NACD Director Certification—Why and How

Later this year, after more than four decades as the nation’s leader in director education, NACD will blaze a new path by launching the first-ever certification program for board members in the United States. Here’s more on why and how.


NACD was founded with the
objective of equipping directors with the knowledge they need to serve with
confidence in the boardroom. Just as with every other profession, directors
benefit from best practices, research-driven education, and shared experiences.
As fiduciaries overseeing enterprises, directors need to understand both the
companies they serve and the environment around them, as well as the particular
demands of their oversight and advisory roles.

Much of that preparation comes from a director’s own career experiences, combined with the “on the job” training they will have received while serving on a particular board. But today, given the pace of change in business conditions, shifting stakeholder expectations, and the growing number of first-time directors serving on boards, external director education is needed more than ever. That is why we developed a director education framework in 2015 to provide an established foundation that underpins the content for our thought leadership and for NACD’s 300 local and national director education programs.

Why Certification?

So why are we taking director education a step further now with a certification program? Ira M. Millstein, chair of the NACD Blue Ribbon Commission on Director Professionalism, noted in his 1995 pioneering article on the “professional board” that “while we should not hear any significant calls for requiring ‘official’ director certification in the United States, many US boards will do their own certification simply through the process of selection and periodic performance reviews. They will seek competent, credible, knowledgeable candidates who are capable of, and willing to, do their homework.” 

This informal process of
board certification has worked for many years, as has our long history of
providing director education and credentialing via our Fellowship program. But
today the expectations that directors must meet or exceed are greater than when
Millstein wrote his article. As a result, we are formalizing director education
with a nationally recognized credential that will serve as a seal of approval affirming
that new directors have the knowledge, skills, and abilities needed to serve
competently on a board. While we can never certify a director for his or her
ethics, we can certify competency in a baseline body of knowledge, bolstered by
additional continuing education requirements (which incidentally do include
ethics as part of the curriculum).

Here are four reasons why
we have taken this additional step in our evolution:

Exam-based certification is a way for directors to test and prove their growing knowledge. Our 2018–2019 NACD Public Company Governance Survey showed that 69 percent of respondents said that their board dedicates resources to continuing education, and 59 percent agreed that education is “necessary for director effectiveness.” The survey showed that directors on average are already devoting 20 hours per year to learning more about their responsibilities in the boardroom, but they lack formal evidence of their knowledge and competence. By providing formal testing and certification, NACD’s certificate will provide such evidence. Our many years of building a community of directors has enabled us to create a test by directors, for directors, based on the real issues encountered by boards that seek to be effective. Furthermore, thanks to ongoing advisory and evaluation work, we have reached a point in our evolution where we understand as never before the real issues facing boards. Our Board Advisory Services has guided more than 1,000 board self-evaluations since beginning formal evaluation services in 2000, and our membership community has passed the 20,000 mark. Had we developed tests earlier in time, they may not have had the same realism as the ones we are developing now. NACD’s store of knowledge, after decades of development, is now fully comprehensive. Our two dozen Board Resource Centers on topics ranging from audit committee issues to sustainability show the breadth and depth of what directors need to know. These resource centers did not emerge overnight; they build on more than a quarter of a century of convening Blue Ribbon Commissions and conducting surveys. For decades, NACD has been convening the brightest minds in governance to create the materials supporting this credential, informed by such resources. This new certification and the rigor it provides is in many ways a culmination of this work.Last but not least, certifying directors helps us live up to our “world class” status as we participate in a global community of directors where exam-based certification is already a practice. As the newly elected chair of the Global Network of Director Institutes (GNDI), I am familiar with the practices of the 20 other members of the GNDI. Many of them already have exam-based certification, and we can learn from their experiences—both positive and negative—now as never before.

How Will It Work?

