Culture, Tone at the Top Lead to Boardroom Resilience

Most risk information presented to the board is “just not getting to the point.” This was one of the clear messages from research conducted four years ago by Marsh & McLennan Companies, the Association for Financial Professionals (AFP) and the NACD. Yet discussions among commissioners for this year’s forthcoming NACD Blue Ribbon Commission report, which will be released at the organization’s Global Board Leaders’ Summit in October, highlight directors’ continued frustration with corporate risk management—especially with respect to the threats posed by disruptive risks.

With the prospect of generating significant discontinuities and disturbances—and stemming from political, technological, or other forces—these risks may profoundly compromise key strands of a firm’s commercial activity and possibly even curtail the viability of the entire enterprise.

If the prospect of a single disruption is problematic enough for business leaders, the continued turbulence that characterizes the business environment of today can sap decision-making. It’s hard to sift substance from froth in terms of key warning signals, and according to a 2018 report by Marsh & McLennan Companies’ Global Risk Center, it may be even more difficult to know how and when to respond at a time of high uncertainty or constant change.

Information deficits and analytical challenges complicate the task of bringing together external data points with planning assumptions and operational exigencies. But cultural and institutional factors within firms can also inhibit receptivity and responsiveness to new threats by executives and directors alike.

Against this backdrop, boards must help set a tone from the top by making engagement with potential disruptions a clear governance responsibility. Three imperatives stand out.

  1. Ensure that the firm’s approach to anticipating potential disruption is an energetic, explorative endeavor. This means investigating hot topics in the world or fundamental trends that may shock or gradually undermine a firm’s growth, profitability, and business model. Doing this effectively requires triangulating an array of different perspectives and asking “what-if” questions to keep the focus on possible consequences rather than likelihood. Characterizing the dynamics of disruptive forces and delineating touchpoints to the business helps determine where impacts might be felt and how material they might be, while well-crafted scenarios act as a tangible frame for detailed analyses and stress-testing.
  2. Actively participate in this exercise and promote its use. Directors need to ask hard questions about key concerns, share the wisdom they have gleaned from different places, and appreciate divergences of opinion in searching discussions. They should be mindful of blind spots and vested interests, and be sensitive to an over-reliance on sources of information that reflect the prevailing corporate view. While exercising an appropriate challenge function, they should acknowledge that that analyses may necessarily draw on patchy data and conflicting evidence. Historic disruptions may be weak reference points for preparing for future disruptions in terms of both the scale and nature of the impact.
  3. Be prepared to make bold decisions in a timely manner. Investigations into priority concerns need to inform strategy reviews and broader governance decisions. If the work is sidelined because the results are inconvenient, then the process has been a waste of time. Given high levels of uncertainty associated with emerging disruptions, it’s likely that business cases for action won’t be as watertight as might be desired. Sometimes the most appropriate response is radical (business model change, large investment in innovation, market withdrawal); more often it will be ensuring broad-based resilience to a range of potential negative incidents. As many forces of disruption can neither be forestalled nor bought off, enhancing strategic agility, boosting crisis preparedness, and improving the speed of operational response are often the most viable solutions.

To fulfil their responsibilities properly, directors must look carefully both at themselves and at senior management. Boards not only need good intelligence on disruptive risks and the right forum for discussing early warning signals and strategic implications; they also need a modicum of creative friction that prevents groupthink. Likewise, they need to see a chief executive who is not adhering to last year’s strategic assumptions or risk assessments and a chief risk officer with sufficient business acumen and communication skills who can champion this agenda and exercise a suitable challenge function with executive colleagues. This provides a strong cultural starting point for the board while it is overseeing how management navigates business opportunities in a fast-changing world.

Alex Wittenberg is executive director of the Marsh & McLennan Companies Global Risk Center and is recognized by NACD as a Governance Professional honoree of the NACD Directorship 100.

Smart Governance in a Risky World

Earlier this year, the CEO of the world’s largest asset manager, BlackRock, sent a letter to CEOs and boards of its portfolio companies that underscored the link between financial performance and atypical risks like climate change.

“Your company’s strategy must articulate a path to achieve financial performance,” wrote Larry Fink. “To sustain that performance, however, you must also understand the societal impact of your business as well as the ways that broad, structural trends—from slow wage growth to rising automation to climate change—affect your potential for growth.”

Larry Fink’s letter, which is cited often, reflects a burgeoning investor movement calling on companies to better understand environmental and social risks that are disrupting their business. The financial consequences of risks like climate change, water scarcity, and human rights abuses are clearer than ever. Investors are looking for companies in their portfolio to put smart governance systems in place that will proactively identify, assess, and manage these risks.

Additionally, in many cases, investors are looking at the quality of those governance systems to predict the resilience of a company’s future performance. For instance, a 2017 survey by CFA Institute revealed that financial analysts believe board accountability is the most important sustainability issue in their investment analysis and decision-making.

