Equip Yourself for Implementation of the New Credit Losses Standard

Last September, US
Securities and Exchange Commission Chief Accountant Wesley Bricker observed that
“the audit committee plays a vital role in overseeing a company’s financial
reporting, including the implementation of new accounting standards.”

One hotspot on the implementation front is oversight of how companies are implementing a major new accounting standard that will significantly change estimating and accounting for credit losses. The new accounting standard requires companies to measure certain credit losses under a new model, commonly referred to as the current expected credit loss model.

The standard will
affect accounting for a wide range of financial assets, including loans,
held-to-maturity debt securities, receivables, net investments in leases, and
certain off-balance sheet credit exposures. For most calendar year-end public
companies, the new standard is effective on January 1, 2020.

With this oversight challenge looming, the Center for Audit Quality has developed a tool to aid audit committee members. In addition to providing a concise overview of the standard, the tool provides ideas for audit committees regarding important questions to ask in key areas.

Evaluating the Company’s Impact Assessment

Company to company, the impact of the credit losses standard may vary based on a wide range of factors. Given this complexity, management may be performing high-level assessments to gauge whether the new standard’s impact will be limited, moderate, or significant. This impact assessment can be useful to guide the implementation plan, including consideration of needed resources.

As audit committees evaluate
management’s impact assessment, they should consider the following questions,
among others. (See the CAQ’s tool for additional questions.)

Were all relevant parties involved in assessing and understanding the potential impact of the standard? This pool could include the following departments and functions: accounting, tax, communications, financial reporting (including internal control over financial reporting), financial planning and analysis, investor relations, risk, credit, operations (data retention for forecasting), treasury, and information technology.What factors were considered in management’s impact assessment? How has management assessed the potential impact the new standard may have on key areas such as investor relations and communications, regulatory compliance, accounting for taxes, and the impact on financial statements of borrowers?When will management provide pro forma financial statements including disclosures and investor communications to the audit committee to demonstrate the expected impact of the new standard on the financial statements (including multiple scenarios based on potential economic environmental impacts)?

Evaluating the Implementation Plan

Companies should develop an
implementation plan and communicate it to the audit committee. As with the
impact assessment, audit committee members should have a number of questions in
mind as they evaluate the implementation plan.

How are milestones established and monitored? Are the milestones appropriate?How will the audit committee be apprised of status? Audit committees may want to consider requesting a quarterly progress report from management.Does a strong tone at the top support the effort required to implement the new standard? Is implementation receiving the appropriate resources (in-house and third-party) and priority?How is management’s assessment of internal control over financial reporting impacted?Has management created thorough processes to develop the expected credit loss model? Has it performed validation controls to verify that the model is performing as expected? Have governance processes and controls been put in place to determine that the model is—and will remain—fit for purpose?Who is responsible for new accounting policy decisions, and how does the company plan to revise written accounting policies?How has an internal communication plan been established (such that key stakeholders are aware of how the new standard will impact the company)? What is the view of the external auditor as it relates to the implementation plan? Will it satisfy the auditor’s plan and timeline to complete the audit in a timely manner?

Other Important Implementation
Considerations: Disclosure

The questions don’t
stop at impact assessment or implementation. One critical area for audit
committees is understanding how the new standard will affect disclosures.
Exploring the following questions and others in the CAQ tool can aid in
building that understanding.

Has the company disclosed the potential effects of the future adoption of the new standard in interim and annual filings leading up to the effective date? If quantitative amounts are not known, has the company provided qualitative or directional disclosures? What is management’s strategy for identifying, drafting, and communicating to the audit committee any new disclosures required as a result of the standard? To the extent that information for new disclosures is not currently available, how will the company develop new processes and controls to obtain required information?

Naturally, the questions listed above are just starting points in what should be a robust dialogue. For more, I urge audit committee members to download our tool, which, like all CAQ resources for audit committees, is a complimentary resource to the public.

Julie Bell Lindsay became the executive director of the Center for Audit Quality in May 2019.

The Questions Directors Should Ask to Adeptly Oversee Innovation

Thriving in
this business environment demands that businesses take evolutionary and
revolutionary approaches to the products and services they offer consumers. But
given the constant churn of new technologies, figuring out how to stay on the
cutting edge is daunting, to say the least.

According to data from the 2018–2019 NACD Public Company Governance Survey, nearly 70 percent of directors report that their boards need to strengthen the monitoring of strategy execution and their understanding of innovation and the associated risks and opportunities. To explore the board’s role in overseeing innovation, NACD recently hosted a roundtable discussion led by Nichole Jordan, national managing partner, markets, clients, and industry at Grant Thornton, and Ron Markham, executive innovation and risk leader of cloud computing company ServiceNow.

Jordan framed
the conversation by recommending the following key questions that boards should
ask:

Are
you leveraging technology to sense risk? Do
you seek outside perspectives?Is
my board digitally savvy?Do
I understand the organization’s transformation strategy?Is
the board receiving updates on relevant regulatory risks?

Are you leveraging
technology to sense risk? A best practice that Jordan is seeing as she interacts with boards
is the use of risk-sensing technologies—state-of-the-art solutions that scan
millions of data points in real time to surface the risks that are most
relevant to the organization. “That information may be changes related to your
key customers, or your competitors, like new patents being issued to your
competitors,” Jordan said. “Risk sensing  will separate the signal from the noise and
provide that to you in a dashboard every morning so that you’re focused on the
most important developments. ”

Do you seek outside
perspectives? Although technology can be used to conveniently filter and funnel
information into the boardroom, participants agreed that directors need to go
outside of their peers to further augment their knowledge of what is happening
in the marketplace. Jordan emphasized how important that can be. She suggested
attending events such as CES or other conferences that afford directors direct
exposure to new technologies and the opportunity to ask questions of the people
responsible for bringing those new technologies to market.

One
roundtable attendee who went to a presentation given by Google on cloud
technology remarked on how helpful that experience was because it inspired
questions she would not have otherwise thought to ask. She mentioned that the
presentation provided her with information that allowed her to constructively
challenge the ways in which management was proposing to integrate cloud
technology into the business. Other solutions include consulting with research
firms or industry groups—Gartner or the Information Technology Industry
Council, for example—to bring in additional insights.