Our first step in moving
toward certification has been—in collaboration with hundreds of board members
serving on the boards of all types of companies—to develop a comprehensive
overview of the knowledge, skills, and abilities (KSAs) that are required for
corporate directors to lead with confidence in the boardroom. Next, we are
working with select members of our community of more than 20,000 members to
help create an exam that verifies those KSAs. Exam registration also comes with
a comprehensive study guide that will help certification applicants prepare for
the test. 

To provide guidance and
direction for the new certification program, NACD has formed and is leveraging
a steering committee of highly experienced corporate directors and corporate
governance practitioners that includes these distinguished individuals:

Dennis Beresford, Former Chair
of the FASB; Former Director, Fannie Mae, Kimberly Clark, and Legg-MasonMichele Hooper, Director, PPG Industries,
United Continental Holdings, and UnitedHealth GroupGlenn Hubbard, Director,
Automated Data Processing (ADP), MetLife, and BlackRock Closed-End Funds; Dean
of Columbia Business SchoolSimon Lorne, Director, Teledyne Technologies; Vice Chair and
Chief Legal Officer, Millennium Management; Former General Counsel, US
Securities and Exchange CommissionBill McNabb, Former Board Chair and CEO, Vanguard;
Director of UnitedHealth Group; Executive in Residence at the Raj & Kamla
Gupta Governance Institute, LeBow College of BusinessMyron Steele, Former Chief
Justice of the Delaware Supreme Court; Partner, Potter Anderson & Corroon
LLPDona Young, Lead Director, Foot Locker; Member of the
Supervisory Board, Aegon, NV; Director, NACD

This is an impressive
group of some of the best minds in board governance, and I am honored that they
have agreed to devote time to this historic effort.

With directors like these
on our steering committee, our members who have volunteered to inform the test
development process, and with all the leading-edge resources NACD has developed
through the years, I sincerely believe we are creating a meaningful and
effective credential for directors.

I invite you to be part of one of the most important initiatives in NACD’s history to help elevate the profession of directorship, and to advance good governance in America. Visit to learn more. 

Overseeing Disruptive Risk? Security Ratings Can Help.

On a global basis, directors and the companies
that they oversee are facing disruptions caused by geopolitical volatility,
economic slowdown, emerging technologies, cybersecurity threats, and climate
change, among other forces. The pace of change just keeps speeding up.

It is important to note that while disruptive
risks are one among main concerns for directors, their confidence in corporate
risk management is low. As risks continue to evolve, the way corporate
directors and their organizations handle them must evolve as well. This
disconnect between may belie their low confidence in overseeing these changing

In BitSight’s newest Cyber Risk Monitor report, respect risk expert and NACD member James Lam details five recommendations for directors to manage disruptive risk within their organization. Within this list, he offers that corporate directors should “ensure board-level risk metrics and reports are effective.”

As stated in the report, one unique aspect of
disruptive risks is that they are usually very subjective and, as a result, can
be full of the influence of cognitive biases. It’s critical that organizations
have objective, independent data that allows them to both report on and
understand the state of the company’s cybersecurity. In addition to traditional
security assessment practices (like penetration tests and questionnaires, for
instance), security ratings can offer an objective, quantifiable measurement of
an organization’s security posture that the board can understand in the context
of industry, region, or competitive peer group. 

When we look at disruptive risk—particularly
cyber risks or incidents—it’s no secret that organizations are being held to significantly
higher standards of cybersecurity outcomes than ever before. Regulatory bodies,
boards, and executive teams all are driving for better oversight and
accountability regarding data breaches and cybersecurity. Companies and their
leadership are seeking to prevent the inevitable backlash from customers,
business partners, and regulators that is inevitable when a breach occurs,
demonstrating their failure to meet cybersecurity industry-wide standards of

Security and risk leaders are challenged with
trying to understand what constitutes a reasonable, industry-wide standard of
care when it comes to cybersecurity performance. What was good enough yesterday
may not be today, and will almost certainly not be good enough next year. Not
to mention, the traditional approaches to cybersecurity performance metrics are
limited in scope, focus only on a point-in-time, and are subjective in nature, not

As a result, security and risk leaders are
forced to make important decisions about their cybersecurity programs based on
an incomplete set of data. This lack of visibility and context can often result
in ineffective spending and misalignment of resources, two areas of insight
critically needed to adequately protect any organization’s security.