Data around environmental and social issues provides a good sense of a company’s current and past performance. But details on governance systems give investors and other stakeholders key insights into whether the company is likely to sustain this performance in the future.

In other words, companies that are governed well for sustainability, especially at the board level, also demonstrate resilient performance in the face of risks. In particular, the board is responsible for making sure that these atypical sustainability risks are integrated and managed as enterprise risks when they are material to the organization.

One of Ceres’ recent reports backs this up. Systems Rule analyzes how the boards of the world’s largest companies oversee sustainability issues, assessing whether businesses with the right board governance systems also performed well on environmental and social issues.

The answer was a definite yes.

We found that companies with strong board governance systems were more likely to also set environmental and social targets. The best performing companies also tended to have holistic systems for board sustainability oversight, including mandates, incentives, and expertise among their ranks on sustainability issues.

Why is there such a strong link? The best performing companies, much like sophisticated investors, recognize that environmental and social issues such as climate change, water scarcity, and human rights pose material risks to corporate performance. Putting robust governance systems in place and setting performance goals are ways to mitigate this risk.

Smart companies are ensuring that these governance systems are integrated into the management level as well.

For instance, at Lockheed Martin Corp., enterprise risk and sustainability are structured under a single management team. Rather than having siloed discussions about existing and emerging risks, the team considers these risks and brings them to the board’s attention in a coordinated way.

There are now moves to make this integrated approach the industry standard. The Committee of Sponsoring Organizations of the Treadway Commission (COSO), which creates globally recognized frameworks for enterprise risk management (ERM), recently released draft guidance for how its ERM framework could be applied to environmental, social, and governance risks. Because the board is responsible for oversight, the COSO draft also calls on boards to be aware of these risks.

So how can boards effectively oversee environmental and social risks? Based on the findings of Systems Rule, companies can take a few key steps:

  1. Make board governance systems holistic. Companies that perform best on sustainability risks are those that have incorporated mandates, expertise, and incentives for sustainability that reinforce one another. Such holistic board governance systems allow directors to better understand and make smart decisions on these risks.
  2. Exercise sustainability oversight with an eye towards performance improvements. The board can play an important role in asking management the right questions and encouraging executives to identify the right material issues for corporate performance, as well as setting goals and strategies to manage these risks. Financial incentives can also be used to spur performance.
  3. Orient board governance systems towards performance on material risks. The strongest performing companies don’t just have the right board governance systems in place. They also link them to specific sustainability risks that materially affect corporate performance.
  4. Provide more detailed disclosure about board governance systems. More detailed disclosure, including on the material risks prioritized by the board and how it addresses these priorities, can spur further sustainability commitments and improvements.

The message is clear: Smart governance systems help corporate resilience in a risky world.

Veena Ramani is the program director of Capital Market Systems at Ceres, a sustainability nonprofit organization working with the most influential investors and companies to build leadership and drive solutions throughout the economy.

Identifying Strong Resilience Practices

Editor’s Note: This is the fourth in a series exploring the board’s role in corporate resilience. Click here to read the first installment, here to read the second and here to read the third.

Your company has worked hard to understand the complexities of risks and the volatility in the business environment, and it has convinced management and the rest of the board that resilience should be a strategic priority. How can it tell that changes in behaviors are making an impact?

As companies work toward developing resilience practices, certain metrics and indicators should be tracked as a way to gauge if efforts are working.

Culture and business resilience are two parts of one whole

Resilience includes a mix of business and cultural elements, as described in parts one–three of this series. Technology and systems components may need to be adjusted quickly to maintain business resilience, but a healthy corporate culture will be needed to promote a resilient company over the long term.

A healthy corporate culture instills respect for ethics and compliance at all levels while promoting continuous improvement and adapting to an environment of accelerating change. Companies with such cultures will be less likely to get into a crisis in the first place, but when one occurs, the corporate structure and organizational competencies can help mitigate the trauma, rather than exacerbating it.

Part and parcel to oversight of culture is understanding what’s happening to the company from the inside and from an external perspective. Operations across most tiers of the company often do not get enough attention by boards. Chief information and information security officers (CIOs/CISOs) typically want dashboards that report the current status of specific operations, but these may not reflect latent malware in the supply chain, for instance. Counsels general and boards may take comfort in having standards and regulations, but they may not be examining if those policies are outdated, inconsistent, or ineffective. Leaders may promote security even as chief marketing officers and users throughout the company take poorly understood risks to achieve short term results.

The board needs to understand what is really happening on the deck plates. It’s unacceptable if corporate reports indicate that everything’s fine until a reportable breach happens, only to find later that many at lower levels had known about the problem all along. Robust, diverse feedback loops are essential. So is first-hand observation.