Is my board digitally savvy? Jordan stressed
that it’s imperative for boards to have digitally savvy members—especially if
the company is in an industry where business models are notorious for changing rapidly,
such as telecommunications. Citing research from the Massachusetts Institute of
Technology, Jordan said that companies with technologically adept
directors—people who served in roles such as chief information officers (CIOs),
chief technology officers, or chief operations officer—were more profitable and
enjoyed higher rates of growth. MIT also found that these directors approach
strategy differently. “They draw on their experience to focus the company’s
strategy on trends and transformation and the risks of not doing something,”
Jordan said. “They raise questions to help drive strategy in new directions.”

However, adding expertise comes at a cost—and not all boards are financially
able to either add a board seat or attract top talent. “Rather than having a
CIO on the board, you can have an advisory board that is compensated nominally
or not at all—they’re just happy to be affiliated and providing advice to a
board,” one attendee remarked. “I thought that was an elegant solution, increasing
the level of savvy on the board without getting an extra body or spending a lot
of money.”

“I don’t know that it’s necessarily true that you need a tech person,” another
director opined, “but what you do need is somebody that can be what I would
call a technology translator, that can take whatever the technology is and
apply it to the business to say, ‘Okay, as a result of this technology, what
would be the right business applications that would provide the biggest
opportunity for the company, and what risks does having that technology if you
will create?’”

Boards can also leverage the CIOs functioning within their own organizations. “My
corollary to having more digitally savvy boards is there needs to be more
digitally savvy CIOs,” Markham remarked, recalling an experience of his own
where he stepped into a CIO role and had to quickly fix material IT-related
problems that were discovered via an external audit. “Not only did I have to be
board-savvy, my entire management team had to be board-savvy. They became
board-savvy. They understood risk, they understood internal controls, they
understood their responsibility with those controls, that they’re very
tangible, they’re critical, and they became part of our transformation story.”

For additional highlights from this roundtable conversation, check back on NACD BoardTalk on May 28.

AI: Do You Have A Map for Your Journey?

We are all familiar with Artificial
Intelligence (AI), even if most of us might not be able to explain it. In simple terms, AI is computer-generated technology
that simulates human
intelligence. It is the basis for two perennially cheerful characters that many
of us speak to every day: Apple’s intelligent assistant Siri and Amazon’s
virtual helper Alexa. AI is also the brain behind millions
of recommendations on Netflix and Amazon. It powers self-driving cars and makes
impressively accurate Fantasy Football predictions.

Given the sheer utility and ubiquity
of AI, it’s no surprise that companies across all industries are willing to
spend to get in on the game. Global spending on AI-related technologies is set to grow from $1.5
billion in 2017 to $2.8 billion in 2021.

With these innovative
technologies in mind, is your board ready to work with management to lay the
best roadmap to success for your company? Let’s turn first to some examples of
how companies are putting AI to work now.

How AI Is Being Used Today

In financial services, AI is already being
used to speed up the process of opening a bank account by extracting
information from images and documents that the customer can submit through a
mobile app. This reduces the on-boarding process to minutes instead of hours
and helps grow the bank’s customer base since, according to a recent study, 38
percent of customers will abandon the account opening process if it takes too
long.   

AI is also being used to help nudge
customers to improve their financial lives and save more money. Consider the
fact that  40 percent of American
households don’t have enough savings to cover $400 in emergency expenses.
Similar to how your Nest thermostat learns your preferences of temperature
control, personal wealth planning applications learn your spending patterns,
risk profile, and investment preferences, and suggest ways to change your
behavior to increase savings.

In addition to improving the customer experience, banks are looking to AI to help improve the bottom line. More than 60 percent of participants in a recent NACD webinar said they would invest in AI for increased efficiency and productivity in their operations. AI’s ability to eliminate errors, improve customer service, and automate processes can exceed 80 percent in specific scenarios, so it is not surprising that AI is becoming a central strategic theme in many organizations.

It’s likely we’ve only seen the tip of the
iceberg in terms of AI applications within the financial services industry, let
alone many others. There is already talk of using AI in the loans space to
review documents in place of lawyers, and to make better decisions about borrowers
when market data is scarce.

Starting the AI Conversation

But I know there are lingering worries
about AI emerging in conversations in boardrooms worldwide. Every quarter there
seems to be a new technology that promises to address all of yesterday’s
problems. While there are certainly many success stories and examples of
improvements from AI, there are also implications to a company’s strategy, operations,
and culture. For example, concerns about the potential impact on the company
culture and employees present a real risk.

But so are the risks of not embracing
AI, since there’s little doubt your competitors will. To move forward with a
smart AI strategy, here are some questions that can help your board define the
company’s AI goals:

What problems are we trying to solve with AI? What metrics and milestones are we using to define success?Is our existing technology ready to support AI initiatives?Does our AI budget match our strategic goals? What are our competitors doing that we can replicate and improve?

And the central theme of all of these
questions should be: How is this ultimately helping our customers? AI
technology can facilitate quantum jumps in the ease of doing business, the
accuracy and timeliness of services, and data delivered, but the focus should
be on the customer’s needs first.

Building Your AI Strategy

Best practices in this space have deep
roots in other management theories, but have evolved to reflect recent successes
at enterprises across industries as companies explore the possibilities of AI.
A winning strategy boils down to customer-focused design, data preparation, a
prototyping plan, and buy-in from your employees.

Design. When management works to design the strategy, they should avoid asking
clients about features and functions. Instead, the board should direct the
strategy team to focus on clients’ problems. New technologies allow product
design to reimagine a customer’s experience across the end-to-end lifecycle. With
this comes the question of how the company is capturing client feedback on
their experiences with your products and services and how that feedback is taken.Preparedness. Any move to incorporate AI into your business strategy should start
with an assessment of the current situation. Much of technology modernization
comes down to the state of the company’s data. Not all processes will benefit
from AI. But where there is potential for AI solutions, features such as
real-time processing, high-availability, scalability, and cost efficiency
matter. Being able to provide data visualization, analytics, predictive
analytics, and machine learning will all be dependent on the state of the
company’s applications and their associated data. Directors should ask for
benchmarks on data quality when assessing AI’s role in strategy. Experiments. The phrase “fail fast” is frequently used in today’s agile design and
programming methodology. Another way to consider this approach is “learn
quickly.” Boards should encourage management to engender a culture that prototypes,
observes, gets client feedback, and adjusts accordingly. At Broadridge, we frequently
use pilot programs to quickly assess the viability of new ideas. Determining
how to implement ideas quickly and inexpensively with the understanding that
some will not work is essential to building an organization and culture aligned
with the reorientation to new technologies.Personnel. Perhaps the most important reason to have a clear AI roadmap is to
communicate it to the company’s existing personnel. Employees want to be
inspired by the firms they work for. They want to understand the vision. And
they don’t enjoy repetitive jobs. What many firms lose sight of is that in any
transformation, when there are new tools for the job, training the existing experts
to use them is often the best solution. The board should ask management what
their plan is for rolling out the new technology and how it will navigate
questions and concerns from personnel.