Using security ratings to manage security performance helps security and risk leaders, and the directors who oversee their decisions, take a risk-based, outcome-driven approach to managing the performance of their organization’s cybersecurity program. Security ratings enable broad measurement, continuous monitoring, and detailed planning and forecasting in an effort to measurably reduce cyber risk. Using the Security Rating as this baseline metric of cybersecurity program performance, security and risk leaders finally have an objective, independent, and broadly adopted key performance indicator to continuously and efficiently assess security posture, set program goals, track progress, and report meaningful information to executives and ultimately to you—the board.

Looking to learn more? Download BitSight’s latest Cyber Risk Monitor Report, prepared exclusively for directors of companies.

Avoid Three D&I Pitfalls By Strengthening the Board’s Agenda

Boards are increasingly beginning to recognize diversity and
inclusion (D&I) as an important agenda item. Why? D&I is a field of
practice that requires board oversight as management teams expand D&I programs
and investors make gender and racial equity concerns a major engagement priority.
These conversations can present a unique challenge for boards that are often
comprised of leaders who lack D&I expertise themselves and struggle to make
their own composition more diverse.

To keep pace, corporate directors need to understand how the
D&I conversation is evolving and how to avoid key pitfalls in providing
effective oversight.

An Evolving Agenda 

As corporate D&I initiatives have matured, internal priorities
have also shifted. Having successfully established the business case for diversity,
most organizations are now focused on realizing and measuring progress against
their objectives. The conversation is becoming less about the reasons why D&I
goals are important, and more about the substance of how to achieve and measure
them.  There is also an increasing
recognition that the low-hanging fruit of basic policies and procedures, while
necessary, are insufficient to achieving lasting D&I objectives.  

As a result, the role of culture and leadership are
increasingly coming into focus. 

Without a supportive culture, any improvement in the
workplace can be difficult to sustain. To unlock the potential of diversity programs,
organizations are focused on creating a more inclusive culture where each employee
has a sense of belonging. At the same time, there is a recognition that leaders,
especially the board chair and CEO, have a critical role to play in creating
and modelling that culture.

Three Pitfalls for
the Board to Avoid 

While every organization will find itself at a different level of maturity, there are a few common pitfalls boards should seek to avoid in providing effective advice and oversight to management teams.

1.Settling for “HR as PR”.  Growing evidence suggests that management teams tend to invest in well-intentioned D&I initiatives that are easy-to-measure but fail to drive meaningful outcomes.  As boards provide oversight to D&I programs this is an important risk to monitor and probe.

In a desire to establish the right tone and signal commitment to D&I, companies often invest in one-off programs like bias training that are visible with easy-to-measure outputs (e.g. number of employees trained). However, there is substantial evidence that some of the most popular practices—such as mandatory unconscious bias training—fail to have any measurable impact and may even increase bias. (Some research suggests that anti-bias messages may unintentionally back-fire when employees perceive they are being told what to think.)

In some cases, public relations (PR) might
be necessary, as many would argue was the case with Starbuck’s decision to
close 8,000 stores to conduct anti-bias training. However, easy-to-report
training programs often fail to achieve their intended effect. This is
particularly true of compliance-oriented training focused on avoiding lawsuits rather
than improving workplace culture.  

So what types of practices actually work? Evidence suggests that less flashy investments like mentoring programs, diversity committees that include employees from across the firm and of varying backgrounds, and active, intentional recruiting programs can all help improve outcomes.  Evidence also suggests that enhancements to rewards, such as same-sex domestic partner benefits and fertility benefits, can improve outcomes. Additionally, flexible work policies, supported by the right culture and environment, are increasingly important elements of the employee value proposition.

While it’s not the board’s role
to identify specific initiatives that management undertakes, the board does
play a critical role in ensuring management has a D&I strategy, establishes
clear goals, and is tracking progress against them.