What does success look like from the inside and out? The company recognizes that it is operating in complex environments, has built resilience as an organizational capacity, and has the ability to adapt and grow from a disruptive experience. This means that:

  • The corporate culture is based on ethics and compliance that promotes resilience at all levels—management, collective workforce, and individual.
  • Strategies incorporate foresight to anticipate accelerating technological, socio-cultural, and economic change.
  • Insights are converted into effective actions. Iterative approaches to complex problems are encouraged, while pushing for continuous improvement.
  • Leadership has insights into what’s going on at all levels. Effective feedback loops are in place with diverse opinions to recognize disruptions, mitigate shocks, and adapt—not just to restore the status quo.
  • The company at all levels recognizes that investments in preparedness and resilience have much higher payoffs than investments in recovery.
  • The workforce has been trained and exercised in both favorable and stressed environments.

Measuring resilience

Organizations like the Institute of Electrical and Electronics Engineers (IEEE) and universities are working on ways to assess resilience quantitatively. One model expands the resilience timeline graphed in this series’ first article by dividing a disturbance sequence into specific phases, such as the pre-crisis state, initial degradation, post-disturbance degraded state, and so on. Within each phase the rapidity of change and the duration can be measured. This allows different approaches to be tested against each other. Mathaios Panteli of the University of Manchester and his IEEE colleagues used this model to assess the resilience of power systems under different conditions with quantitative data (see especially slide 15 in the link).

The model can be applied to other infrastructures, or processes, such as cybersecurity, transportation, and industrial production, among others. It also can be used with aggregate corporate metrics, such as Proctor & Gamble Co.’s total shareholder return measurement, though the timeline for them may be longer

Several aids can complement the model by highlighting system vulnerabilities and interdependencies.

The Department of Homeland Security’s Cyber Security Evaluation Tool provides an integrated look at cybersecurity readiness. Several products can calculate a company’s cyber risk score, similar to a personal credit score. This can be helpful, but directors should recognize the limits of single aggregate measures. Other tools can help directors understand how critical a particular system is to a particular process and evaluate its potential impact on the overall mission.

Insurance and re-insurance will be needed against threats for which there is little historical data, so forward-looking metrics will be valuable. As NACD pointed out in a 2017 Director Essentials report, these often will be non-financial since most financial metrics look backwards at prior quarters. Such non-financial leading indicators could include metrics for products and services, operations, talent, and sustainability. The cyber risk scores noted above may become valuable as cyber risk insurance grows more important. In the final analysis, however, there is no substitute for detailed, actionable information.

Help from the outside

Engagement outside the company can build the kinds of complex adaptive coalitions that are needed for true resilience. Potential partners include civil and military government agencies, academia (such as the new Community Resilience Lab at George Mason University), non-governmental organizations, and other third parties. The private sector can provide both public and private policy makers with valuable insights into what’s working and what isn’t in balancing domestic needs with a rapidly changing global economy.

Outside firms can offer specialized expertise, especially in technical areas like cyber and critical infrastructure interdependencies. One example of outside support is provided by Axon which seeks to change the conversation from tech-level risk management to board-level risk. A key element includes cyber counterintelligence—who’s already out there doing bad things to the company and what have they learned? Other companies also have offerings, such as ProActive Risk Management.

Business Resilience, focused on technologies and systems, is supported by metrics, analyses of alternatives that include both optimistic and pessimistic scenarios, and a recognition of the growing interdependencies among infrastructures and processes. Outside advice, diverse views, and dissenting opinions are welcome.

In sum, the company can execute Ray Rothrock’s adage: “Resilience is about standing up to do business while effectively fighting back and winning.” Metrics and reflection can help your company identify if it’s effectively living out Rothrock’s adage.

ESG Investing and Your Company: Is Your Board Ready?

Socially responsible investing has become an increasingly dominant feature of investment strategies and portfolio managers.

In the first half of 2018, sustainable funds saw average monthly inflows of $924 million, double the inflows during the same period last year. $81.7 trillion in total assets under management were recorded as of April 2018. But directors must carefully consider how ESG—environmental, social, and governance—investment functions within their company, as well as how the company’s operations and choices may impact investment by institutions and other prominent stakeholders.

The Big Picture

ESG investing—also known as “impact,” “responsible,” and “sustainable” investing—is a common strategy focused on ethically and morally responding to new global risks and opportunities while also developing long-term value and considering the needs and voices of a broader group of stakeholders. It covers a broad group of issues and challenges, from climate change to labor standards, and from gender and racial diversity to shareholder rights.

Pension funds and institutional funds have been the loudest voices in ESG matters. One of the most vocal, BlackRock CEO Laurence D. Fink, called for CEOs to create a new model of corporate governance in an open letter earlier this year, writing that “companies must benefit all of their stakeholders, including shareholders, employees, customers, and the communities in which they operate.” New York City Pension Funds spearheaded an effort for proxy access, and the California Public Employees’ Retirement System pushed companies to increase disclosures about board members (including gender, age, and skill background)—moving the needle for governance standards.

