and analytics to strengthen (and hasten) defense.
  • Perform strategic analysis of attacks, leaving otherwise tedious and time-consuming pattern-finding chores to automation.
  • Respond to attacks more quickly by reducing or eliminating false alerts, letting defenders focus on what truly needs their attention.
  • Free up time to innovate—that is, the work of anticipating new types of threats coming over the horizon and strategizing about how to harden their systems against them.

Automated systems can now even perform routine analysis chores such as examining suspicious emails for signs of phishing attacks, as well as execute routine remediation chores such as hunting down emails determined to pose a threat to inboxes throughout a network.

The future of automation 

Automation is having a snowball effect, taking over more and more routine tasks and increasingly freeing up humans to do what they do best. As a recent McKinsey & Company report notes, people and automation will continue to work closely together for the foreseeable future, creating new opportunities for both in the process.

For InfoSec, this means automation will become evermore capable, even as attackers grow in sophistication. Automation will increasingly help human defenders more effectively manage the work of detecting their own vulnerabilities, analyzing and responding to breaches, and plugging security holes. And while automation won’t replace human analysis—at least anytime soon—it has already become a necessity for successful defense. Its capabilities will only grow more essential as time goes on.

Is your company leveraging automation in your security programs today? If you don’t know, be sure to ask your InfoSec leader at your next board meeting.

 

Disruptive Risk: The Next Frontier for Boards

Given today’s world, where simultaneous business, geopolitical, and even environmental disruption seems to be the norm, it’s not surprising that boards are searching for new ways to oversee risk. NACD’s 2018 Blue Ribbon Commission (BRC) initiative on board oversight of disruptive risks will move us all from familiar territory to the next frontier of risk oversight, delivering vital new perspectives and tools that are needed now more than ever.

Ever since NACD’s founding more than 40 years ago, independent directors have been overseeing risk in their dual role as both monitors and advisors, described in this FAQ. Accordingly, our past BRC reports on risk oversight and risk governance have helped directors spot and minimize a wide range of potential risks, both internal and external. Risk oversight was also a major focus of the 2017–2018 NACD Public Company Governance Survey. And these are only a few of the many resources NACD features in our Resource Center on Risk Oversight that, when taken together, show that director knowledge is progressive and cumulative. The 2018 BRC initiative is the latest chapter in our journey

I won’t speak for the Commission, which has yet to release its report, but based on my experience as a director, I believe that truly disruptive risk is an attack on the very premise of a company. Paradoxically, this kind of risk is often atypical for the organization, appearing to be outside the borders of normal risks. At the same time, however, disruptive risk is by definition highly relevant to the organization’s strategy and operating model.

Examples include the impact of a US-China trade war on a company that does not do any business with China, but that buys materials from a third country that gets impacted by the battle.  Also, remember Amazon.com’s offer in May to acquire Whole Foods Market, which caught many by surprise. While hardly unthinkable, it was certainly atypical—less common than food contamination, demographic shifts, lease pricing, and the many other risks the boards and managements of retail chains and their suppliers have been monitoring for years. It was disruptive to the industry as well.

NACD Research Shows Atypical Risks Increasingly of Concern

An April 2018 NACD flash poll revealed that more than 6 in 10 directors (62%) believe atypical risks are much more important than they were five years ago (with 31% reporting that they are “slightly” more important). And just 19 percent of directors expressed confidence in management’s ability to address atypical risks, compared to 82 percent who were “extremely” or “highly” confident in management’s ability to address risks that are well known.

As a result, many directors are taking a proactive approach to oversight. A strong two-thirds (66%) of respondents have increased the time they spend with non-management resources, such as consulting firms or advisory boards, to help them understand what boards can do to oversee atypical risks. And evidently, they believe that this has worked: 42 percent of respondents believe they are extremely or very knowledgeable about disruptive forces the organization faces. A further 53 percent believe they are moderately knowledgeable.

Clearly, boards need to spend sufficient time to discuss disruptive risks, and they need to gather adequate information about these risks. Yet because the risks are inherently difficult to identify, directors face a challenge: which risks have both a probability and a magnitude worthy of attention? Traditional methods of risk measurement are likely insufficient to meet the new challenges these risks pose. Existing enterprise risk management models and crisis-response planning methods still serve an important role, but they may not be enough to help boards anticipate and respond to risks outside the expected.

This year’s BRC initiative will offer current guidance and tools for overseeing these atypical, unconventional risks. It will be released at the NACD Global Board Leaders’ Summit on Transforming Governance this fall.

Thinking Like Futurists, and Responding With Resilience

So, what can directors do? I believe that directors need to think like futurists focus on the skills of resiliency and recovery.

We need to encourage our minds to see new patterns in our complex, adaptive environment. Once upon a time, boards used to talk about separating the wheat from the chaff in management reports, or about cutting through the clutter. Today, in the era of big data, directors must see patterns in everything—even in what seems like chaff or clutter. Remember the “butterfly effect” discovered by scientists studying complex adaptive systems.