Directors shouldn’t doubt the utility of AI and that it has a role to play. The technology of today has the potential to transform our clients’ experiences, leveraging our subject matter experts as we increasingly connect the dots to consider the end-to-end client lifecycle. But these opportunities are not without risk, and nirvana is rarely reached without discussions about the roads to take along the journey. It’s worth having these conversations today if we wish to harness the power of AI tomorrow.

Interested in hearing more from Broadridge’s Michael Tae on AI? Listen to a recent NACD webinar about the reality of AI here.

Board Oversight of Workforce Analytics

As C-suites increasingly desire actionable insights to help run their business, and boards seek the right metrics to understand management’s progress, workforce analytics is becoming a key focus area. Last month, I wrote about the potential in this area—a timely topic as more companies begin to mine employee data as they do consumer data. From mapping which teams consistently deliver peak innovation, to removing barriers so employees’ workdays are more productive, workforce data insights are growing in number and impact.

Impact On Business Performance

Many board members and executives
that I speak with are surprised when they learn that these data driven insights
can add to or detract from business performance by as much as six percent. For
example, Credit Suisse used algorithms to identify high-performing employees who
were a high retention risk. The company then trained special managers to focus
on and retain these employees, saving roughly $70 million per year.

In another example, shoe retailer
Clark’s use of workforce analytics showed leaders that every one percentage point improvement in employee engagement led to an
improvement of 0.4 percentage points in business performance. By analyzing the
characteristics of its 100 best-performing stores, the company created a
blueprint for high-performing stores, along with an engagement toolkit for
managers to use with teams.

While these
are examples of point solutions, imagine an enterprise embedded with an
interconnected web of solutions, created and fueled by workforce data insights.
These insights could accelerate a company’s transformation, unlocking value
hidden within its own workforce data. One way to think about it is that each
company and workforce has its own unique organization DNA that can be
understood and analyzed to unlock hidden value and capabilities. Boards can help C-Suite leaders more
quickly transform their business by insisting that the company’s management
team engage in responsible workforce data collection and mining practices, as
part of a framework of thoughtful governance. And we’re seeing that leading
companies engage employees as partners in that process.

Responsible Practices

Given that this is a greenfield for some organizations, I’ll share
some thoughts on how to ensure organizational DNA is handled responsibly. While
these ideas are not a prescription—after all, each company’s needs will be unique—they
are suggestions for some best practices I’ve seen work well. At the heart of
the issue: Boards must find a way to provide oversight, ensuring the company is
generating the insights it needs to enhance business performance and drive
growth. The board must also hold itself responsible for ensuring that employee
data is protected and  privacy is
respected.

Consider forming an artificial
intelligence (AI) or data oversight committee. Risk professionals must be involved due to privacy and security
issues, but these issues need to be weighed against the opportunity for growth.
The establishment of an AI or data governance committee, in conjunction with the
risk and audit committees, could be a wise idea for a company that is deeply
mining its employees’ and customers’ data.

In addition, executives engaged in the areas
of highest data growth and usage should have a chance to help shape the system.
For example, in Accenture’s
latest research on the topic, business leaders said they expect to use workforce
insights primarily to place people in the right roles (70 percent), to increase
productivity and workforce performance (69 percent), and to enhance
organizational agility and speed (61 percent). Using that mix, team members for
the chief human resources officer (CHRO), the chief operating officer (COO),
and chief digital officer (at a minimum) should be included on the team that is
responsible for executive use of employee data and should report to the board
for oversight reasons.

Create a
coalition for accountability. By appointing at least one C-suite executive
to own this area, the board communicates the importance of C-Suite accountability.
Who is responsible for employee data—the associated risks and the great
potential it holds for positive changes to the business? Many times, this is
the CHRO because it is an employee-centric issue. But other C-suite areas are
impacted by the actions that may be considered because of data insights—from
the COO to the CFO.

Companies
that do this best break down siloes to ensure they include the right players
and inputs. For example, a data or information executive’s informed perspective
is essential—from security practices to incorporating data collection into the
day-to-day business. From those who onboard and coach employees to those who
design the systems that gather information, boards should ensure an environment
of teamwork for specific outcomes, versus ownership of siloed processes.

Employ an agile
governance structure. A firm, clear governance structure contributes greatly to
responsible business practices as stewards of employee data. However, as any
board member can attest, businesses today must be agile. They must change with
their consumers, their employees, and the competitive environment.

To
help foster agility but set clear guiding principles, some companies use a code
of ethics linked tightly within their governance structure. A strong code:

Establishes the conduct expected regarding employee data gathering
and use;Goes beyond compliance with the law to reflect the company’s
ethical values; andGets regularly reviewed and updated as new technologies and
applications emerge.

Governance
structures should account for innovation that isn’t on the radar yet, as
technology allows for new wearables, increasingly sophisticated AI and
analytics, and new levels of security needed to address increasing
cyber-threats.

A Fast Track to Unlock Hidden Value

These suggestions are just starting points, but they do provide food for thought if your board is leveraging workforce analytics strategically. While there are many perspectives to consider, the overarching takeaway is that while workforce data insights are quickly becoming a competitive advantage, they are best used as part of a strategic governance framework and in partnership with employees. Companies that take this proactive and responsible route put themselves on a fast track to unlock the value hidden within their own workforces.

Eva Sage-Gavin is senior managing director of Accenture’s Global Talent and Organization consulting practice.

Books and Authors for Summit and Beyond

Chances
are, your hectic year of board meetings is slowing down, making way for a
little relaxation and time to reconnect with a good book or two. Whether you’re
jetting off to another business engagement; enjoying some sunny time with loved
ones; or in pursuit of knowledge, entertainment, or both, there is always
plenty to read. But what should you pick up first? We’ve rounded up some
suggestions for the summer months ahead.