To that end, boards should ask
management the following questions:

How are you measuring the effectiveness of your D&I programs?Which ones are the most and least effective, and why?

2. Not Listening to Employees. One of the biggest mistakes boards make is not asking management for a direct line of sight into employee perceptions, beyond a grievance hotline, about the company’s culture and policies.

From a risk assurance perspective, boards need to understand whether the company’s culture is a strength or a liability. Organizations with a toxic culture are, by definition, not inclusive. They also face heightened legal and reputational exposures which can hide below the surface. For example, one large transportation company is facing discrimination lawsuits and reputational harm related to poor working conditions at an acquired warehouse.

Employee perceptions are also critical to understanding the effectiveness of policies. For example, one organization found that their flex time policy—intended to support women in leadership—had very low uptake because employees were worried that taking advantage of it would harm their chances of promotion. They found that the key to uptake was resetting perceptions of the policy and making flexibility the default, rather than the exception.

Culture is critical to understanding both
risks and upside opportunities related to D&I investments. And the only way
to get a clear view into the culture is to listen to employees through surveys
or other mechanisms such as collecting feedback during annual reviews.   

To obtain better visibility into the risks
and opportunities related to culture, boards should ask management the
following questions:

Do employees perceive the workplace culture to
be inclusive?How do employee perceptions compare with
competitors’ employee perceptions? How have perceptions changed over time?

3. Leading from Behind. Traditionally, boards have delivered little oversight of human capital issues below the C-suite, focusing primarily on executive compensation and CEO succession.  That is starting to change as investors scrutinize not only D&I, but also overall human capital strategy and risks.

As a result, the scope of board oversight is expanding to broader workforce issues, including diversity. Organizations are also examining broader social risks as investors evaluate companies’ “social license” to operate and their relationships with key stakeholders and communities.   

As the scope of these
conversation broaden, boards need to examine their own experiences and
expertise. Your board may need to fill 
gaps in providing effective oversight for these risks. 

Boards also have a significant opportunity to demonstrate leadership on D&I from the boardroom. When the board and executive committee publicly champion D&I—and commit to follow through on D&I objectives, regardless of their own makeup—it has a measurable impact on key talent outcomes, including employee loyalty and effort. To be successful, D&I initiatives require advocates and accomplices in places of power, including the board.

A recent study from Russell Reynolds found that when the board and executive committee champion D&I, a number of key human capital outcomes improved. Specifically, employees reported being:

25 percent more engaged;47 percent more creative; and 43 percent more likely to stay.

Improving the inclusiveness of the workplace and changing toxic cultures has also been shown to improve the health and general wellbeing of employees, particularly women of color and others traditionally left out of corporate management.

As boards look to
provide leadership on this issue to the broader organization, they should ask
themselves the following questions: 

What can we do to improve the diversity of our
board in 2019? What new skills and experiences do we need to
provide effective oversight? Do we have an expert in D&I that can help
expose blind spots? How can we signal our commitment to D&I to
the broader organization?

We see the best boards advancing the company’s D&I
agenda by focusing on the three following priorities:

Moving Beyond “HR as PR” to Gauge Program EffectivenessFocusing on the Employee Experience (Not Just Policy and Procedure)Modeling Inclusive Leadership for the Organization

As the D&I agendas for management teams and investors
evolve, boards need to update their agenda as well.

Michael Griffin is founder and principal of Spring Pond Partners, a research boutique that helps investors and organizations evaluate culture and human capital factors at issuers and their link to performance. He is a former chief research officer at CEB (now Gartner).

The author would like to thank Rebecca Adamson, founder of First Peoples Worldwide, and Jochebed Bogunjoko, investment associate formerly at Tiedemann Advisors, for their significant contributions to this article. Any errors or omissions are the author’s own.