While the majority of share ownership is concentrated within institutional funds with a “passive” investment mandate, these funds exert a massive influence at corporations. As State Street Global Advisors CEO Ronald O’Hanley put it, “Making ESG a priority isn’t about imposing morals or values, it’s about our belief that these issues have a long-term impact on the health of companies in our portfolio and, as such, are potential risks we think companies need to assess as they would any other.  We believe asset stewardship can help make companies get out ahead of these issues.”

Some traditional “activist” investors are also reacting to this trend, shifting their messaging to incorporate an ESG focus into their campaigns and thus better aligning with institutional funds’ initiatives.

Taken as a whole, this changing landscape means boards should regularly review activist and institutional/pension fund campaign activity and weigh their demands against the company’s governance practices to identify vulnerabilities.

ESG Ratings Agencies and Disclosure

Over 85 percent of S&P 500 companies currently file sustainability reports containing ESG metrics. Third-party ESG ratings providers such as Institutional Shareholder Services, MSCI, RepRisk, and Sustainalytics each use a different rating scale and methodology. Regardless of the potential for rating inconsistency, investor demand for companies with high ESG ratings is increasing.

Given these ratings agencies rely on non-GAAP ESG disclosures, information and disclosure have increased alongside investor demand. These reports are often known as corporate social responsibility reports and contain expanded disclosures that cover the ESG landscape. One of the challenges surrounding ESG disclosures is the lack of consistent, standardized disclosure methods. However, several organizations have made inroads in this area, including the Sustainability Accounting Standards Board and the Global Reporting Initiative. Boards looking to improve their own ESG reporting should consider reviewing these companies’ research and methods.

The goal behind these disclosure regimes is to enhance investor understanding of material risks while being open to opportunities by expanding reporting transparency beyond the traditional financial statement protocols and offering a potentially more complete picture of an organization. 

Questions for Directors to Consider

ESG investing has a wide base of support, as demonstrated by massive investor demand for funds that meet these criteria. Given the current market conditions, ESG investing is likely to remain a key initiative for investors. Companies should be prepared to receive shareholder proposals if their ESG practices do not measure up.

Directors and companies should consider the following questions as they evaluate their organizational ESG practices:

  1. What happens to ESG priorities after a market downturn when money managers and pension funds are struggling for alpha?
  2. What empirical evidence exists on the idea that alpha is universally improved when ESG matters are considered?
  3. Has the board adequately engaged investors on specific ESG priorities?
  4. Is the board confident that ESG principles and priorities are part of the company’s long-term strategy?

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.

Blockchain: What Boards Need to Know

Blockchain is here, and it’s changing business worldwide. But a new survey by PwC shows that companies are concerned about trust issues surrounding this new technology. So, what do boards need to know about blockchain? Here are the basics, from the insights found in our Global Blockchain Survey.

What is Blockchain?

A blockchain is a distributed, tamperproof digital ledger of all transactions in a network. It is decentralized, meaning that it is not stored in any single location, and participants in the network confirm the transactions, or blocks, themselves. This means there is no need for a trusted third-party intermediary. Cryptographic functions ensure the integrity and security of the information.

A well-designed blockchain reduces costs, increases speed and reach, and offers greater transparency and traceability for many business processes. Blockchain technology can have powerful applications in payments, supply chains, and voting.

The use cases for blockchain are growing rapidly, including cryptocurrencies and the evolution of digital companies whose financial and operating model is enabled through a token. In fact, some might say we’re now in a “token economy,” with the representation of real or virtual assets on a blockchain spreading to raw materials, finished goods, income-producing securities, membership rights, and more.

Enterprise software platforms—the engine for company operations like finance—are beginning to integrate blockchain as well. Companies can streamline processes, facilitate data sharing, and improve data integrity by using blockchain with their enterprise resource planning (ERP) systems.

While financial services is the current and near-term leader in blockchain, the technology is expanding in industries such as healthcare, industrial products, and even auditing. From research to development to going live, 84% of companies responding to our survey say their organizations have at least some involvement with blockchain technology.

Potential Concerns

As with any emerging technology, challenges and doubts exist around blockchain’s reliability, speed, security, and scalability. Companies are also concerned about a lack of standardization and the potential lack of interoperability with other blockchains.

Ironically, there are also trust issues around blockchain—a technology designed to build trust. A lack of confidence exists for this new and complex technology, as well as a limited understanding among users and stakeholders. Even now, many executives are unclear on what blockchain really is and how it is changing business.

Some companies may be wary of the idea of working with competitors to build their ecosystems. And there is a lot of discomfort with the regulatory uncertainty around the technology. According to our survey (see graph below), the top three barriers to blockchain adoption center around trust: regulatory uncertainty (48%), lack of trust among users (45%), and the ability to bring a network together (44%).

How Companies and Boards Can Face the Challenges

To overcome the trust paradox, companies need to focus on four things:

  1. Make the blockchain business case. Ensure that your blockchain initiative has a business purpose around which you and other participants can align.
  2. Build an industry ecosystem. Blockchain may call for competitors to collaborate in a new way as they come together to solve industry-wide problems.
  3. Determine rules of engagement. Every blockchain requires rules and standards, including around what information participants will be able to access and how they can engage.
  4. Navigate regulatory uncertainty. You’ll need to stay agile to meet regulatory requirements as they evolve in the years to come.