Prepping for
Summit

The 2019 NACD Global Board Leaders’ Summit will feature a lineup of leading thinkers and innovators, some of whom are also highly respected authors, or who (in addition to working their day jobs) also find the time and energy to write. While you might not be looking to wade through hundreds of pages on your trip to the beach this summer (or perhaps you are!), the authors featured at Summit have written books on a wide variety of director-centric subjects that you may consider slipping into your weekend bag.

Imagine It Forward: Courage, Creativity, and the Power of Change by Beth Comstock

Failure is an option. That’s what Comstock, who was vice chair and a division CEO at General Electric Co., writes in her 2018 book. Imagine cheers on people looking for a leadership playbook. Among the best advice? Believe in these two maxims: “Tomorrow can be better than today,” and “You have the power to make it so.”

Human + Machine: Reimagining Work in the Age of AI by Paul R. Daugherty and H. James Wilson

Artificial intelligence (AI) is real, it’s here, and it shouldn’t be scary. This rational and reassuring work is a strong antidote to all the headlines about AI replacing tens of thousands of jobs and thus becoming a transformative power of destruction. Instead, H+M provides a clear-eyed guidebook to the opportunities that AI presents amid what we now think of as the fourth industrial revolution.

The Power of Moments: Why Certain Experiences Have Extraordinary Impact by Chip Heath and Dan Heath

Certain
moments—positive or not—change us. What could leaders do if they understood how
to create experiences that elevate insight, pride, and connection? The Heath
brothers have researched exactly what happens in the lightening-strike instants
that shape our lives, and explain how we can stop leaving those moments to
chance.

Leadership in Turbulent Times by Doris Kearns Goodwin

Goodwin brings her affectionately titled “guys” together in her latest volume. The goal? Identify those qualities that have helped bring great American presidents successfully through trying times. Kearns brings the best of her narrative prowess to bear to help us understand what made Lincoln, both Roosevelts, and Johnson the right people in office at the right time. (Look for an interview with Goodwin that appears in the May/June issue of NACD Directorship, landing in members’ virtual inboxes next week.)

The Fog of Data by Jason Schenker A leading futurist explains how the recent proliferation of data creates political risk, drowns out the possibility of gleaning insights amid all the noise, and ultimately has become the greatest challenge to putting information to work. In spite of it all, Schenker does see a path forward through the fog. 

The Leader’s Bookshelf by James Stavridis and R. Manning Ancell

Published
in 2017, after Stavridis spent years speaking with active and retired four-star
military officers, The Leader’s Bookshelf
was crafted as a testament to the power reading had in shaping some of our
greatest leaders. From Grant to Twain and from Tzu to Kipling, Stavridis and
Ancell’s passion project contextualizes why each of their recommendations
cultivates any leader’s understanding of what it means to wield power with
humanity.

Odysseys
of the Mind

Titans of
science fiction—films such as The Day the
Earth Stood Still and Godzilla
and the television series Star Trek—helped
earlier generations cope amid the profound, disruptive pace of change in the
twentieth century. Now, with the mainstreaming of artificial intelligence (AI),
robotics, and other technologies, it’s time to revisit the genre to make sense
of the human implications of cutting-edge technologies in this century.

Stories of Your Life and Others by Ted Chiang

Chiang came into the national conversation when this collection’s eponymous story was adapted into the 2016 film, Arrival. The Hugo Award-winning author takes the reader on a ride with a man whose intelligence has been augmented, paints a steampunk world of robots powered by mysticism, and contemplates what science will mean as a human practice once computers become more efficient than our own minds. Ready for more? A new volume of Chiang’s short stories (reviewed here by Joyce Carol Oates) landed earlier in May.

Machines Like Me: A Novel by Ian McEwan

Should we heed the primal fear that what we create will ultimately
turn against us—or itself? In a reimagined 1980s London, a love triangle develops
between Charlie Friend, the narrator; his upstairs neighbor, Miranda; and Adam,
one of the first synthetic humanoids. The acclaimed British author Ian McEwan raises
the question of whether an artificially intelligent robot can be made to
understand the human heart—and if a robot can help humanity understand the
meaning of love.

East
Meets West

History
matters. It’s there for us to learn how to avoid the mistakes others have made,
and to provide a way forward when progress is mired by indecision or some other
crisis. These stories can help you chart your business through disruption today,
and beyond.

Ghosts of Gold Mountain: The Epic Story of the Chinese Who Built the Transcontinental Railroad by Gordan H. Chang

They came
by the hundreds and when the last spike was driven into the Utah dirt, the
Chinese workers dispersed and disappeared into cities and towns around the
country. Now, 150 years later, a Stanford history professor tells the
incredible human story of how from 1865 to 1869 as many as 20,000 immigrant
Chinese laborers worked on the Central Pacific Railroad, which, when united
with the Union Pacific Railroad, connected east to west. As our nation debates
immigration policy, this is a timely reminder of who made America.

IBM: The Rise and Fall and Reinvention of a Global Icon by James W. Cortada

Before
Thomas J. Watson took the helm, IBM was a hodgepodge conglomerate without a way
forward. Cortada, a former IBM executive, explores the ups and downs of the
iconic company. While early reviews favor other chronicles of the enduring company’s
history, corporate history buffs will want to add this one to their
collection. 

Upheaval: Turning Points for Nations in Crisis by Jared Diamond

The
McArthur Fellow and UCLA professor takes a critical look at history-altering
moments of history in Japan, the former Soviet Union, Chile, Indonesia,
Germany, and Austria to tease out this question: how do nations cope? Diamond’s
latest epic spends 512 pages looking at the human elements of coping at
scale—acknowledging fault, appraising performance, and looking outward to
become better nations. 

On Inquiry and
Consensus

There
are no grounds for consensus without asking the right questions—and doing so is
a skill directors at most companies are always honing. One title looks at a
quiz-master’s path to the White House, while the other is about the art of
crafting better questions itself. 

A More Beautiful Question: The Power of Inquiry to Spark Breakthrough Ideas by Warren Berger

The author
posits that in order to get a great answer, you have to craft the perfect
question. Luckily, Berger is ready to guide readers in the right direction,
looking at the culture of questioning that has helped the likes of Google,
Netflix, and Airbnb to thrive.