Sustainability Reporting: Why Boards Should Care

A recent
survey of more than 500 public company directors noted that although environmental,
social, and governance (ESG) issues are currently a relatively low priority for
many boards, most directors would like their boards to become more proactive
and enhance ESG oversight. Specifically, 53.6 percent would like their board to
improve its understanding of the company’s current levels of ESG-related
performance, and 49.8 percent would like to ensure ESG issues are strongly
linked to the company’s strategy. This growing interest is likely due to
increased shareholder activism evidenced by high-profile proxy battles over
ESG-related topics and institutional investors proactively assessing ESG
performance of companies in their portfolios.

We often hear the assertion that corporate leadership is
needed to enhance civilization’s ability to address a litany of critical social
concerns. More often executives are called on to address environmental,
economic, and social challenges, and enable the general welfare of present and
future generations. While this may be a vague assertion to some, the reality of
ESG criteria is that the concept offers powerful differentiators for screening
investments and grounds the discussion in ways that can’t be ignored in
boardrooms and C-suites.

The above research suggests that the CEO’s level of
interest is crucial for companies to progress from passive interest in ESG to
an action-oriented perspective about sustainability issues.

With that critical transition in mind, two important
developments to watch are offered.

Further evidence sustainable
investing is on the rise. Sustainable-, responsible-, and impact-investing assets have
expanded to $12 trillion in the United States, up 38 percent from $8.7 trillion
in 2016. Much of this growth is driven by asset managers considering ESG
criteria across $11.6 trillion in assets, up 44 percent from $8.1 trillion in
2016. The top issue for these asset managers and their institutional investor
clients is climate change and carbon emissions. From 2016 through the first
half of 2018, 165 institutional investors and 54 investment managers
controlling $1.8 trillion in assets under management filed
or co-filed shareholder resolutions on ESG issues.Evidence of responsible investing
emerging as a source of outperformance. A recently
released study by an asset management company noted that during the period
from 2014 to 2017, responsible investing was generally a source of
outperformance in both the Eurozone and North America. In the Eurozone, all ESG
pillars and ESG score integration displayed positive returns, with the
governance pillar dominating. In North America, ESG investing during this same
period (2014 to 2017) also displayed positive returns, although the
environmental component was the biggest winner. The study also noted that the
massive mobilization of institutional investors regarding ESG investing in
Europe has impacted demand mechanisms, with a consequent effect on prices,
thereby triggering a performance premium.

These two developments warrant close attention. The world
is changing and investors are taking notice. That alone directs equity market
focus to companies committed to sustainable performance largely because they
are demonstrating an ability to adapt to changing business realities.

In addition to the previously mentioned developments, key
factors follow for interested companies to monitor going forward.

Competitors issuing voluntary reports. As more companies report voluntarily, peers must consider whether to follow suit. The Sustainability Accounting Standards Board (SASB) provides useful examples of companies reporting in accordance with its standards to illustrate the transparency and impact of such reports on risk management, long-term performance, and brand image.US Securities and Exchange Commission (SEC) mandates. The SEC has been petitioned to standardize and mandate ESG disclosures through rulemaking. However, to date the Commission has been content to let market forces determine what issuers report.Attestation of selected sustainability information is increasing. Attestation has a long way to go in North America as it continues to lag behind the European Union in the number of externally assured reports. Voluntary use of attestation services is a key factor to watch.Pressure from activist shareholders. Pressure comes in many forms. For example, activists apply pressure on boards to change their composition and management incentives in the proxy process. They use ESG screening criteria to drive investment decisions within their portfolios. Institutional investors (e.g., BlackRock, Vanguard) are communicating pointed messages to boards and CEOs regarding the importance of ESG-related issues. It bears watching their actions closely to see if their bite matches their bark.Convergence of frameworks. Because the SASB standards are tailored specifically to U.S. companies and SEC filings, it is likely that they will continue to gain traction in the United States. But there are other frameworks in use. The SASB, Global Reporting Initiative, and International Integrated Reporting Council have announced a two-year project to collaborate on standardization of sustainability reporting frameworks, as well as on frameworks that promote further integration between nonfinancial and financial reporting. Progress on this effort to harmonize frameworks and metrics can raise the level of investor interest.Disruptive industry developments. Dutch Royal Shell’s decision to tie executive pay to carbon emissions is an example of an industry-first commitment to link incentive compensation to climate change. The automobile industry also is investing heavily in hybrid and electric cars, and its attendant effects on the oil and gas and power industries is another example of pending disruption.