Frankly, this is the thrill of attending Summit. We are surrounded everywhere by strong indicators of the future. I defy any director to attend the Summit without walking away with a clearer sense of the world of risks in which his or her company operates—while holding new tools to anticipate and respond to these risks should they become realities.

NACD surveys reveal possible gaps in director knowledge; NACD BRCs provide guidance on how to close those gaps. There is honor in performing these services, but we are also well aware of the limits on director time and attention. The world and NACD can’t just keep piling responsibilities on directors and expect them to shoulder it all. When we identify a new area of responsibility, we need to help boards fulfill those responsibilities.

This year’s Blue Ribbon Commission initiative on disruptive risk and our upcoming Summit will lighten the load and light the way.

Framing Disruption Risk

Not a week goes by without more evidence that big, tectonic shifts are reshaping the world. How people live and work, the structure of industries, and the vitality of organizations evolves at incredible speed.

Disruption caused by technology, the proliferation of data, human behavior, society, and regulation are not new to the risk agenda. But a new kind of risk has surfaced—disruption risk—and it is significant for two inter-related reasons. First, it does not have a “home” since it does not naturally fit within organization’s risk structures today. Second, most organizations are having speculative conversations about disruption when a disciplined approach to measurement and management is in order.

We define disruption risk as risks that would lead to fundamentally altering the financial prospects of an industry and companies within it. If we play out scenarios considering the speed and evolution of these forces, it becomes clear that current management practices cannot stem an inexorable erosion of revenue and competitiveness.

While singular trends can have an impact on earnings, disruption risk increases when trends collide. As an example, the rise of Uber Technologies and Lyft, and the decline of traditional taxi and limousine services and car rentals, was the product of many forces: the availability of mobile devices and simple apps; density of urban areas; and the underserved need to get from point A to point B, reliably and friction-free.

At first glance, these forces and collisions may seem so complex as to be confounding. Many hours of executive and board time have been spent on the notion of disruption. Directors find themselves asking one another questions: “Is ‘Big Tech’ coming for our business? Is some other powerful player entering our market from some near-adjacency—armed with some unique capability, or with a capital-efficient business model?” But disruption risk needs to be elevated from an occasional topic of discussion to a management discipline—one that frames and systematically probes disruption risks present in the business and places bets to create options for the future.

This discipline has three key ingredients:

  1. A framework that is simple enough to employ, but comprehensive enough to highlight the areas of greatest risk;
  2. A place in the organization to operationalize the review of such risks; and
  3. The mindshare of senior executives and board members to systematically discuss areas of risk, opportunity, and potential action.

A framework to assess disruption risk

In terms of a framework to highlight the areas of greatest risks, disruption risk can be examined through honest assessment of these four indicators and your business model:

  • The higher the forecast margin and profit, the greater the risk some other player will seize it.
  • The lower the level of value created for the customer, the greater the risk that someone will improve customer value.
  • The lower the protective barriers around an industry, the greater the risk that an outsider will enter and reshape the basis of competition in their favor.
  • The further away from the frontier of manufacturing and distribution capability that an organization is, the greater the risk from substitutes that create dramatic cycle time and margin pressure.

The first two indicators can serve as a powerful magnifying lens for determining where organizations should be most concerned about new entrants wanting to disrupt them—specifically, where value creation for the shareholder is high, and value creation for the customer is low. Several easy-to-grasp examples of these in financial services include high balance depositors in low yield products, high-fee current account customers, or low-risk borrowers with overpriced loans.

The second two indicators can help assess how likely—and with what velocity and impact—entrants will be able to show up on an organization’s doorstep. Could new entrants leverage significantly more advanced capabilities to improve manufacturing or delivery, and are there material barriers or accelerators to their success?

Taking action

Armed with insights about disruption risk, a leadership team can direct efforts to mitigate risk, fortify existing earnings, and create optionality to onboard new sources of value to replace earnings streams that face unavoidable decline. Ultimately this results in a portfolio of activities that guides the organization to a projected future of disruption benefit rather than risk and loss. These can include:

  • Transformative innovations that will capture new areas of customer value and generate incremental shareholder value from bridging customer value gaps.
  • Performance innovations that will maximize the long-term value creation from existing businesses—even in the face of disruptive threats.
  • Productivity businesses, activities, or assets where the organization acknowledges the unavoidable threat of disruption risk and reallocates management attention and resource from these areas to fund transformative or performance innovation.

Disruption risk mounts for those who fail to acknowledge it and take a clinical, dispassionate view toward measuring and managing it: wait too long, and the sources of value may have eroded faster than the capacity of the organization to race to the future. On the other hand, future market leaders will manage disruption risk and channel it in their favor, and begin by answering three simple decisions:

  • How will we monitor it?
  • Who will monitor and actively probe it?
  • How soon can we start—and sustain—a systematic conversation about it?