Boards need to understand what the company is doing around emerging technologies like blockchain, as well as the opportunities and risks that come with adoption of the technology. Here are some questions boards can ask management about blockchain:

  • What is the business use case of this technology for our company? Does it fit with our strategy? Have we considered the pros and cons?
  • What are our competitors doing?
  • What are the security and privacy risks, as well as mitigating factors, of using blockchain?
  • What controls do we have in place to manage those risks?
  • What would our blockchain business model look like? Who are the partners we would interact with?

Want more information about blockchain? Read PwC’s Global Blockchain Survey and The Essential Eight Technologies – Board Byte: Blockchain to learn more.

Compensation Strategies for Succession Planning

The stock market’s response to PepsiCo’s recent announcement that long-time CEO Indra Nooyi would retire shows that even when a company has a good succession process in place and selects a replacement who is fairly well-known to the market, investors will assign risk to the change and stock price will decline accordingly.

The fact is, how that successor will perform in the top job and how the rest of the management team will reshape and work as a unit, is unknown. It’s almost inevitable that there will be a stock price drop when a successful CEO departs—and recent studies show that stock prices are still down as much as a year after the transition. Gaining investor trust is not just a one- or two-quarter process. The challenge for boards is what can you do to minimize the downside impact of the CEO change and how can you shorten the length of that downside?

(There’s an important executive compensation point to interject here: as you set up pay plans for a new CEO, structure equity incentives so they are based on the stock price after the market has absorbed the bulk of the hit to the share price. There have been numerous circumstances where options are granted immediately upon a promotion, yet within a few days, the value of those options are 10-15 percent underwater. This is demoralizing to the successor and does not achieve the supposed aim of your incentive plan.)

We all know that boards should have solid, well-planned leadership development and succession planning processes in place. What these plans can do—in addition to the obvious benefits—is help directors convince the market when a change does occur, the risk of a performance decline has been minimized.

The process should assess both internal and external candidates. (Bringing in an outside advisor to assess the group can provide a useful, objective process for evaluating contenders and planning for their future development.) Boards should become close to the candidates, set up the process (loosely outlined below), and stay involved at every step.

Begin to identify individuals but take care not to be overly forthcoming. Markets and organizations are savvy and will begin to understand the landscape as this process unfolds, but you want to ensure there’s no artificial inflation of the “race” or pitting of team members against one another, which is counterproductive to your succession plan and ongoing operations. Provide each identified rising star with a clear job path that enables them to gain new and needed skills and experiences and allows opportunities to demonstrate leadership capabilities.

From a compensation perspective, very little added effort is needed at this time. The mere fact they have been noticed and encouraged provides the short-term reward and recognition. However, there is a point further along in the process when the leadership development work gives way to a smaller handful of potential successors. This will become clear externally and the marketplace will notice. Your candidates will suddenly become sought-after recruiting targets and potential retention issues, and at this point, compensation planning and communication have a critical role to play.

The goals of such a pay plan will be fairly uniform: develop, retain, and reward success. The specifics will naturally depend on myriad factors, including the company’s business strategy, culture, industry and market position, and the candidate pool. Here are two real-world examples.

Case 1: The company had a clear three-candidate race for succession. The board arranged special long-term incentive grants of restricted stock that would vest not just based on time, but also on the culmination of the race. For all three executives, half of the grant would vest when a CEO successor decision was made and the second half would vest one year after that decision had been made. This had several effects: It gave the board a better opportunity to hold their stars in place and, upon a decision that would inevitably disappoint two of the three, it helped maintain a solid leadership team in the near-term. Communication about what to expect and when had been clear, and there was recognition and reward for having been in the race.

Case 2: The company embarked on a succession planning exercise well in advance of the CEO’s expected retirement. The board hired a consultant to help identify and evaluate potential leaders internally and externally. A slate of candidates was selected and each was provided with a board mentor who had been either a chief financial officer or a CEO and who had been through a similar process. A compensation plan was implemented for each individual that was slightly more heavy on equity than was typical and the board had an in-depth conversation with each to walk through how their pay would progress over the course of time. As these executives inevitably began receiving more external attention from recruiters, they had to evaluate career options (e.g., “Do I want to be a bigger fish in a smaller pond, or do I want to stay and see if I can win the tournament?”). This purposeful compensation and communication effort ensured that in the event of an attractive outside offer, the candidates didn’t have to guess about the pay opportunities and timeframes at their current company.

There are as many varied scenarios as there are organizations. The key to weathering a leadership change successfully is to put well-constructed processes and plans in place long before they’re needed and nurture them continuously. Boards must also know what to realistically expect from the market in the days, weeks, and months after a transition.

Join David Swinford and other distinguished speakers at the NACD Global Board Leaders’ Summit as they discuss CEO succession planning in an informative Ask The Experts Power Breakfast on Tuesday, October 2.