Exactly how the future of sustainability reporting will
unfold remains to be seen. Voluntary reporting and submission to attestation,
coupled with pressure from activists and the convergence of global reporting
standards, will provide a powerful mix of forces that could move the meter in
many boardrooms and C-suites.

The eight key factors listed above bear monitoring by your
board going forward, as new developments could nudge boards and chief executives
toward improving the relevancy and transparency of sustainability performance
to investors.

Stop Ignoring This Abundant Supply of Hardworking Employees!

As a member of a local executive networking group, a frequent topic in our meetings is the lack of quality, hardworking employees.  Due to the strong job market, it is becoming increasingly difficult to find employees with the appropriate qualifications for a position, and once that match is found, employers tend to hope productivity follows.  The one demographic my peers tend to overlook while hunting for the perfect candidate is the mature workforce.

Mature workers make up some of the most highly educated, extremely productive employees and come from one of the highest achieving workforces in history.  At Career Partners International (CPI) we work with thousands of highly qualified, motivated, and experienced workers every year.  In today’s employment market, older workers are still interested in contributing to the workplace.  Many of these workers still want to, and even need to work for years to come.

Technology and workplace skills are evolving at a faster pace than ever before.  Most every community has developed educational programs and training to help this group of workers refine their skills, add new skills, and in some cases totally change their existing skill sets.  Both traditional and emerging fields of education are available to reposition this group for a renewed impact in the workforce.  CPI offers a variety of training programs to improve candidates’ skills to better fit the modern workplace.  No longer is a long resume a reason to think a potential candidate’s skillset is obsolete.

Never forget that no matter what age or generation a worker was raised in, it is only when one stops stop learning, unlearning, and relearning that an employee becomes unemployable or undesirable in the workforce. Many mature employees have worked hard to keep their superior skills on the upswing. Retooling their skills through continuing education and training has become a priority for many of these workers.  While some retooling may be arduous, often these shifts come naturally and the path to do so simply needs to be highlighted by a good coach or mentor.  Relearning and discovering new ways of working builds on a strong foundation of decades of experience.

As businesses continue to face new challenges and opportunities, we must count on hiring back this generation to address escalating talent shortages.  This hardworking generation has the desire, ability, and means to combine their drive and experience with new forms of learning to stay relevant.  To keep our businesses competitive and economically strong we must harness the potential of all talent available to us, both new and practiced.  With the recent launch of CPI EmployerConnect™ employers can more easily find these hardworking candidates.  Employers can and should look to bring back seasoned, wise, and reliable workers for the challenges in today’s workplace.


Written by Travis Jones, CEO of Career Development Partners, a CPI Firm

The post Stop Ignoring This Abundant Supply of Hardworking Employees! appeared first on CPIWorld.

Why Humans Are Still Security’s Weakest Link

Although security leaders may be effective at reducing the impact of cyberattacks within their own four walls, board directors should be aware that malicious insiders are still one of the top two threats, according to our research. It is a fact that serves as a timely reminder for all organizations—protect yourselves from the inside out.

According to the Accenture Ninth Annual Cost of Cybercrime Study, organizations have experienced sizable increases in phishing and social engineering attacks, up 16 percent; ransomware, up 15 percent; and stolen devices, up 13 percent in just one year. These are all areas of concern that give credibility to the argument that humans are still the weakest link when it comes to an organization’s cybersecurity defenses. And with 71 percent being vulnerable to hacking groups using spear phishing, a 55 percent spam rate, and 669 million new malware threats in the last couple of years, a momentary lapse of concentration can prove highly damaging. The prospect of 200 billion connected things by the year 2020 means this vulnerability is only going to get worse for your company and its employees.