Finding My Voice: My Journey to the West Wing and the Path Forward by Valerie Jarrett

Jarrett is
the longest-serving advisor to any American president, having served in the
West Wing for the full two terms of President Barack Obama. Jarrett’s personal
chronology takes readers from her birth in Iran to boarding school in western
Massachusetts, undergraduate school at Stanford, and law school at the
University of Michigan—then onward to Chicago’s City Hall, the C-suite and
boardroom and, ultimately, the White House. (An interview with Jarrett, who
spoke on May 14 at the NACD Chicago Chapter, will run in the July/August issue
of NACD Directorship.)

What will you be reading this
summer? We’d love to know. Share a recommendation by leaving a comment in the
boxes below.

NACD Director Certification—Why and How

Later this year, after more than four decades as the nation’s leader in director education, NACD will blaze a new path by launching the first-ever certification program for board members in the United States. Here’s more on why and how.

Background

NACD was founded with the
objective of equipping directors with the knowledge they need to serve with
confidence in the boardroom. Just as with every other profession, directors
benefit from best practices, research-driven education, and shared experiences.
As fiduciaries overseeing enterprises, directors need to understand both the
companies they serve and the environment around them, as well as the particular
demands of their oversight and advisory roles.

Much of that preparation comes from a director’s own career experiences, combined with the “on the job” training they will have received while serving on a particular board. But today, given the pace of change in business conditions, shifting stakeholder expectations, and the growing number of first-time directors serving on boards, external director education is needed more than ever. That is why we developed a director education framework in 2015 to provide an established foundation that underpins the content for our thought leadership and for NACD’s 300 local and national director education programs.

Why Certification?

So why are we taking director education a step further now with a certification program? Ira M. Millstein, chair of the NACD Blue Ribbon Commission on Director Professionalism, noted in his 1995 pioneering article on the “professional board” that “while we should not hear any significant calls for requiring ‘official’ director certification in the United States, many US boards will do their own certification simply through the process of selection and periodic performance reviews. They will seek competent, credible, knowledgeable candidates who are capable of, and willing to, do their homework.” 

This informal process of
board certification has worked for many years, as has our long history of
providing director education and credentialing via our Fellowship program. But
today the expectations that directors must meet or exceed are greater than when
Millstein wrote his article. As a result, we are formalizing director education
with a nationally recognized credential that will serve as a seal of approval affirming
that new directors have the knowledge, skills, and abilities needed to serve
competently on a board. While we can never certify a director for his or her
ethics, we can certify competency in a baseline body of knowledge, bolstered by
additional continuing education requirements (which incidentally do include
ethics as part of the curriculum).

Here are four reasons why
we have taken this additional step in our evolution:

Exam-based certification is a way for directors to test and prove their growing knowledge. Our 2018–2019 NACD Public Company Governance Survey showed that 69 percent of respondents said that their board dedicates resources to continuing education, and 59 percent agreed that education is “necessary for director effectiveness.” The survey showed that directors on average are already devoting 20 hours per year to learning more about their responsibilities in the boardroom, but they lack formal evidence of their knowledge and competence. By providing formal testing and certification, NACD’s certificate will provide such evidence. Our many years of building a community of directors has enabled us to create a test by directors, for directors, based on the real issues encountered by boards that seek to be effective. Furthermore, thanks to ongoing advisory and evaluation work, we have reached a point in our evolution where we understand as never before the real issues facing boards. Our Board Advisory Services has guided more than 1,000 board self-evaluations since beginning formal evaluation services in 2000, and our membership community has passed the 20,000 mark. Had we developed tests earlier in time, they may not have had the same realism as the ones we are developing now. NACD’s store of knowledge, after decades of development, is now fully comprehensive. Our two dozen Board Resource Centers on topics ranging from audit committee issues to sustainability show the breadth and depth of what directors need to know. These resource centers did not emerge overnight; they build on more than a quarter of a century of convening Blue Ribbon Commissions and conducting surveys. For decades, NACD has been convening the brightest minds in governance to create the materials supporting this credential, informed by such resources. This new certification and the rigor it provides is in many ways a culmination of this work.Last but not least, certifying directors helps us live up to our “world class” status as we participate in a global community of directors where exam-based certification is already a practice. As the newly elected chair of the Global Network of Director Institutes (GNDI), I am familiar with the practices of the 20 other members of the GNDI. Many of them already have exam-based certification, and we can learn from their experiences—both positive and negative—now as never before.

How Will It Work?

Our first step in moving
toward certification has been—in collaboration with hundreds of board members
serving on the boards of all types of companies—to develop a comprehensive
overview of the knowledge, skills, and abilities (KSAs) that are required for
corporate directors to lead with confidence in the boardroom. Next, we are
working with select members of our community of more than 20,000 members to
help create an exam that verifies those KSAs. Exam registration also comes with
a comprehensive study guide that will help certification applicants prepare for
the test. 

To provide guidance and
direction for the new certification program, NACD has formed and is leveraging
a steering committee of highly experienced corporate directors and corporate
governance practitioners that includes these distinguished individuals:

Dennis Beresford, Former Chair
of the FASB; Former Director, Fannie Mae, Kimberly Clark, and Legg-MasonMichele Hooper, Director, PPG Industries,
United Continental Holdings, and UnitedHealth GroupGlenn Hubbard, Director,
Automated Data Processing (ADP), MetLife, and BlackRock Closed-End Funds; Dean
of Columbia Business SchoolSimon Lorne, Director, Teledyne Technologies; Vice Chair and
Chief Legal Officer, Millennium Management; Former General Counsel, US
Securities and Exchange CommissionBill McNabb, Former Board Chair and CEO, Vanguard;
Director of UnitedHealth Group; Executive in Residence at the Raj & Kamla
Gupta Governance Institute, LeBow College of BusinessMyron Steele, Former Chief
Justice of the Delaware Supreme Court; Partner, Potter Anderson & Corroon
LLPDona Young, Lead Director, Foot Locker; Member of the
Supervisory Board, Aegon, NV; Director, NACD

This is an impressive
group of some of the best minds in board governance, and I am honored that they
have agreed to devote time to this historic effort.

With directors like these
on our steering committee, our members who have volunteered to inform the test
development process, and with all the leading-edge resources NACD has developed
through the years, I sincerely believe we are creating a meaningful and
effective credential for directors.