How Can Boards Effectively Oversee Organizational Culture?

The concept of culture oversight is gaining traction in the boardroom. More than ever, directors are acutely aware that culture plays a role in delivering outcomes—both good and bad—for their companies.

In June 2018, Protiviti met with 15 active directors during a dinner roundtable at an NACD event to discuss board oversight of organizational culture. The conversation revealed several key concepts related to culture that boards must understand.

Culture must be nurtured in a changing environment. Culture means different things to different people throughout the organization, from the board down. A good general definition of culture is “the behaviors that people experience when they work for or interact with the enterprise’s management team and other representatives, as manifested through their decision-making, attitudes and actions day to day.” Note that the focus is not on what leaders and employees say but what they do.

The roundtable discussed the intricacies of understanding a company’s subcultures—for example, an innovation culture, a quality-committed culture, a sales culture, a safety-conscious culture, a risk culture, and a diverse, inclusive culture. Organizations should pay attention to their subcultures to ensure they align. As the company expands, its cultures may develop to the point they vary across locations, functions, departments, and countries and regions. These cultural distinctions also must be understood and managed.

In some organizations, especially in the technology industry, there can be a dominant personality (often the founder or founders). Such companies may lack a healthy, transparent, and open culture, and they run into trouble if these individuals drift away from the company’s values or acceptable societal norms.

All of these aspects of culture can create friction across the organization, which the board should expect management to periodically assess to ensure behavior is consistent with the enterprise’s vision and values.

The board has an important role in understanding and monitoring culture. When a leader’s actions stray from the entity’s mission, vision, and values, the board should note the change as a red flag. When a flawed culture adversely affects an organization’s reputation and brand, the question arises: Did the director see any of these red flags?

The roundtable discussion raised two fundamental questions: How do board members learn what they need to know regarding culture? More importantly, is their understanding representative of the entire organization or just certain areas? Consider these two methods to address these questions:

  • Board members should engage directly with operating personnel through site visits. During these visits, directors can directly observe the culture, interact with employees, experience how people communicate with customers and each other, and see what their priorities are in relation to the core values espoused by executive management.
  • Directors should focus additional “eyes and ears” on culture. They should insist on observations from the chief risk officer, chief compliance officer, chief information security officer, and human resources and environment, health, and safety personnel, as well as other independent second-line-of-defense functions. These functions should have a unique viewpoint, as they assist business unit leaders and process owners with assessing culture in their respective areas of The third line of defense—internal audit—may also perform a culture audit looking at processes used across the entity by first- and second-line personnel.

Culture should be measured. Culture is not intangible. Key issues to consider tracking are values, mindset, and the behaviors that follow. If these align during the organization’s recruiting, onboarding, and training, a strong culture will exist.

Metrics focus attention on what matters and clarify management’s priorities, and may include mission and values alignment, innovation, resiliency, collaboration, and employee satisfaction. Employee satisfaction, for instance, might be addressed through employee retention rates and feedback from anonymous employee surveys and exit interviews.

Additionally, methodologies exist for companies to compare their culture to leading organizations. For example, Ethisphere offers a benchmarking survey tool to measure culture around eight pillars of corporate culture.

Directors need to be curious enough to probe on cultural issues. The board must want to know whether there are any concerns pertaining to culture warranting its attention. In the context of understanding and measuring culture, are board members curious enough? How about executive management, or the executives supporting the board’s oversight activities?

For board members at companies that have experienced scandals related to a toxic culture in recent years, another question arises: “How did this happen, and why didn’t we know?” In light of recent events and the attention that they have drawn to culture oversight, it’s imperative that the board and management are inquisitive—plausible deniability of a flawed culture carries little weight.

Directors should insist that executive management have effective processes for escalating concerns and, as noted earlier, second- and third-line-of-defense functions focused on identifying early warning signs and red flags for cultural dysfunction. In addition, useful insights about patterns that suggest potential issues can be obtained from independent, confidential surveys and opportunities for public commentary on culture such as Glassdoor. Executive management can also provide ongoing research to board members, offering insights on how market perceptions are trending with respect to the organization and the customer experience it delivers.

Dig into deeper insights from Protiviti by visiting its Board Perspectives piece on board oversight of organizational culture here

When CEOs Go Rogue: Director Oversight of Corporate Goodwill and Social Capital

“The CEO did what?” While this question may be popping up in boardrooms a lot lately, corporate reputation crises are not new. Companies have long faced risks associated with their operations—risks that a process, product, or service will result in injury, real or imagined—which can result in reputational harm. However, with the increasing use of social media as both a medium for executives to share their viewpoints and as a forum for public debate, boards must now oversee the risk that an executive will become the focus of a public controversy that could threaten the company’s goodwill and social capital.