Today, the security function is largely
centralized and its staff are often excluded when new products, services, and
processes—all of which involve some sort of cyber risk—are being developed.
This siloed approach can result in a lack of accountability across the
organization and a misplaced perception that security isn’t everyone’s
responsibility—only 16 percent of CISOs in our survey said employees are
responsible for cybersecurity today.

At a granular level, even where
organizations regularly pressure test their resilience, people can invalidate
red and blue team exercises. They may have difficulty behaving like a real
adversary, or they develop “blue team fatigue” following a constant stream of
demoralizing attacks. Worse still, they may develop unhealthy divisions and
fail to communicate effectively before, during, and after an exercise.

As a result, the board should assume the
task of holding the c-suite accountable for putting people first as a security
priority throughout the organization.


To tackle insider threats and foster a
culture of accountability, boards should ensure that CEOs rally human
resources, talent development, legal, and information technology teams to work
closely with the security office and business units. Here are five ways
directors can suggest that their organizations take on this risk from within:

  1. Train and reinforce safe behaviors. New
    work arrangements—greater use of contractors and remote work—make the need for
    employee training more urgent. Yet, training employees to think and act with
    security in mind is the most underfunded activity in cybersecurity budgets. Immersive
    communications and gamified learning can create sustained behavior change that
    could drive greater security.
  2. Build cybersecurity champions.
    Cybersecurity champions can not only act as advocates for security across the
    organization, they can also provide feedback to the central team on the
    effectiveness of security programs. As with many other facets of culture, the
    board can lead the way by becoming cybersecurity champions.
  3. Reward “security-first” behaviors. In
    our survey, only 41 percent of companies indicated that they offer incentives
    for business leaders who are committed to cybersecurity. Rewards are one tool
    that boards can use to stimulate the desired cybersecurity hygiene behaviors
    throughout the organization.
  4. Maintain strong defenses. As well
    as standard data protection techniques such as encryption and rights management,
    user and entity behavior analytics (UEBA) systems can flag suspicious employee
    activity, such as unusual file transfers that could indicate criminal intent.
    Ask about whether or not the security team has these practices in place.
  5. Help people be prepared. Suggest that
    the security team become ready by running and testing for end-to-end
    effectiveness. Their practice should be monitoring activity continuously and
    vigilantly, using sophisticated techniques such as micro-segmentation for
    access control—keep the sensitive safe to achieve damage limitation in the
    event of a breach.

Security-first People

People are often unaware of cybersecurity threats, think they’re already protected by existing procedures, or underestimate the repercussions of a security breach. And while there is no single behavior that keeps people secure online, the vulnerabilities posed by humans can be effectively addressed.

Accenture has developed a Human
Vulnerability Assessment—a diagnostic tool based on a data-centric approach. It
identifies the highest priority areas to help people stay safe, the immediate
actions and interventions needed to improve their weaknesses, and offers
benchmarks to make comparisons across industries or geographies.

If you expect to fully protect your
high-value assets, keep “the people dimension” in mind.  When security behaviors are better monitored
and managed, people can be part of the solution, not the problem. 

Bob Kress is a managing director at Accenture Security where he is the co-chief operating officer and the global lead for quality and risk.

Investors Sound Alarm Bells On Climate. Are You Listening?

Let’s add the World Economic Forum to the list of organizations sounding a clarion call on climate change. Their recent risks report identifies climate change as one of the most severe risks that the world faces, and warns, “it is in relation to the environment that the world is most clearly sleepwalking into catastrophe.”

Investors heard the wake-up calls
early, and have been raising the alarm with companies. Over the past
decade, we have seen rapid growth in shareholder engagement on environmental,
social, and governance (ESG) issues in general, and on climate change in

One of the most important tools that investors have for engaging with companies on these issues is shareholder resolutions. In 2017 alone, investors filed a record 175 proposals on climate change with U.S. and non-U.S companies, with many of them receiving record-high voting support.