I invite you to be part of one of the most important initiatives in NACD’s history to help elevate the profession of directorship, and to advance good governance in America. Visit www.NACDonline.org/Certification to learn more. 

Overseeing Disruptive Risk? Security Ratings Can Help.

On a global basis, directors and the companies
that they oversee are facing disruptions caused by geopolitical volatility,
economic slowdown, emerging technologies, cybersecurity threats, and climate
change, among other forces. The pace of change just keeps speeding up.

It is important to note that while disruptive
risks are one among main concerns for directors, their confidence in corporate
risk management is low. As risks continue to evolve, the way corporate
directors and their organizations handle them must evolve as well. This
disconnect between may belie their low confidence in overseeing these changing
risks.

In BitSight’s newest Cyber Risk Monitor report, respect risk expert and NACD member James Lam details five recommendations for directors to manage disruptive risk within their organization. Within this list, he offers that corporate directors should “ensure board-level risk metrics and reports are effective.”

As stated in the report, one unique aspect of
disruptive risks is that they are usually very subjective and, as a result, can
be full of the influence of cognitive biases. It’s critical that organizations
have objective, independent data that allows them to both report on and
understand the state of the company’s cybersecurity. In addition to traditional
security assessment practices (like penetration tests and questionnaires, for
instance), security ratings can offer an objective, quantifiable measurement of
an organization’s security posture that the board can understand in the context
of industry, region, or competitive peer group. 

When we look at disruptive risk—particularly
cyber risks or incidents—it’s no secret that organizations are being held to significantly
higher standards of cybersecurity outcomes than ever before. Regulatory bodies,
boards, and executive teams all are driving for better oversight and
accountability regarding data breaches and cybersecurity. Companies and their
leadership are seeking to prevent the inevitable backlash from customers,
business partners, and regulators that is inevitable when a breach occurs,
demonstrating their failure to meet cybersecurity industry-wide standards of
care.

Security and risk leaders are challenged with
trying to understand what constitutes a reasonable, industry-wide standard of
care when it comes to cybersecurity performance. What was good enough yesterday
may not be today, and will almost certainly not be good enough next year. Not
to mention, the traditional approaches to cybersecurity performance metrics are
limited in scope, focus only on a point-in-time, and are subjective in nature, not
comparative.

As a result, security and risk leaders are
forced to make important decisions about their cybersecurity programs based on
an incomplete set of data. This lack of visibility and context can often result
in ineffective spending and misalignment of resources, two areas of insight
critically needed to adequately protect any organization’s security.

Using security ratings to manage security performance helps security and risk leaders, and the directors who oversee their decisions, take a risk-based, outcome-driven approach to managing the performance of their organization’s cybersecurity program. Security ratings enable broad measurement, continuous monitoring, and detailed planning and forecasting in an effort to measurably reduce cyber risk. Using the Security Rating as this baseline metric of cybersecurity program performance, security and risk leaders finally have an objective, independent, and broadly adopted key performance indicator to continuously and efficiently assess security posture, set program goals, track progress, and report meaningful information to executives and ultimately to you—the board.

Looking to learn more? Download BitSight’s latest Cyber Risk Monitor Report, prepared exclusively for directors of companies.

Avoid Three D&I Pitfalls By Strengthening the Board’s Agenda

Boards are increasingly beginning to recognize diversity and
inclusion (D&I) as an important agenda item. Why? D&I is a field of
practice that requires board oversight as management teams expand D&I programs
and investors make gender and racial equity concerns a major engagement priority.
These conversations can present a unique challenge for boards that are often
comprised of leaders who lack D&I expertise themselves and struggle to make
their own composition more diverse.

To keep pace, corporate directors need to understand how the
D&I conversation is evolving and how to avoid key pitfalls in providing
effective oversight.

An Evolving Agenda 

As corporate D&I initiatives have matured, internal priorities
have also shifted. Having successfully established the business case for diversity,
most organizations are now focused on realizing and measuring progress against
their objectives. The conversation is becoming less about the reasons why D&I
goals are important, and more about the substance of how to achieve and measure
them.  There is also an increasing
recognition that the low-hanging fruit of basic policies and procedures, while
necessary, are insufficient to achieving lasting D&I objectives.  

As a result, the role of culture and leadership are
increasingly coming into focus. 

Without a supportive culture, any improvement in the
workplace can be difficult to sustain. To unlock the potential of diversity programs,
organizations are focused on creating a more inclusive culture where each employee
has a sense of belonging. At the same time, there is a recognition that leaders,
especially the board chair and CEO, have a critical role to play in creating
and modelling that culture.

Three Pitfalls for
the Board to Avoid 

While every organization will find itself at a different level of maturity, there are a few common pitfalls boards should seek to avoid in providing effective advice and oversight to management teams.

1.Settling for “HR as PR”.  Growing evidence suggests that management teams tend to invest in well-intentioned D&I initiatives that are easy-to-measure but fail to drive meaningful outcomes.  As boards provide oversight to D&I programs this is an important risk to monitor and probe.

In a desire to establish the right tone and signal commitment to D&I, companies often invest in one-off programs like bias training that are visible with easy-to-measure outputs (e.g. number of employees trained). However, there is substantial evidence that some of the most popular practices—such as mandatory unconscious bias training—fail to have any measurable impact and may even increase bias. (Some research suggests that anti-bias messages may unintentionally back-fire when employees perceive they are being told what to think.)

In some cases, public relations (PR) might
be necessary, as many would argue was the case with Starbuck’s decision to
close 8,000 stores to conduct anti-bias training. However, easy-to-report
training programs often fail to achieve their intended effect. This is
particularly true of compliance-oriented training focused on avoiding lawsuits rather
than improving workplace culture.  

So what types of practices actually work? Evidence suggests that less flashy investments like mentoring programs, diversity committees that include employees from across the firm and of varying backgrounds, and active, intentional recruiting programs can all help improve outcomes.  Evidence also suggests that enhancements to rewards, such as same-sex domestic partner benefits and fertility benefits, can improve outcomes. Additionally, flexible work policies, supported by the right culture and environment, are increasingly important elements of the employee value proposition.

While it’s not the board’s role
to identify specific initiatives that management undertakes, the board does
play a critical role in ensuring management has a D&I strategy, establishes
clear goals, and is tracking progress against them.