Under common law, goodwill entails a group of intangible corporate assets, including stakeholder trust and corporate reputation, and is directly related to the value and quality of a company’s social capital. These assets can be subject to risks that manifest in multiple ways, ranging from unfiltered tweets to moral missteps, and to violations of law. In cases in which an executive is the face of the company, reputational risks that arise from the executive’s behavior can be particularly sensitive for boards to navigate. Due to the current social media climate, a high-profile blunder or scandal of any variety or degree can result in a decline in the company’s stock price, not to mention investigations, litigation, and intense public scrutiny and criticism.

Elon Musk tweets about corporate strategy, Nasdaq temporarily halts trading of Tesla’s stock, and regulatory inquiries ensue. Papa John’s founder resigns after allegedly making offensive comments and subsequently creates his own website to argue for a change in corporate leadership. Uber Technologies’ CEO resigns amid numerous allegations regarding his oversight of and participation in a toxic corporate culture. Steve Wynn resigns as chair and CEO of Wynn Resorts after allegations of decades of sexual misconduct hit the press. These are just a few examples of the very public corporate scandals that have rocked companies’ reputations recently, and the fallout in each case has threatened to tarnish the company’s goodwill and social capital.

So how should directors oversee the potential for a reputational crisis based on an executive’s behavior? While typical, boards should make sure they are prudent in their appointment or approval of executives, including asking candidates to disclose information that would be relevant to assessing the likelihood that their conduct could create reputational risk. Any hesitance to discuss sensitive or potentially controversial matters should not overshadow a board’s duty to ensure that the company is operating in the long-term interests of its shareholders, including the protection its goodwill among its stakeholders.

Beyond a thorough vetting process, we recommend the following steps.

  1. Understand the source and value of the company’s social capital and its vulnerabilities. Directors should understand how the company’s reputation and social capital fit in the corporate strategy, including the degree to which their company’s reputation is particularly impacted by the personality of a key executive, and the attendant risks resulting from that strategy. For example, for boards overseeing executives who can be unpredictable, directors should evaluate the degree to which the executive’s actions can benefit the company by potentially raising its profile with the public, including information about its business and strategy, versus harming the company by making it the focus of public controversy.
  2. Read the signs. Most boards are aware if an executive has exhibited warning signs of unpredictable or noncompliant behavior in the past, and that awareness should factor into the board’s review of that executive’s performance and succession planning for his or her role. Key questions regarding how the executive perceives his or her role and responsibilities with respect to the corporate image and social capital should be included in the executive’s performance review.
  3. Engage in proper crisis preparation. Although reputational crises are more difficult to anticipate, ultimately the impact of these risks is not unlike other risks associated with a company’s operations. Proper board-level crisis preparation, including the creation and testing of a written response plan, can help a company navigate even these risks should they be realized. Mitigating the damage of a reputational crisis can be largely dependent on the company’s ability to react quickly and in an effective and targeted manner. Having the right plan in place enables a timely response.
  4. Be proactive about succession planning. Succession planning is one of the board’s most critical tasks, but as governance professionals, we are aware that it can be an area of sensitivity. We suggest that boards desensitize the process by regularly engaging with the members of management that report to the C-suite and include them in general discussions regarding the board’s crisis plan.
  5. Engage governance counsel early. Remember that corporate counsel’s duty of confidentiality can be very beneficial. While many boards leave it to their company’s legal department to engage governance counsel, board-level governance counsel can assist the board in considering its options in advance of a crisis. In addition, counsel can assist boards in reviewing their policies to ensure that the board is setting the right tone at the top with regard to compliance and internal transparency.
  6. Oversee executive-level social media training. Boards can sometimes assume that their C-suite also knows when and how to appropriately use social media for corporate purposes, which is not always the case. An executive-level training covering social media use policies, as well as policies for communicating with outside constituents, generally is often beneficial to all involved.

While it is impossible to foresee every risk or forestall every harm, boards that both monitor whether executives are enhancing (rather than compromising) the company’s social capital and plan for contingencies, will position their companies to be better-equipped to weather any reputational crisis that may develop.

Elevating Board Performance in the New Era of Extreme Innovation and Risk

When NACD was founded more than 40 years ago, one of our mantras was “nose in, fingers out.” John Nash, Ron Zall, and other director education pioneers at NACD were teaching directors to oversee management without getting too involved in it. Governance (also known as oversight) was considered to be very different from management (also known as operations). Directors were to keep their hands off the company’s steering wheel.

During that same era, in perfect parallel, federal securities rules (under Section 14a of the Securities Exchange Act, to be exact) identified certain topics as off-limits for proxy resolutions because they were deemed to be about ordinary business and not proper for shareholder votes. When companies have asked for permission to exclude such proposals, they have received assurances that the US Securities and Exchange Commission (SEC) would not take action in so-called no-action letters.