It is important to keep in mind that
investor attention to climate change is not motivated by social good or
altruism. As the owners of companies, investors, particularly long-term
investors, have a financial interest in ensuring that the board and management
can maintain corporate resiliency and build long-term value.

Shareholders file climate-related resolutions
for economic reasons. They want to be sure company executives and their boards
are doing all that they can to prepare for climate-related business and
economic disruptions, including operational impacts, regulatory shifts, supply
chain ripples, and potential reputation risks. By digging in and engaging on
these questions, investors are looking for climate-resilient strategies that
strengthen corporate performance and value creation.

Non-binding shareholder resolutions are hardly a new tool. In place for nearly a century under the U.S. Securities and Exchange Commission (SEC) Rule 14a-8, the process allows qualifying investors to submit resolutions that can be voted on by all company shareholders. It is a constructive, low-cost way for investors of all sizes to engage with company management and boards in a transparent way.

Unfortunately, this process is under
attack by interest groups painting these resolutions as driven by
investors with political agendas. We believe that this is incorrect, as it
implies that investors who file these resolutions are fringe or minor players.

In fact, Wall Street icons such as
BlackRock, State Street Corp., Fidelity Investments, Vanguard, and other large
institutional investors are among those who consistently support climate
resolutions. Collectively, these institutions manage over $16 trillion in

Additionally, from our perspective, to
say that climate resolutions are politically motivated is also untrue. While
climate change has unfortunately been politicized in this country, the business
and financial risks that it poses to corporate value are very real—and material.

Look no further than the recent National Climate Assessment showing that climate change is already impacting all parts of the United States. This report, which was developed based on contributions by 13 federal agencies, predicts that if significant steps are not taken to mitigate climate warming, the damage could shrink the country’s gross domestic product by as much as 10 percent by century’s end. That’s more than double the losses from the Great Recession a decade ago.

The business impacts are clear: In 2017, 73 companies on the S&P 500 publicly disclosed a material effect on earnings from extreme weather events, and 90 percent felt the effect was negative. Supply chain disruptions due to climate risk have increased 29 percent since 2012 according to Dow Jones.

In addition, the business case for proactive focus on climate and broader ESG issues is also strong. Academic and investment research—including studies by Bank of America Corp., Morgan Stanley, and JP Morgan—show that serious corporate attention to climate and ESG issues delivers higher stock returns, incurs lower capital costs, and lowers volatility risks.

So what should companies and boards
do when faced with investors who are looking to engage with them, including
through the shareholder resolution process, on climate change?

Previously, we wrote about the responsibility of the board to oversee material climate change risks and opportunities. The following suggestions build on those made in a previous article. 

  1. Engage. Research has consistently shown that boards and management make the best decisions when considering multiple perspectives. Rather than hesitate in the face of investors who are looking to engage on climate change, boards should remember that as owners of the company, investors, have an equal interest in the financial wellbeing of the enterprise, and have an important point of view to bring to the table. The sheer act of dialogue could serve to provide valuable information to boards and management and, importantly, generates goodwill. Ceres’ report Lead from the Top notes that shareholder engagement on climate and ESG is an important step to helping the board build its own fluency in these issues.
  • Disclose. Our economy and capital markets work best when companies engage in robust disclosure. Company management and their boards have critical roles in helping their companies provide the kind of climate risk disclosure that investors are requesting in shareholder resolutions. Frameworks like the recommendations from the Task Force on Climate Related Financial Disclosures (TCFD) provide an important starting point.

By partnering and engaging with
investors, boards can help ensure that companies are more resilient, prepared,
and profitable in navigating fast-changing global risks.

And being prepared is a win-win for

Mindy Lubber is the CEO and president of Ceres. Veena Ramani is the senior director for capital market systems program at Ceres. Ceres is a sustainability nonprofit organization working with the most influential investors and companies to build leadership and drive solutions throughout the economy.