To that end, boards should ask
management the following questions:

How are you measuring the effectiveness of your D&I programs?Which ones are the most and least effective, and why?

2. Not Listening to Employees. One of the biggest mistakes boards make is not asking management for a direct line of sight into employee perceptions, beyond a grievance hotline, about the company’s culture and policies.

From a risk assurance perspective, boards need to understand whether the company’s culture is a strength or a liability. Organizations with a toxic culture are, by definition, not inclusive. They also face heightened legal and reputational exposures which can hide below the surface. For example, one large transportation company is facing discrimination lawsuits and reputational harm related to poor working conditions at an acquired warehouse.

Employee perceptions are also critical to understanding the effectiveness of policies. For example, one organization found that their flex time policy—intended to support women in leadership—had very low uptake because employees were worried that taking advantage of it would harm their chances of promotion. They found that the key to uptake was resetting perceptions of the policy and making flexibility the default, rather than the exception.

Culture is critical to understanding both
risks and upside opportunities related to D&I investments. And the only way
to get a clear view into the culture is to listen to employees through surveys
or other mechanisms such as collecting feedback during annual reviews.   

To obtain better visibility into the risks
and opportunities related to culture, boards should ask management the
following questions:

Do employees perceive the workplace culture to
be inclusive?How do employee perceptions compare with
competitors’ employee perceptions? How have perceptions changed over time?

3. Leading from Behind. Traditionally, boards have delivered little oversight of human capital issues below the C-suite, focusing primarily on executive compensation and CEO succession.  That is starting to change as investors scrutinize not only D&I, but also overall human capital strategy and risks.

As a result, the scope of board oversight is expanding to broader workforce issues, including diversity. Organizations are also examining broader social risks as investors evaluate companies’ “social license” to operate and their relationships with key stakeholders and communities.   

As the scope of these
conversation broaden, boards need to examine their own experiences and
expertise. Your board may need to fill 
gaps in providing effective oversight for these risks. 

Boards also have a significant opportunity to demonstrate leadership on D&I from the boardroom. When the board and executive committee publicly champion D&I—and commit to follow through on D&I objectives, regardless of their own makeup—it has a measurable impact on key talent outcomes, including employee loyalty and effort. To be successful, D&I initiatives require advocates and accomplices in places of power, including the board.

A recent study from Russell Reynolds found that when the board and executive committee champion D&I, a number of key human capital outcomes improved. Specifically, employees reported being:

25 percent more engaged;47 percent more creative; and 43 percent more likely to stay.

Improving the inclusiveness of the workplace and changing toxic cultures has also been shown to improve the health and general wellbeing of employees, particularly women of color and others traditionally left out of corporate management.

As boards look to
provide leadership on this issue to the broader organization, they should ask
themselves the following questions: 

What can we do to improve the diversity of our
board in 2019? What new skills and experiences do we need to
provide effective oversight? Do we have an expert in D&I that can help
expose blind spots? How can we signal our commitment to D&I to
the broader organization?

We see the best boards advancing the company’s D&I
agenda by focusing on the three following priorities:

Moving Beyond “HR as PR” to Gauge Program EffectivenessFocusing on the Employee Experience (Not Just Policy and Procedure)Modeling Inclusive Leadership for the Organization

As the D&I agendas for management teams and investors
evolve, boards need to update their agenda as well.

Michael Griffin is founder and principal of Spring Pond Partners, a research boutique that helps investors and organizations evaluate culture and human capital factors at issuers and their link to performance. He is a former chief research officer at CEB (now Gartner).

The author would like to thank Rebecca Adamson, founder of First Peoples Worldwide, and Jochebed Bogunjoko, investment associate formerly at Tiedemann Advisors, for their significant contributions to this article. Any errors or omissions are the author’s own.

Sustainability Reporting: Why Boards Should Care

A recent
survey of more than 500 public company directors noted that although environmental,
social, and governance (ESG) issues are currently a relatively low priority for
many boards, most directors would like their boards to become more proactive
and enhance ESG oversight. Specifically, 53.6 percent would like their board to
improve its understanding of the company’s current levels of ESG-related
performance, and 49.8 percent would like to ensure ESG issues are strongly
linked to the company’s strategy. This growing interest is likely due to
increased shareholder activism evidenced by high-profile proxy battles over
ESG-related topics and institutional investors proactively assessing ESG
performance of companies in their portfolios.

We often hear the assertion that corporate leadership is
needed to enhance civilization’s ability to address a litany of critical social
concerns. More often executives are called on to address environmental,
economic, and social challenges, and enable the general welfare of present and
future generations. While this may be a vague assertion to some, the reality of
ESG criteria is that the concept offers powerful differentiators for screening
investments and grounds the discussion in ways that can’t be ignored in
boardrooms and C-suites.

The above research suggests that the CEO’s level of
interest is crucial for companies to progress from passive interest in ESG to
an action-oriented perspective about sustainability issues.

With that critical transition in mind, two important
developments to watch are offered.

Further evidence sustainable
investing is on the rise. Sustainable-, responsible-, and impact-investing assets have
expanded to $12 trillion in the United States, up 38 percent from $8.7 trillion
in 2016. Much of this growth is driven by asset managers considering ESG
criteria across $11.6 trillion in assets, up 44 percent from $8.1 trillion in
2016. The top issue for these asset managers and their institutional investor
clients is climate change and carbon emissions. From 2016 through the first
half of 2018, 165 institutional investors and 54 investment managers
controlling $1.8 trillion in assets under management filed
or co-filed shareholder resolutions on ESG issues.Evidence of responsible investing
emerging as a source of outperformance. A recently
released study by an asset management company noted that during the period
from 2014 to 2017, responsible investing was generally a source of
outperformance in both the Eurozone and North America. In the Eurozone, all ESG
pillars and ESG score integration displayed positive returns, with the
governance pillar dominating. In North America, ESG investing during this same
period (2014 to 2017) also displayed positive returns, although the
environmental component was the biggest winner. The study also noted that the
massive mobilization of institutional investors regarding ESG investing in
Europe has impacted demand mechanisms, with a consequent effect on prices,
thereby triggering a performance premium.

These two developments warrant close attention. The world
is changing and investors are taking notice. That alone directs equity market
focus to companies committed to sustainable performance largely because they
are demonstrating an ability to adapt to changing business realities.

In addition to the previously mentioned developments, key
factors follow for interested companies to monitor going forward.