However, in recent years the formerly sharp separation between governance and management has blurred. To keep pace, NACD’s courses today focus on a wide range of topics, and the agendas of our educational events, in-boardroom programs, and local chapter events are rooted in helping directors lead with confidence in the boardroom. While our programs historically focused primarily on the core duties and responsibilities of directors, our programs today help translate the unknown into the merely uncertain, and no topic is off-limits for our educational programs if it matters to long-term company value. For their part, regulators have taken the stance that shareholders should be able to propose resolutions on any topic of strategic importance; these are no longer excludable under Section 14a.

What happened? From my standpoint, the sharp increases in both innovation and risk moved the needle for board involvement. This is why discussions with corporate directors about topics such as the intersection and convergence of cloud, mobile, and social media have evolved from “those are management topics” to “I need to know how emerging technologies are impacting our business.”

We’ve seen how Airbnb has transformed the hospitality industry, how Uber and Lyft have transformed the transportation industry, and how Amazon has transformed retail and health care via its acquisition of Whole Foods Market and their partnership with JPMorgan Chase & Co. and Berkshire Hathaway. All of these stories exemplify innovation.

The plot thickens when we add regulation to the mix. Many of our discussions with boards and directors today are focused on understanding the convergence and intersection of innovation, risk, and regulation. Consider Getaround, which is leveraging the sharing economy to enable car owners to rent their cars to others for income and provides on-demand car rental insurance. To accomplish this goal, the founders of Getaround needed to work with financial services regulators to create insurance policies that would enable their business model. Getaround’s model is now working, so to the directors who oversee Hertz, Enterprise Rent-A-Car, and National Car Rental are now asking management, “How are you going to evolve?”

Finally, we have seen how cryptocurrencies and blockchain—which are rooted in the intersection and convergence of innovation, risk, and regulation—are creating, disrupting, and enabling industries. In response, we are seeing how both the SEC and board members are playing catchup.

All of these examples are reflected in a recent NACD survey showing that industry disruption tops directors’ lists of business concerns. In such an environment, directors may well keep their hands off the wheel, but they will be standing at the tiller right beside management, offering encouragement and wisdom, and asking more than a few questions.

What’s next for directors and boards? My suggestion is to keep learning.

How Lead Directors Are Helping Their Boards Keep Pace

The demands on the board’s time and agenda continue to mount as a host of critical issues—from technology and business model disruption to investor scrutiny, and from regulatory and political uncertainty to geopolitical risk—collide and reshape the business landscape.

As the business and risk environment becomes more complex, how are lead directors helping their boards add value and raise their game? What are their key areas of focus?

Discussing these questions with a number of lead directors in the past several years, I’ve heard recurring themes: the importance of the lead director’s role in setting the board agenda, the lead director’s relationship with the CEO, CEO/leadership succession, and shareholder communications. But virtually all the lead directors emphasized the importance of two additional topics that need to be top-of-mind: board composition and diversity, and enhancing board operations and oversight processes.

Board composition and diversity

Institutional investors continue to focus on board composition and diversity, expressing concern about low director turnover and whether board directors can guide the company and its strategy in the future. As Vanguard Chair and CEO William McNabb wrote in a 2017 letter to public company directors, the board “is one of a company’s most critical strategic assets,” and it should be “a high-functioning, well-composed, independent, diverse, and experienced board with effective ongoing evaluation practices.”

Developing and maintaining a high-performing board requires close coordination between the lead director and the nominating and governance committee chair—whose responsibilities for board composition may be similar or perhaps overlap. Determining the company’s current and future needs is the starting point for board composition, but a broad range of related issues require leadership and coordination—including succession planning, director recruitment, age and term limits, diversity, board and individual director evaluations, removal of underperforming directors, and board refreshment, as well as disclosures on these issues. As one governance observer has noted, the quality of board governance begins with board composition.

Enhancing board operations and oversight processes

Operations and oversight processes are also top-of-mind for lead directors today. This includes coordination across committees to focus on the issues most critical to the company’s success and long-term value creation, such as strategy, innovation, disruption and strategic risks, capital allocation, performance, leadership, and talent.

To devote more time to these issues while also remaining focused on compliance, operations, and so-called “rear-view mirror items,” many boards have significantly increased their time commitment in recent years. But that alone is insufficient, and lead directors and nominating and governance committee chairs are now focused on how they can improve board operations and oversight processes—and the nature of their engagement with management teams and among directors—to devote more time to these critical issues.

The steps lead directors are taking include:

  • Crafting board agendas to devote more time to key issues
  • Assigning board committees to take deeper dives into issues that require more focus and attention
  • Improving communication between the board and its committees
  • Considering the quality of information flow and boardroom discussions
  • Reassessing committee structure, including the need for additional committees (e.g., finance, technology, or risk)
  • Encouraging greater engagement among directors between board meetings
  • Tapping individual directors to take the lead on specific issues
  • Developing an effective process to “connect the dots” and help ensure talent, compensation, culture, risk appetite, and controls align with strategy

In short, the important, and difficult, question lead directors are asking today is whether management and the board have the right governance structure and processes in place to drive critical business activities—to manage risk and calibrate strategy in a coordinated way.