Competitors issuing voluntary reports. As more companies report voluntarily, peers must consider whether to follow suit. The Sustainability Accounting Standards Board (SASB) provides useful examples of companies reporting in accordance with its standards to illustrate the transparency and impact of such reports on risk management, long-term performance, and brand image.US Securities and Exchange Commission (SEC) mandates. The SEC has been petitioned to standardize and mandate ESG disclosures through rulemaking. However, to date the Commission has been content to let market forces determine what issuers report.Attestation of selected sustainability information is increasing. Attestation has a long way to go in North America as it continues to lag behind the European Union in the number of externally assured reports. Voluntary use of attestation services is a key factor to watch.Pressure from activist shareholders. Pressure comes in many forms. For example, activists apply pressure on boards to change their composition and management incentives in the proxy process. They use ESG screening criteria to drive investment decisions within their portfolios. Institutional investors (e.g., BlackRock, Vanguard) are communicating pointed messages to boards and CEOs regarding the importance of ESG-related issues. It bears watching their actions closely to see if their bite matches their bark.Convergence of frameworks. Because the SASB standards are tailored specifically to U.S. companies and SEC filings, it is likely that they will continue to gain traction in the United States. But there are other frameworks in use. The SASB, Global Reporting Initiative, and International Integrated Reporting Council have announced a two-year project to collaborate on standardization of sustainability reporting frameworks, as well as on frameworks that promote further integration between nonfinancial and financial reporting. Progress on this effort to harmonize frameworks and metrics can raise the level of investor interest.Disruptive industry developments. Dutch Royal Shell’s decision to tie executive pay to carbon emissions is an example of an industry-first commitment to link incentive compensation to climate change. The automobile industry also is investing heavily in hybrid and electric cars, and its attendant effects on the oil and gas and power industries is another example of pending disruption.

Exactly how the future of sustainability reporting will
unfold remains to be seen. Voluntary reporting and submission to attestation,
coupled with pressure from activists and the convergence of global reporting
standards, will provide a powerful mix of forces that could move the meter in
many boardrooms and C-suites.

The eight key factors listed above bear monitoring by your
board going forward, as new developments could nudge boards and chief executives
toward improving the relevancy and transparency of sustainability performance
to investors.

Why Humans Are Still Security’s Weakest Link

Although security leaders may be effective at reducing the impact of cyberattacks within their own four walls, board directors should be aware that malicious insiders are still one of the top two threats, according to our research. It is a fact that serves as a timely reminder for all organizations—protect yourselves from the inside out.

According to the Accenture Ninth Annual Cost of Cybercrime Study, organizations have experienced sizable increases in phishing and social engineering attacks, up 16 percent; ransomware, up 15 percent; and stolen devices, up 13 percent in just one year. These are all areas of concern that give credibility to the argument that humans are still the weakest link when it comes to an organization’s cybersecurity defenses. And with 71 percent being vulnerable to hacking groups using spear phishing, a 55 percent spam rate, and 669 million new malware threats in the last couple of years, a momentary lapse of concentration can prove highly damaging. The prospect of 200 billion connected things by the year 2020 means this vulnerability is only going to get worse for your company and its employees.

Today, the security function is largely
centralized and its staff are often excluded when new products, services, and
processes—all of which involve some sort of cyber risk—are being developed.
This siloed approach can result in a lack of accountability across the
organization and a misplaced perception that security isn’t everyone’s
responsibility—only 16 percent of CISOs in our survey said employees are
responsible for cybersecurity today.

At a granular level, even where
organizations regularly pressure test their resilience, people can invalidate
red and blue team exercises. They may have difficulty behaving like a real
adversary, or they develop “blue team fatigue” following a constant stream of
demoralizing attacks. Worse still, they may develop unhealthy divisions and
fail to communicate effectively before, during, and after an exercise.

As a result, the board should assume the
task of holding the c-suite accountable for putting people first as a security
priority throughout the organization.

Being
Accountable

To tackle insider threats and foster a
culture of accountability, boards should ensure that CEOs rally human
resources, talent development, legal, and information technology teams to work
closely with the security office and business units. Here are five ways
directors can suggest that their organizations take on this risk from within:

  1. Train and reinforce safe behaviors. New
    work arrangements—greater use of contractors and remote work—make the need for
    employee training more urgent. Yet, training employees to think and act with
    security in mind is the most underfunded activity in cybersecurity budgets. Immersive
    communications and gamified learning can create sustained behavior change that
    could drive greater security.
  2. Build cybersecurity champions.
    Cybersecurity champions can not only act as advocates for security across the
    organization, they can also provide feedback to the central team on the
    effectiveness of security programs. As with many other facets of culture, the
    board can lead the way by becoming cybersecurity champions.
  3. Reward “security-first” behaviors. In
    our survey, only 41 percent of companies indicated that they offer incentives
    for business leaders who are committed to cybersecurity. Rewards are one tool
    that boards can use to stimulate the desired cybersecurity hygiene behaviors
    throughout the organization.
  4. Maintain strong defenses. As well
    as standard data protection techniques such as encryption and rights management,
    user and entity behavior analytics (UEBA) systems can flag suspicious employee
    activity, such as unusual file transfers that could indicate criminal intent.
    Ask about whether or not the security team has these practices in place.
  5. Help people be prepared. Suggest that
    the security team become ready by running and testing for end-to-end
    effectiveness. Their practice should be monitoring activity continuously and
    vigilantly, using sophisticated techniques such as micro-segmentation for
    access control—keep the sensitive safe to achieve damage limitation in the
    event of a breach.

Creating
Security-first People

People are often unaware of cybersecurity threats, think they’re already protected by existing procedures, or underestimate the repercussions of a security breach. And while there is no single behavior that keeps people secure online, the vulnerabilities posed by humans can be effectively addressed.

Accenture has developed a Human
Vulnerability Assessment—a diagnostic tool based on a data-centric approach. It
identifies the highest priority areas to help people stay safe, the immediate
actions and interventions needed to improve their weaknesses, and offers
benchmarks to make comparisons across industries or geographies.

If you expect to fully protect your
high-value assets, keep “the people dimension” in mind.  When security behaviors are better monitored
and managed, people can be part of the solution, not the problem. 

Bob Kress is a managing director at Accenture Security where he is the co-chief operating officer and the global lead for quality and risk.